| 12345678910111213141516171819202122232425262728293031323334 |
- From cd2472e506dafb1bb8ae510e34ad4797f63e263e Mon Sep 17 00:00:00 2001
- From: Bastien Nocera <hadess@hadess.net>
- Date: Mon, 21 Jun 2021 15:00:14 +0200
- Subject: [PATCH 2/2] net: Fix TLS cert validation not being done for any
- network call
- The default SoupSessionAsync behaviour does not perform any TLS certificate
- validation, unless the ssl-use-system-ca-file property is set to true.
- See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
- This mitigates CVE-2016-20011.
- Closes: #146
- ---
- libs/net/grl-net-wc.c | 1 +
- 1 file changed, 1 insertion(+)
- diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
- index 5a8e89f..5ff1d17 100644
- --- a/libs/net/grl-net-wc.c
- +++ b/libs/net/grl-net-wc.c
- @@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
- wc->priv = grl_net_wc_get_instance_private (wc);
-
- wc->priv->session = soup_session_async_new ();
- + g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
- wc->priv->pending = g_queue_new ();
-
- set_thread_context (wc);
- --
- 2.31.1
|
