You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 lines
1.1 KiB
33 lines
1.1 KiB
From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001 |
|
From: Bastien Nocera <hadess@hadess.net> |
|
Date: Mon, 21 Jun 2021 15:00:14 +0200 |
|
Subject: [PATCH 2/2] net: Fix TLS cert validation not being done for any |
|
network call |
|
|
|
The default SoupSessionAsync behaviour does not perform any TLS certificate |
|
validation, unless the ssl-use-system-ca-file property is set to true. |
|
|
|
See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ |
|
|
|
This mitigates CVE-2016-20011. |
|
|
|
Closes: #146 |
|
--- |
|
libs/net/grl-net-wc.c | 1 + |
|
1 file changed, 1 insertion(+) |
|
|
|
diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c |
|
index 5a8e89f..5ff1d17 100644 |
|
--- a/libs/net/grl-net-wc.c |
|
+++ b/libs/net/grl-net-wc.c |
|
@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc) |
|
wc->priv = grl_net_wc_get_instance_private (wc); |
|
|
|
wc->priv->session = soup_session_async_new (); |
|
+ g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL); |
|
wc->priv->pending = g_queue_new (); |
|
|
|
set_thread_context (wc); |
|
-- |
|
2.31.1 |
|
|
|
|