Bug 727282 – glib-networking with --without-ca-certificates is broken.

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 727282 - glib-networking with --without-ca-certificates is broken.


Summary:	glib-networking with --without-ca-certificates is broken.


Status:	RESOLVED FIXED

Product:	glib
Classification:	Platform
Component:	network
Version:	2.40.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkdev
QA Contact:	gtkdev

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2014-03-29 04:20 UTC by Olivier Crête
Modified:	2014-03-31 20:28 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
gtlsfiledatabase-gnutls: Succeed even without an anchor file (1.29 KB, patch) 2014-03-29 04:20 UTC, Olivier Crête	reviewed	Details \| Review
configure: Don't print a warning if the global CA anchor file is disabled (1011 bytes, patch) 2014-03-29 04:26 UTC, Olivier Crête	accepted-commit_now	Details \| Review

Description Olivier Crête 2014-03-29 04:20:09 UTC

Created attachment 273210 [details] [review]
gtlsfiledatabase-gnutls: Succeed even without an anchor file

Attached patch fixes it, otherwise no default database is created.

Comment 1 Olivier Crête 2014-03-29 04:26:23 UTC

Created attachment 273211 [details] [review]
configure: Don't print a warning if the global CA anchor file is disabled

Comment 2 Dan Winship 2014-03-30 16:07:49 UTC

Comment on attachment 273211 [details] [review]
configure: Don't print a warning if the global CA anchor file is disabled

>+    if test "x$with_ca_certificates" != xno -a -n "$with_ca_certificates"; then

Make that: if test "$with_ca_certificates" != "no"
for consistency with the rest of the file.

otherwise ok for both master and glib-2-40

Comment 3 Dan Winship 2014-03-30 16:09:59 UTC

Comment on attachment 273210 [details] [review]
gtlsfiledatabase-gnutls: Succeed even without an anchor file

So, the behavior with this patch is that you get a default database, but it has no anchors and so it rejects all certificates, right?

If so, then go ahead and commit it.

Comment 4 Olivier Crête 2014-03-30 16:29:01 UTC

Yes, that's the behaviour, it up to the application then to create a database.

Comment 5 Olivier Crête 2014-03-31 20:28:10 UTC

Pushed to master:

commit 930b8a47a60fa97e53b26de56888e4d63283cc6f
Author: Olivier Crête <olivier.crete@collabora.com>
Date:   Sat Mar 29 00:25:41 2014 -0400

    configure: Don't print a warning if the global CA anchor file is disabled
    
    https://bugzilla.gnome.org/show_bug.cgi?id=727282

commit a21822d1575a705590557d6ea2b11f54181a3a10
Author: Olivier Crête <olivier.crete@collabora.com>
Date:   Sat Mar 29 00:17:03 2014 -0400

    gtlsfiledatabase-gnutls: Succeed even without an anchor file
    
    This way, it will produce an empty default database. Otherwise, there
    will be no default database and that shoud always succeed.
    


and glib-2-40

commit fbfd53fcce7eda16bfd25f8ed9c583f561ca50c2
Author: Olivier Crête <olivier.crete@collabora.com>
Date:   Sat Mar 29 00:25:41 2014 -0400

    configure: Don't print a warning if the global CA anchor file is disabled
    
    https://bugzilla.gnome.org/show_bug.cgi?id=727282

commit 65a1e34394cc9a6a50076eb58607cedc04fc16ef
Author: Olivier Crête <olivier.crete@collabora.com>
Date:   Sat Mar 29 00:17:03 2014 -0400

    gtlsfiledatabase-gnutls: Succeed even without an anchor file
    
    This way, it will produce an empty default database. Otherwise, there
    will be no default database and that shoud always succeed.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=727282