From fddcadcdff5f7d819ddb64f0e7105c966ddd367d Mon Sep 17 00:00:00 2001 From: Pierre Pronchery Date: Tue, 21 Dec 2010 01:43:23 +0000 Subject: [PATCH] Do not fully trust all SSL connection if no certificate bundle was found --- src/ghtml-webkit.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/ghtml-webkit.c b/src/ghtml-webkit.c index e2dd831..d658cad 100644 --- a/src/ghtml-webkit.c +++ b/src/ghtml-webkit.c @@ -37,6 +37,7 @@ typedef struct _GHtml GtkWidget * widget; GtkWidget * view; char * status; + gboolean ssl; } GHtml; @@ -94,6 +95,7 @@ GtkWidget * ghtml_new(Surfer * surfer) return NULL; ghtml->surfer = surfer; ghtml->status = NULL; + ghtml->ssl = FALSE; /* widgets */ widget = gtk_scrolled_window_new(NULL, NULL); ghtml->widget = widget; @@ -157,6 +159,7 @@ static void _new_init(GHtml * ghtml) { g_object_set(session, "ssl-ca-file", cacerts[i], "ssl-strict", FALSE, NULL); + ghtml->ssl = TRUE; return; } surfer_warning(ghtml->surfer, "Could not load certificate bundle:\n" @@ -253,7 +256,8 @@ SurferSecurity ghtml_get_security(GtkWidget * widget) source = webkit_web_frame_get_data_source(frame); request = webkit_web_data_source_get_request(source); message = webkit_network_request_get_message(request); - if(message != NULL && soup_message_get_flags(message) + if(ghtml->ssl == TRUE && message != NULL + && soup_message_get_flags(message) & SOUP_MESSAGE_CERTIFICATE_TRUSTED) security = SS_TRUSTED; }