| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
GIO, backed by glib-networking, has everything that we need.
https://bugzilla.gnome.org/show_bug.cgi?id=780160
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Gcr has its own hand rolled code to complete the certificate chain and
validate it, which predates the equivalent functionality in GIO. These
days, GIO's GnuTLS backend is a better option because it defers to
GnuTLS to do the right thing. It benefits automatically from any
improvements made to GnuTLS itself.
However, GIO doesn't support certificate pinning. Gcr continues to
provide that feature.
Note:
(a) We don't set "certificate-hostname" when we encounter
TP_TLS_CERTIFICATE_REJECT_REASON_HOSTNAME_MISMATCH. The resulting loss
of verbosity in EmpathyTLSDialog is balanced by no longer relying on a
specific encryption library.
(b) glib-networking doesn't differentiate between
GNUTLS_CERT_SIGNER_NOT_FOUND and GNUTLS_CERT_SIGNER_NOT_CA. Hence, we
club them together as TP_TLS_CERTIFICATE_REJECT_REASON_UNTRUSTED and we
no longer return TP_TLS_CERTIFICATE_REJECT_REASON_SELF_SIGNED.
(c) Unlike Gcr, GnuTLS doesn't seem to provide a way to load a PKCS#11
module that's built into the code, as opposed to being a shared object.
This makes it hard for us to load our mock PKCS#11 module. Therefore,
we have disabled the test case that relies on using PKCS#11 storage to
complete the certificate chain.
Bump required GLib version to 2.48. We really do need 2.48 because we
rely on the improvements to GIO's GnuTLS backend.
https://bugzilla.gnome.org/show_bug.cgi?id=780160
|
| | |
|
| |
|
|
|
|
|
|
| |
The work is mostly done by Carlos Garcia, rebase by György. It's got
FIXMEs and serious bugs, but it's better than no Empathy at all once
WebKit1 is removed from Fedora in two short months.
https://bugzilla.gnome.org/show_bug.cgi?id=749001
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This test case is about ensuring that a pinned certificate won't be
validated if the wrong hostname is used.
If we don't add the pinned certificate to our database, then checks for
pinning are going to fail regardless of the hostname being used. The
correct certificate-hostname pair needs to be in the database to ensure
that the hostnames are being matched as advertised.
https://bugzilla.gnome.org/show_bug.cgi?id=780160
|
| |
|
|
|
|
|
|
|
|
|
| |
The existing comment was mistakenly copied from
test_certificate_verify_success_with_full_chain.
This test case is about a certificate that has been pinned against a
specific peer. The mock TLS connection doesn't have the full chain,
but just the leaf-level certificate that has been pinned.
https://bugzilla.gnome.org/show_bug.cgi?id=780160
|
| |
|
|
|
|
| |
... by mapping it to TP_TLS_CERTIFICATE_REJECT_REASON_REVOKED.
https://bugzilla.gnome.org/show_bug.cgi?id=780160
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Underscores are not allowed in GAction names. This led to a pile of
warnings during startup and ultimately none of these actions working.
Fix by substituting the underscores with hyphens, an allowed character.
We can also omit the NULLs in the GActionEntries, as they are implied:
struct fields not explicitly initialised are zero-initialised anyway.
|
| |
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=738315
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This patch removes the FsElementAddedNotifier from the pipeline
in the conference remove callback, instead of just unreferencing
them. This fixes a crash in the rtp-special-source stop thread
cleanup code.
https://bugzilla.gnome.org/show_bug.cgi?id=768889
|
| |
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=746735
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit a9ede294c57bc5738be3c33cba4ef88b9a7d4a0e.
It causes empathy-call to crash when run in X11, and fixes absolutely
nothing. See the bug for details.
Thanks to Diane Trout for investigating and preparing a substantially-
identical patch.
https://bugzilla.gnome.org/show_bug.cgi?id=767516
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNU Make manual says:
A rule with multiple targets is equivalent to writing many rules,
each with one target, and all identical aside from that.
In other words, make may very well call glib-gtypes-generator.py twice
(once for each generated header). And hell breaks loose because the
python code assumes it will run once (it should be using the tempfile
module, but that's another bug). On a fast multi-core machine, make -j4
will easily reproduce this bug.
The solution is hidden in the same manual [1] :
%.tab.c %.tab.h: %.y
bison -d $<
This tells make that the recipe ‘bison -d x.y’ will make both
x.tab.c and x.tab.h.
So by using '%' to replace the 'y' in the targets, I'm telling make that
running the recipe once will generate both files.
[1] http://www.gnu.org/software/make/manual/make.html#Pattern-Examples
https://bugs.gentoo.org/show_bug.cgi?id=515894
https://bugzilla.gnome.org/show_bug.cgi?id=685837
Signed-off-by: Gilles Dartiguelongue <eva@gentoo.org>
|
| |
|
|
|
|
| |
use x-office-calendar icon instead
https://bugzilla.gnome.org/show_bug.cgi?id=756990
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The former always wins for application matching when using the wayland
backend.
https://bugzilla.gnome.org/show_bug.cgi?id=766285
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Fixes build with -Werror=type-limits after recent tpaw update.
|
| |
|
|
|
|
| |
Migrate to its replacement webkit_dom_element_get_class_name.
https://bugzilla.gnome.org/show_bug.cgi?id=765024
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Previous commit was broken. :(
|
