maryjane
/
syncevolution
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

SoupTransport: drop CA file check 

It used to be necessary to specify a CA file for libsoup to enable SSL
certificate checking. Nowadays libsoup uses the default CA store
unless told otherwise, so the check in SyncEvolution became
obsolete. However, now there is a certain risk that no SSL checking is
done although the user asked for it (when libsoup is not recent enough
or compiled correctly).
This commit is contained in:
Patrick Ohly 2014-09-08 12:44:55 +02:00
parent b747a8c2e4
commit f5ae660c70
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/syncevo/SoupTransportAgent.cpp
View File

@ -127,15 +127,10 @@ void SoupTransportAgent::send(const char *data, size_t len)
}
// use CA certificates if available and needed,
// fail if not available and needed
// otherwise let soup use system default certificates
if (m_verifySSL) {
if (!m_cacerts.empty()) {
g_object_set(m_session.get(), SOUP_SESSION_SSL_CA_FILE, m_cacerts.c_str(), NULL);
} else {
SoupURI *uri = soup_message_get_uri(message.get());
if (!strcmp(uri->scheme, SOUP_URI_SCHEME_HTTPS)) {
SE_THROW_EXCEPTION(TransportException, "SSL certificate checking requested, but no CA certificate file configured");
}
}
}