Overview

File libgdata-validate-ssl-cert.patch of Package libgdata.openSUSE_12.1_Update

From 8eff8fa9138859e03e58c2aa76600ab63eb5c29c Mon Sep 17 00:00:00 2001
From: Philip Withnall <philip@tecnocode.co.uk>
Date: Thu, 08 Mar 2012 00:09:08 +0000
Subject: core: Validate SSL certificates for all connections

This prevents MitM attacks which use spoofed SSL certificates.

Closes: https://bugzilla.gnome.org/show_bug.cgi?id=671535
---
diff --git a/configure.ac b/configure.ac
index 5c8d9ce..c8840b9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -97,6 +97,13 @@ AC_CHECK_FUNCS([strtol])
 AC_CHECK_FUNCS([strtoul])
 AC_CHECK_HEADERS([sys/time.h])
 
+# System SSL CA certificates
+AC_ARG_WITH(ca-certs,
+            AS_HELP_STRING([--with-ca-certs=PATH],[location of SSL CA certificates (default: /etc/ssl/certs/ca-certificates.crt)]),
+            ca_certs="$withval",
+            ca_certs="/etc/ssl/certs/ca-certificates.crt")
+AC_DEFINE_UNQUOTED(CA_CERTS, "$ca_certs", [Where to look for SSL CA certificates])
+
 # Internationalisation support
 GETTEXT_PACKAGE=gdata
 AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE, ["$GETTEXT_PACKAGE"], [Define to the Gettext package name])
diff --git a/gdata/gdata-service.c b/gdata/gdata-service.c
index c9dce29..f2fed32 100644
--- a/gdata/gdata-service.c
+++ b/gdata/gdata-service.c
@@ -2042,7 +2042,7 @@ _gdata_service_get_log_level (void)
 SoupSession *
 _gdata_service_build_session (void)
 {
-	SoupSession *session = soup_session_sync_new ();
+	SoupSession *session = soup_session_sync_new_with_options (SOUP_SESSION_SSL_CA_FILE, CA_CERTS, NULL);
 
 #ifdef HAVE_GNOME
 	soup_session_add_feature_by_type (session, SOUP_TYPE_GNOME_FEATURES_2_26);
--
cgit v0.9.0.2
openSUSE Build Service is sponsored by
Places