From fddcadcdff5f7d819ddb64f0e7105c966ddd367d Mon Sep 17 00:00:00 2001
From: Pierre Pronchery <khorben@defora.org>
Date: Tue, 21 Dec 2010 01:43:23 +0000
Subject: [PATCH] Do not fully trust all SSL connection if no certificate
 bundle was found

---
 src/ghtml-webkit.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/ghtml-webkit.c b/src/ghtml-webkit.c
index e2dd831..d658cad 100644
--- a/src/ghtml-webkit.c
+++ b/src/ghtml-webkit.c
@@ -37,6 +37,7 @@ typedef struct _GHtml
 	GtkWidget * widget;
 	GtkWidget * view;
 	char * status;
+	gboolean ssl;
 } GHtml;
 
 
@@ -94,6 +95,7 @@ GtkWidget * ghtml_new(Surfer * surfer)
 		return NULL;
 	ghtml->surfer = surfer;
 	ghtml->status = NULL;
+	ghtml->ssl = FALSE;
 	/* widgets */
 	widget = gtk_scrolled_window_new(NULL, NULL);
 	ghtml->widget = widget;
@@ -157,6 +159,7 @@ static void _new_init(GHtml * ghtml)
 		{
 			g_object_set(session, "ssl-ca-file", cacerts[i],
 					"ssl-strict", FALSE, NULL);
+			ghtml->ssl = TRUE;
 			return;
 		}
 	surfer_warning(ghtml->surfer, "Could not load certificate bundle:\n"
@@ -253,7 +256,8 @@ SurferSecurity ghtml_get_security(GtkWidget * widget)
 		source = webkit_web_frame_get_data_source(frame);
 		request = webkit_web_data_source_get_request(source);
 		message = webkit_network_request_get_message(request);
-		if(message != NULL && soup_message_get_flags(message)
+		if(ghtml->ssl == TRUE && message != NULL
+				&& soup_message_get_flags(message)
 				& SOUP_MESSAGE_CERTIFICATE_TRUSTED)
 			security = SS_TRUSTED;
 	}