session: Remove ssl-use-system-ca-file propertycarlosgc/system-ca-file

SoupSession:tls-database is enough. When not set the default will be
used. Also ensure that we don't get the default tls database and proxy
resolver unless the property getters are called.

6 files changed, 99 insertions, 146 deletions

diff --git a/libsoup/soup-connection.c b/libsoup/soup-connection.c
index c47e962e..ecbd8693 100644
--- a/libsoup/soup-connection.c
+++ b/libsoup/soup-connection.c
@@ -399,11 +399,13 @@ new_socket_client (SoupConnection *conn)
                                  G_CALLBACK (re_emit_socket_event),
                                  conn, 0);
 
-        if (props->proxy_resolver) {
-                g_socket_client_set_proxy_resolver (client, props->proxy_resolver);
-                g_socket_client_add_application_proxy (client, "http");
-        } else
-                g_socket_client_set_enable_proxy (client, FALSE);
+	if (!props->proxy_use_default) {
+		if (props->proxy_resolver) {
+			g_socket_client_set_proxy_resolver (client, props->proxy_resolver);
+			g_socket_client_add_application_proxy (client, "http");
+		} else
+			g_socket_client_set_enable_proxy (client, FALSE);
+	}
         if (props->io_timeout)
                 g_socket_client_set_timeout (client, props->io_timeout);
         if (props->local_addr)
@@ -442,13 +444,15 @@ new_tls_connection (SoupConnection    *conn,
                                          priv->cancellable, error,
                                          "base-io-stream", connection,
                                          "server-identity", priv->remote_connectable,
-                                         "database", priv->socket_props->tlsdb,
                                          "require-close-notify", FALSE,
                                          "interaction", priv->socket_props->tls_interaction,
                                          NULL);
         if (!tls_connection)
                 return NULL;
 
+	if (!priv->socket_props->tlsdb_use_default)
+		g_tls_connection_set_database (G_TLS_CONNECTION (tls_connection), priv->socket_props->tlsdb);
+
 	g_signal_connect_object (tls_connection, "accept-certificate",
 				 G_CALLBACK (tls_connection_accept_certificate),
 				 conn, G_CONNECT_SWAPPED);
diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
index 37db0cdc..d4fb5988 100644
--- a/libsoup/soup-session.c
+++ b/libsoup/soup-session.c
@@ -102,7 +102,6 @@ typedef struct {
 
 	GProxyResolver *proxy_resolver;
 	gboolean proxy_use_default;
-	GUri *proxy_uri;
 
 	SoupSocketProperties *socket_props;
 
@@ -176,7 +175,6 @@ enum {
 	PROP_PROXY_RESOLVER,
 	PROP_MAX_CONNS,
 	PROP_MAX_CONNS_PER_HOST,
-	PROP_SSL_USE_SYSTEM_CA_FILE,
 	PROP_TLS_DATABASE,
 	PROP_ASYNC_CONTEXT,
 	PROP_TIMEOUT,
@@ -303,7 +301,6 @@ soup_session_finalize (GObject *object)
 	g_hash_table_destroy (priv->features_cache);
 
 	g_clear_object (&priv->proxy_resolver);
-	g_clear_pointer (&priv->proxy_uri, g_uri_unref);
 
 	g_clear_pointer (&priv->socket_props, soup_socket_properties_unref);
 
@@ -319,89 +316,66 @@ ensure_socket_props (SoupSession *session)
 	if (priv->socket_props)
 		return;
 
