File libgdata-validate-ssl-cert.patch of Package libgdata

From 8eff8fa9138859e03e58c2aa76600ab63eb5c29c Mon Sep 17 00:00:00 2001
From: Philip Withnall <philip@tecnocode.co.uk>
Date: Thu, 08 Mar 2012 00:09:08 +0000
Subject: core: Validate SSL certificates for all connections

This prevents MitM attacks which use spoofed SSL certificates.

Closes: https://bugzilla.gnome.org/show_bug.cgi?id=671535
---
Index: libgdata-0.6.6/gdata/gdata-service.c
===================================================================
--- libgdata-0.6.6.orig/gdata/gdata-service.c
+++ libgdata-0.6.6/gdata/gdata-service.c
@@ -200,7 +200,7 @@ static void
 gdata_service_init (GDataService *self)
 {
 	self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, GDATA_TYPE_SERVICE, GDataServicePrivate);
-	self->priv->session = soup_session_sync_new ();
+	self->priv->session = soup_session_sync_new_with_options (SOUP_SESSION_SSL_CA_FILE, CA_CERTS, NULL);
 
 #ifdef HAVE_GNOME
 	soup_session_add_feature_by_type (self->priv->session, SOUP_TYPE_GNOME_FEATURES_2_26);
--- libgdata-0.4.0/configure.in.orig	2012-07-12 06:13:09.288849914 +0200
+++ libgdata-0.4.0/configure.in	2012-07-12 06:14:01.720471490 +0200
@@ -68,6 +68,13 @@
 AC_SUBST(GNOME_CFLAGS)
 AC_SUBST(GNOME_LIBS)
 
+# System SSL CA certificates
+AC_ARG_WITH(ca-certs,
+            AS_HELP_STRING([--with-ca-certs=PATH],[location of SSL CA certificates (default: /etc/ssl/certs/ca-certificates.crt)]),
+            ca_certs="$withval",
+            ca_certs="/etc/ssl/certs/ca-certificates.crt")
+AC_DEFINE_UNQUOTED(CA_CERTS, "$ca_certs", [Where to look for SSL CA certificates])
+
 GNOME_COMMON_INIT
 GNOME_DEBUG_CHECK
 GNOME_COMPILE_WARNINGS([maximum])