Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 581614 Details for
Bug 817692
CVE-2012-2132 libsoup: does not indicate whether or not an SSL certificate is valid
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch against libsoup 2.34 (F15)
0001-Flip-the-value-of-SOUP_MESSAGE_TRUSTED_CERTIFICATE-w.patch (text/plain), 2.93 KB, created by
Dan Winship
on 2012-05-02 13:19:30 UTC
(
hide
)
Description:
patch against libsoup 2.34 (F15)
Filename:
MIME Type:
Creator:
Dan Winship
Created:
2012-05-02 13:19:30 UTC
Size:
2.93 KB
patch
obsolete
>From 48a69f3cfe8c2f2df76a9ed50522b8b40bc9753a Mon Sep 17 00:00:00 2001 >From: Dan Winship <danw@gnome.org> >Date: Tue, 1 May 2012 14:35:49 -0400 >Subject: [PATCH] Flip the value of SOUP_MESSAGE_TRUSTED_CERTIFICATE when not > using a CA > >The value of SOUP_MESSAGE_TRUSTED_CERTIFICATE is not supposed to be >meaningful if SoupSession:ssl-ca-file is unset, but if someone does >happen to look at it, "FALSE" probably represents what they were >looking for better than "TRUE" does. >--- > libsoup/soup-socket.c | 7 +++---- > libsoup/soup-ssl.c | 4 +++- > libsoup/soup-ssl.h | 3 ++- > 3 files changed, 8 insertions(+), 6 deletions(-) > >diff --git a/libsoup/soup-socket.c b/libsoup/soup-socket.c >index 8d11841..6357ba4 100644 >--- a/libsoup/soup-socket.c >+++ b/libsoup/soup-socket.c >@@ -74,9 +74,9 @@ typedef struct { > guint non_blocking:1; > guint is_server:1; > guint ssl_strict:1; >- guint ssl_ca_in_creds:1; > guint clean_dispose:1; > gpointer ssl_creds; >+ gboolean ssl_ca_in_creds; > > GMainContext *async_context; > GSource *watch_src; >@@ -875,10 +875,9 @@ soup_socket_accept_certificate (GTlsConnection *conn, GTlsCertificate *cert, > SoupSocketPrivate *priv = SOUP_SOCKET_GET_PRIVATE (sock); > > if (soup_ssl_credentials_verify_certificate (priv->ssl_creds, >- cert, errors)) { >- priv->ssl_ca_in_creds = TRUE; >+ cert, errors, >+ &priv->ssl_ca_in_creds)) > return TRUE; >- } > > return !priv->ssl_strict; > } >diff --git a/libsoup/soup-ssl.c b/libsoup/soup-ssl.c >index 74d87f2..4f14555 100644 >--- a/libsoup/soup-ssl.c >+++ b/libsoup/soup-ssl.c >@@ -49,7 +49,8 @@ soup_ssl_get_client_credentials (const char *ca_file) > gboolean > soup_ssl_credentials_verify_certificate (SoupSSLCredentials *creds, > GTlsCertificate *cert, >- GTlsCertificateFlags errors) >+ GTlsCertificateFlags errors, >+ gboolean *ca_in_creds) > { > errors = errors & creds->validation_flags; > >@@ -59,6 +60,7 @@ soup_ssl_credentials_verify_certificate (SoupSSLCredentials *creds, > for (ca = creds->ca_list; ca; ca = ca->next) { > if ((g_tls_certificate_verify (cert, NULL, ca->data) & G_TLS_CERTIFICATE_UNKNOWN_CA) == 0) { > errors &= ~G_TLS_CERTIFICATE_UNKNOWN_CA; >+ *ca_in_creds = TRUE; > break; > } > } >diff --git a/libsoup/soup-ssl.h b/libsoup/soup-ssl.h >index 5858199..eac6de6 100644 >--- a/libsoup/soup-ssl.h >+++ b/libsoup/soup-ssl.h >@@ -19,7 +19,8 @@ SoupSSLCredentials *soup_ssl_get_client_credentials (const char > void soup_ssl_free_client_credentials (SoupSSLCredentials *creds); > gboolean soup_ssl_credentials_verify_certificate (SoupSSLCredentials *creds, > GTlsCertificate *cert, >- GTlsCertificateFlags errors); >+ GTlsCertificateFlags errors, >+ gboolean *ca_in_creds); > > SoupSSLCredentials *soup_ssl_get_server_credentials (const char *cert_file, > const char *key_file); >-- >1.7.10 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=581614">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 817692
:
581443
| 581614