-	if (priv->proxy_use_default) {
-		priv->proxy_resolver = g_object_ref (g_proxy_resolver_get_default ());
-		priv->proxy_use_default = FALSE;
-	}
-	if (priv->tlsdb_use_default) {
-		priv->tlsdb = g_tls_backend_get_default_database (g_tls_backend_get_default ());
-		priv->tlsdb_use_default = FALSE;
-	}
-
-	priv->socket_props = soup_socket_properties_new (priv->proxy_resolver,
-							 priv->local_addr,
-							 priv->tlsdb,
+	priv->socket_props = soup_socket_properties_new (priv->local_addr,
 							 priv->tls_interaction,
 							 priv->io_timeout,
 							 priv->idle_timeout);
+	if (!priv->proxy_use_default)
+		soup_socket_properties_set_proxy_resolver (priv->socket_props, priv->proxy_resolver);
+	if (!priv->tlsdb_use_default)
+		soup_socket_properties_set_tls_database (priv->socket_props, priv->tlsdb);
 }
 
 static void
-set_tlsdb (SoupSession *session, GTlsDatabase *tlsdb)
+set_tlsdb (SoupSession  *session,
+	   GTlsDatabase *tlsdb)
 {
 	SoupSessionPrivate *priv = soup_session_get_instance_private (session);
-	GTlsDatabase *system_default;
 
 	priv->tlsdb_use_default = FALSE;
 	if (tlsdb == priv->tlsdb)
 		return;
 
-	g_object_freeze_notify (G_OBJECT (session));
-
-	system_default = g_tls_backend_get_default_database (g_tls_backend_get_default ());
-	if (system_default) {
-		if (priv->tlsdb == system_default || tlsdb == system_default) {
-			g_object_notify (G_OBJECT (session), "ssl-use-system-ca-file");
-		}
-		g_object_unref (system_default);
-	}
-
-	if (priv->tlsdb)
-		g_object_unref (priv->tlsdb);
-	priv->tlsdb = tlsdb;
-	if (priv->tlsdb)
-		g_object_ref (priv->tlsdb);
-
+	g_clear_object (&priv->tlsdb);
+	priv->tlsdb = tlsdb ? g_object_ref (tlsdb) : NULL;
 	g_object_notify (G_OBJECT (session), "tls-database");
-	g_object_thaw_notify (G_OBJECT (session));
 }
 
-static void
-set_use_system_ca_file (SoupSession *session, gboolean use_system_ca_file)
+static GTlsDatabase *
+get_tlsdb (SoupSession *session)
 {
 	SoupSessionPrivate *priv = soup_session_get_instance_private (session);
-	GTlsDatabase *system_default;
 
-	priv->tlsdb_use_default = FALSE;
-
-	system_default = g_tls_backend_get_default_database (g_tls_backend_get_default ());
-
-	if (use_system_ca_file)
-		set_tlsdb (session, system_default);
-	else if (priv->tlsdb == system_default)
-		set_tlsdb (session, NULL);
+	if (priv->tlsdb_use_default && !priv->tlsdb)
+		priv->tlsdb = g_tls_backend_get_default_database (g_tls_backend_get_default ());
 
-	g_clear_object (&system_default);
+	return priv->tlsdb;
 }
 
 static void
-set_proxy_resolver (SoupSession *session, GUri *uri,
+set_proxy_resolver (SoupSession    *session,
 		    GProxyResolver *g_resolver)
 {
 	SoupSessionPrivate *priv = soup_session_get_instance_private (session);
-	g_clear_object (&priv->proxy_resolver);
-	g_clear_pointer (&priv->proxy_uri, g_uri_unref);
+
 	priv->proxy_use_default = FALSE;
+	if (priv->proxy_resolver == g_resolver)
+		return;
 
-	if (uri) {
-		char *uri_string;
+	g_clear_object (&priv->proxy_resolver);
+	priv->proxy_resolver = g_resolver ? g_object_ref (g_resolver) : NULL;
+	g_object_notify (G_OBJECT (session), "proxy-resolver");
+}
+
+static GProxyResolver *
+get_proxy_resolver (SoupSession *session)
+{
+	SoupSessionPrivate *priv = soup_session_get_instance_private (session);
 
