diff options
author | Bastien Nocera <hadess@hadess.net> | 2021-06-21 15:00:14 +0200 |
---|---|---|
committer | Bastien Nocera <hadess@hadess.net> | 2021-06-22 12:15:23 +0000 |
commit | cd2472e506dafb1bb8ae510e34ad4797f63e263e (patch) | |
tree | 3b1a8174a8a1c39c8043348b3f7a6f3adebf753b | |
parent | 89537b8c4bae8857078de5d084f79ffe532a7ba8 (diff) | |
download | grilo-cd2472e506dafb1bb8ae510e34ad4797f63e263e.tar.gz |
net: Fix TLS cert validation not being done for any network call
The default SoupSessionAsync behaviour does not perform any TLS certificate
validation, unless the ssl-use-system-ca-file property is set to true.
See https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/
This mitigates CVE-2016-20011.
Closes: #146
-rw-r--r-- | libs/net/grl-net-wc.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libs/net/grl-net-wc.c b/libs/net/grl-net-wc.c index 5a8e89f..5ff1d17 100644 --- a/libs/net/grl-net-wc.c +++ b/libs/net/grl-net-wc.c @@ -314,6 +314,7 @@ grl_net_wc_init (GrlNetWc *wc) wc->priv = grl_net_wc_get_instance_private (wc); wc->priv->session = soup_session_async_new (); + g_object_set (G_OBJECT (wc->priv->session), "ssl-use-system-ca-file", TRUE, NULL); wc->priv->pending = g_queue_new (); set_thread_context (wc); |