Context Navigation

Back to Ticket #4245

Ticket #4245: 0001-Use-system-certificate-authorities-for-SSL-certifica.patch

File 0001-Use-system-certificate-authorities-for-SSL-certifica.patch, 1.3 KB (added by humitos, 11 years ago)
Sam's patch that does not allow any invalid certificate

webactivity.py

From 75dcc0421eb5f5667e4f78088b588d735c4168e4 Mon Sep 17 00:00:00 2001
From: Samuel Greenfeld <greenfeld@laptop.org>
Date: Thu, 15 Nov 2012 23:25:22 -0500
Subject: [PATCH] Use system certificate authorities for SSL certificate
 verification (CVE-2012-5871)

The libsoup library does not default to using any source of SSL
certificate information.  This causes the Browse activity to
accept all SSL certificates as libsoup has no defualt method of
knowing whom to trust.

This patch tells libsoup to use the system CA certificate records
found in most Linux distributions to determine whom to trust.
Browse will then refuse to load pages with invalid CA certificates.

Thanks to Jakob Lell for reporting this issue.

Signed-off-by: Samuel Greenfeld <greenfeld@laptop.org>
---
 webactivity.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/webactivity.py b/webactivity.py
index d140128..7b5f959 100644

  class WebActivity(activity.Activity):
         session = WebKit.get_default_session()
         session.set_property('accept-language-auto', True)
+        session.set_property('ssl-use-system-ca-file', True)
         # By default, cookies are not stored persistently, we have to
         # add a cookie jar so that they get saved to disk.  We use one

Download in other formats:

Original Format