-		priv->proxy_uri = soup_uri_copy_with_normalized_flags (uri);
-		uri_string = g_uri_to_string (uri);
-		priv->proxy_resolver = g_simple_proxy_resolver_new (uri_string, NULL);
-		g_free (uri_string);
-	} else if (g_resolver)
-		priv->proxy_resolver = g_object_ref (g_resolver);
+	if (!priv->proxy_use_default)
+		return priv->proxy_resolver;
+
+	return g_proxy_resolver_get_default ();
 }
 
 static void
@@ -419,8 +393,7 @@ soup_session_set_property (GObject *object, guint prop_id,
 		socket_props_changed = TRUE;
 		break;
 	case PROP_PROXY_RESOLVER:
-		set_proxy_resolver (session, NULL,
-				    g_value_get_object (value));
+		set_proxy_resolver (session, g_value_get_object (value));
 		socket_props_changed = TRUE;
 		break;
 	case PROP_MAX_CONNS:
@@ -429,10 +402,6 @@ soup_session_set_property (GObject *object, guint prop_id,
 	case PROP_MAX_CONNS_PER_HOST:
 		priv->max_conns_per_host = g_value_get_int (value);
 		break;
-	case PROP_SSL_USE_SYSTEM_CA_FILE:
-		set_use_system_ca_file (session, g_value_get_boolean (value));
-		socket_props_changed = TRUE;
-		break;
 	case PROP_TLS_DATABASE:
 		set_tlsdb (session, g_value_get_object (value));
 		socket_props_changed = TRUE;
@@ -501,17 +470,13 @@ soup_session_get_property (GObject *object, guint prop_id,
 {
 	SoupSession *session = SOUP_SESSION (object);
 	SoupSessionPrivate *priv = soup_session_get_instance_private (session);
-	GTlsDatabase *tlsdb;
 
 	switch (prop_id) {
 	case PROP_LOCAL_ADDRESS:
 		g_value_set_object (value, priv->local_addr);
 		break;
 	case PROP_PROXY_RESOLVER:
-		g_mutex_lock (&priv->conn_lock);
-		ensure_socket_props (session);
-		g_mutex_unlock (&priv->conn_lock);
-		g_value_set_object (value, priv->proxy_resolver);
+		g_value_set_object (value, get_proxy_resolver (session));
 		break;
 	case PROP_MAX_CONNS:
 		g_value_set_int (value, priv->max_conns);
@@ -519,19 +484,8 @@ soup_session_get_property (GObject *object, guint prop_id,
 	case PROP_MAX_CONNS_PER_HOST:
 		g_value_set_int (value, priv->max_conns_per_host);
 		break;
-	case PROP_SSL_USE_SYSTEM_CA_FILE:
-		tlsdb = g_tls_backend_get_default_database (g_tls_backend_get_default ());
-		g_mutex_lock (&priv->conn_lock);
-		ensure_socket_props (session);
-		g_mutex_unlock (&priv->conn_lock);
-		g_value_set_boolean (value, priv->tlsdb == tlsdb);
-		g_clear_object (&tlsdb);
-		break;
 	case PROP_TLS_DATABASE:
-		g_mutex_lock (&priv->conn_lock);
-		ensure_socket_props (session);
-		g_mutex_unlock (&priv->conn_lock);
-		g_value_set_object (value, priv->tlsdb);
+		g_value_set_object (value, get_tlsdb (session));
 		break;
 	case PROP_TLS_INTERACTION:
 		g_value_set_object (value, priv->tls_interaction);
@@ -2205,11 +2159,11 @@ soup_session_class_init (SoupSessionClass *session_class)
 	 *
 	 * A #GProxyResolver to use with this session.
 	 *
-	 * By default, in a plain #SoupSession, this is set to the
-	 * default #GProxyResolver, but you can set it to %NULL if you
-	 * don't want to use proxies, or set it to your own
-	 * #GProxyResolver if you want to control what proxies get
-	 * used.
+	 * If no proxy resolver is set, then the default proxy resolver
+	 * will be used. See g_proxy_resolver_get_default().
+	 * You can set it to %NULL if you don't want to use proxies, or
+	 * set it to your own #GProxyResolver if you want to control
+	 * what proxies get used.
 	 *
 	 */
 	g_object_class_install_property (
@@ -2263,36 +2217,13 @@ soup_session_class_init (SoupSessionClass *session_class)
 				   G_PARAM_STATIC_STRINGS));
 
