goahttpclient: Do not abort soup session on certificate errorwip/httpclient-deadlock

Calling soup_session_abort() within http_client_accept_certificate(),
means the soup session also cancels the associated cancellable, which
invokes http_client_check_cancelled_cb(), which also calls
soup_session_abort(), but it asks for a lock, which it already has.
The http_client_accept_certificate() can simply return FALSE to
stop further processing, which it does.

The side-effect is also that the cancelled error has a precedence over
the TLS error, meaning the dialog behaved like the user cancelled it,
even he/she did not. The user could not know that there's a certificate
problem.

1 files changed, 4 insertions, 5 deletions

diff --git a/src/goabackend/goahttpclient.c b/src/goabackend/goahttpclient.c
index f2ce3b7..37edb7f 100644
--- a/src/goabackend/goahttpclient.c
+++ b/src/goabackend/goahttpclient.c
@@ -128,11 +128,6 @@ http_client_accept_certificate (SoupMessage *msg, GTlsCertificate *cert, GTlsCer
   if (data->error == NULL)
     {
       goa_utils_set_error_ssl (&data->error, cert_flags);
-
-      /* The callback will be invoked after we have returned to the
-       * main loop.
-       */
-      soup_session_abort (data->session);
     }
 
   return FALSE;
@@ -188,6 +183,10 @@ http_client_check_response_cb (SoupSession *session, GAsyncResult *result, gpoin
       goto out;
     }
 
+  /* use previously set error, like the SSL error */
+  if (data->error != NULL)
+    goto out;
+
   status = soup_message_get_status (msg);
   if (status != SOUP_STATUS_OK || error)
     {