net: Fix TLS cert validation not being done for any network call

The default SoupSessionAsync behaviour does not perform any TLS certificate validation, unless the ssl-use-system-ca-file property is set to true. See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ This mitigates CVE-2016-20011. Closes: #146
author: Bastien Nocera <hadess@hadess.net> 2021-06-21 15:00:14 +0200
committer: Bastien Nocera <hadess@hadess.net> 2021-06-22 12:15:23 +0000
commit: cd2472e506dafb1bb8ae510e34ad4797f63e263e (patch)
tree: 3b1a8174a8a1c39c8043348b3f7a6f3adebf753b
parent: 89537b8c4bae8857078de5d084f79ffe532a7ba8 (diff)
download: grilo-cd2472e506dafb1bb8ae510e34ad4797f63e263e.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c
index 5a8e89f..5ff1d17 100644
--- a/libs/net/grl-net-wc.c
+++ b/libs/net/grl-net-wc.c
@@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc)
   wc->priv = grl_net_wc_get_instance_private (wc);
 
   wc->priv->session = soup_session_async_new ();
+  g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL);
   wc->priv->pending = g_queue_new ();
 
   set_thread_context (wc);
author	Bastien Nocera <hadess@hadess.net>	2021-06-21 15:00:14 +0200
committer	Bastien Nocera <hadess@hadess.net>	2021-06-22 12:15:23 +0000
commit	cd2472e506dafb1bb8ae510e34ad4797f63e263e (patch)
tree	3b1a8174a8a1c39c8043348b3f7a6f3adebf753b
parent	89537b8c4bae8857078de5d084f79ffe532a7ba8 (diff)
download	grilo-cd2472e506dafb1bb8ae510e34ad4797f63e263e.tar.gz