 	/**
-	 * SoupSession:ssl-use-system-ca-file:
-	 *
-	 * Setting this to %TRUE is equivalent to setting
-	 * #SoupSession:tls-database to the default system CA database.
-	 * (and likewise, setting #SoupSession:tls-database to the
-	 * default database by hand will cause this property to
-	 * become %TRUE).
-	 *
-	 * Setting this to %FALSE (when it was previously %TRUE) will
-	 * clear the #SoupSession:tls-database field.
-	 *
-	 **/
-	g_object_class_install_property (
-		object_class, PROP_SSL_USE_SYSTEM_CA_FILE,
-		g_param_spec_boolean ("ssl-use-system-ca-file",
-				      "Use system CA file",
-				      "Use the system certificate database",
-				      TRUE,
-				      G_PARAM_READWRITE |
-				      G_PARAM_STATIC_STRINGS));
-	/**
 	 * SoupSession:tls-database:
 	 *
 	 * Sets the #GTlsDatabase to use for validating SSL/TLS
 	 * certificates.
 	 *
-	 * Note that setting the
-	 * #SoupSession:ssl-use-system-ca-file property will cause
-	 * this property to be set to a #GTlsDatabase corresponding to
-	 * the indicated file or system default.
+	 * If no certificate database is set, then the default database will be
+	 * used. See g_tls_backend_get_default_database().
 	 *
 	 **/
 	g_object_class_install_property (
diff --git a/libsoup/soup-socket-properties.c b/libsoup/soup-socket-properties.c
index 5ceecd76..c41948c9 100644
--- a/libsoup/soup-socket-properties.c
+++ b/libsoup/soup-socket-properties.c
@@ -11,23 +11,21 @@
 #include "soup.h"
 
 SoupSocketProperties *
-soup_socket_properties_new (GProxyResolver     *proxy_resolver,
-			    GInetSocketAddress *local_addr,
-			    GTlsDatabase       *tlsdb,
+soup_socket_properties_new (GInetSocketAddress *local_addr,
 			    GTlsInteraction    *tls_interaction,
 			    guint               io_timeout,
 			    guint               idle_timeout)
 {
 	SoupSocketProperties *props;
 
-	props = g_slice_new (SoupSocketProperties);
+	props = g_slice_new0 (SoupSocketProperties);
 
         g_atomic_ref_count_init (&props->ref_count);
 
-	props->proxy_resolver = proxy_resolver ? g_object_ref (proxy_resolver) : NULL;
-	props->local_addr = local_addr ? g_object_ref (local_addr) : NULL;
+	props->proxy_use_default = TRUE;
+	props->tlsdb_use_default = TRUE;
 
-	props->tlsdb = tlsdb ? g_object_ref (tlsdb) : NULL;
+	props->local_addr = local_addr ? g_object_ref (local_addr) : NULL;
 	props->tls_interaction = tls_interaction ? g_object_ref (tls_interaction) : NULL;
 
 	props->io_timeout = io_timeout;
@@ -57,5 +55,30 @@ soup_socket_properties_unref (SoupSocketProperties *props)
 	g_slice_free (SoupSocketProperties, props);
 }
 
+void
+soup_socket_properties_set_proxy_resolver (SoupSocketProperties *props,
+					   GProxyResolver       *proxy_resolver)
+{
+	props->proxy_use_default = FALSE;
+
+	if (props->proxy_resolver == proxy_resolver)
+		return;
+
+	g_clear_object (&props->proxy_resolver);
+	props->proxy_resolver = proxy_resolver ? g_object_ref (proxy_resolver) : NULL;
+}
+
+void
+soup_socket_properties_set_tls_database (SoupSocketProperties *props,
+					 GTlsDatabase         *tlsdb)
+{
+	props->tlsdb_use_default = FALSE;
+
+	if (props->tlsdb == tlsdb)
+		return;
+
+	g_clear_object (&props->tlsdb);
+	props->tlsdb = tlsdb ? g_object_ref (tlsdb) : NULL;
+}
 
