Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 581443 Details for
Bug 817692
CVE-2012-2132 libsoup: does not indicate whether or not an SSL certificate is valid
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch against libsoup 2.32
0001-Flip-the-value-of-SOUP_MESSAGE_TRUSTED_CERTIFICATE-w.patch (text/plain), 2.11 KB, created by
Dan Winship
on 2012-05-01 18:43:19 UTC
(
hide
)
Description:
patch against libsoup 2.32
Filename:
MIME Type:
Creator:
Dan Winship
Created:
2012-05-01 18:43:19 UTC
Size:
2.11 KB
patch
obsolete
>From c3dfa12ac2bdba633cab41daabddf039c07163b0 Mon Sep 17 00:00:00 2001 >From: Dan Winship <danw@gnome.org> >Date: Tue, 1 May 2012 14:35:49 -0400 >Subject: [PATCH] Flip the value of SOUP_MESSAGE_TRUSTED_CERTIFICATE when not > using a CA > >The value of SOUP_MESSAGE_TRUSTED_CERTIFICATE is not supposed to be >meaningful if SoupSession:ssl-ca-file is unset, but if someone does >happen to look at it, "FALSE" probably represents what they were >looking for better than "TRUE" does. >--- > libsoup/soup-gnutls.c | 6 ++++++ > libsoup/soup-socket.c | 3 ++- > libsoup/soup-ssl.h | 1 + > 3 files changed, 9 insertions(+), 1 deletion(-) > >diff --git a/libsoup/soup-gnutls.c b/libsoup/soup-gnutls.c >index 0b57f28..85788db 100644 >--- a/libsoup/soup-gnutls.c >+++ b/libsoup/soup-gnutls.c >@@ -702,4 +702,10 @@ soup_ssl_free_server_credentials (SoupSSLCredentials *creds) > g_slice_free (SoupSSLCredentials, creds); > } > >+gboolean >+soup_ssl_credentials_have_ca_file (SoupSSLCredentials *creds) >+{ >+ return creds->have_ca_file; >+} >+ > #endif /* HAVE_SSL */ >diff --git a/libsoup/soup-socket.c b/libsoup/soup-socket.c >index 4e65891..54d3231 100644 >--- a/libsoup/soup-socket.c >+++ b/libsoup/soup-socket.c >@@ -957,7 +957,8 @@ soup_socket_start_proxy_ssl (SoupSocket *sock, const char *ssl_host, > /* This is optimistic, we will set this to false if we get a > * cert error from one of the I/O calls > */ >- if (priv->ssl_creds) >+ if (priv->ssl_creds && >+ soup_ssl_credentials_have_ca_file (priv->ssl_creds)) > priv->trusted_certificate = TRUE; > > priv->iochannel = ssl_chan; >diff --git a/libsoup/soup-ssl.h b/libsoup/soup-ssl.h >index f4e3eab..1469d1e 100644 >--- a/libsoup/soup-ssl.h >+++ b/libsoup/soup-ssl.h >@@ -17,6 +17,7 @@ typedef struct SoupSSLCredentials SoupSSLCredentials; > > SoupSSLCredentials *soup_ssl_get_client_credentials (const char *ca_file); > void soup_ssl_free_client_credentials (SoupSSLCredentials *creds); >+gboolean soup_ssl_credentials_have_ca_file(SoupSSLCredentials *creds); > > SoupSSLCredentials *soup_ssl_get_server_credentials (const char *cert_file, > const char *key_file); >-- >1.7.10 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=581443">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 817692
: 581443 |
581614