 G_DEFINE_BOXED_TYPE (SoupSocketProperties, soup_socket_properties, soup_socket_properties_ref, soup_socket_properties_unref)
diff --git a/libsoup/soup-socket-properties.h b/libsoup/soup-socket-properties.h
index 8f77a43d..c458efe9 100644
--- a/libsoup/soup-socket-properties.h
+++ b/libsoup/soup-socket-properties.h
@@ -10,9 +10,11 @@
 
 typedef struct {
 	GProxyResolver *proxy_resolver;
+	gboolean proxy_use_default;
 	GInetSocketAddress *local_addr;
 
 	GTlsDatabase *tlsdb;
+	gboolean tlsdb_use_default;
 	GTlsInteraction *tls_interaction;
 
 	guint io_timeout;
@@ -25,14 +27,17 @@ typedef struct {
 GType soup_socket_properties_get_type (void);
 #define SOUP_TYPE_SOCKET_PROPERTIES (soup_socket_properties_get_type ())
 
-SoupSocketProperties *soup_socket_properties_new   (GProxyResolver     *proxy_resolver,
-			                            GInetSocketAddress *local_addr,
-						    GTlsDatabase       *tlsdb,
-						    GTlsInteraction    *tls_interaction,
-						    guint               io_timeout,
-						    guint               idle_timeout);
+SoupSocketProperties *soup_socket_properties_new                (GInetSocketAddress   *local_addr,
+								 GTlsInteraction      *tls_interaction,
+								 guint                 io_timeout,
+								 guint                 idle_timeout);
 
-SoupSocketProperties *soup_socket_properties_ref   (SoupSocketProperties *props);
-void                  soup_socket_properties_unref (SoupSocketProperties *props);
+SoupSocketProperties *soup_socket_properties_ref                (SoupSocketProperties *props);
+void                  soup_socket_properties_unref              (SoupSocketProperties *props);
+
+void                  soup_socket_properties_set_proxy_resolver (SoupSocketProperties *props,
+								 GProxyResolver       *proxy_resolver);
+void                  soup_socket_properties_set_tls_database   (SoupSocketProperties *props,
+								 GTlsDatabase         *tlsdb);
 
 #endif /* __SOUP_SOCKET_PROPERTIES_H__ */
diff --git a/tests/session-test.c b/tests/session-test.c
index 9053f37b..dc503e73 100644
--- a/tests/session-test.c
+++ b/tests/session-test.c
@@ -317,20 +317,6 @@ do_property_tests (void)
 		g_object_unref (tlsdb);
 		g_object_unref (session);
 	}
-
-	session = g_object_new (SOUP_TYPE_SESSION,
-				"ssl-use-system-ca-file", FALSE,
-				NULL);
-	test_session_properties ("Session with :ssl-use-system-ca-file FALSE", session,
-				 default_proxy_resolver, NULL);
-	g_object_unref (session);
-
-	session = g_object_new (SOUP_TYPE_SESSION,
-				"ssl-use-system-ca-file", TRUE,
-				NULL);
-	test_session_properties ("Session with :ssl-use-system-ca-file TRUE", session,
-				 default_proxy_resolver, default_tlsdb);
-	g_object_unref (session);
 }
 
 static gint
diff --git a/tests/ssl-test.c b/tests/ssl-test.c
index 2845494b..ecd173dd 100644
--- a/tests/ssl-test.c
+++ b/tests/ssl-test.c
@@ -44,9 +44,13 @@ do_strictness_test (gconstpointer data)
 
 	session = soup_test_session_new (NULL);
 	if (!test->with_ca_list) {
+		GTlsDatabase *tlsdb;
+
+		tlsdb = g_tls_backend_get_default_database (g_tls_backend_get_default ());
 		g_object_set (G_OBJECT (session),
-			      "ssl-use-system-ca-file", TRUE,
+			      "tls-database", tlsdb,
 			      NULL);
+		g_object_unref (tlsdb);
 	}
 
 	msg = soup_message_new_from_uri ("GET", uri);