Remove refcounting, but note whether or not the CA file has been loaded.

	* libsoup/soup-gnutls.c (SoupGNUTLSCred): Remove refcounting, but
	note whether or not the CA file has been loaded.
	(SoupGNUTLSChannel): add a "hostname" field.
	(verify_certificate): Remove the comment about not being able to
	verify the hostname because of soup problems. Now it's because of
	GNUTLS problems instead.
	(soup_ssl_wrap_iochannel): Renamed from soup_ssl_get_iochannel,
	and takes a hostname and a creds argument now.
	(soup_ssl_get_client_credentials,
	soup_ssl_get_server_credentials): Return client/server credentials
	structures.
	(soup_ssl_free_client_credentials,
	soup_ssl_free_server_credentials): and free them.

	* libsoup/soup-session.c (class_init, set_property, get_property):
	add ssl_ca_file property
	(get_host_for_message): when returning an SSL host for the first
	time, create a client credentials structure for the session.
	(run_queue): Pass the ssl creds to the new connection. Also fix an
	unrelated bug that caused infinite loops on "bad hostname".

	* libsoup/soup-server.c: Use GObject properties, including
	ssl_cert_file and ssl_key_file properties.
	(soup_server_new): Remove "protocol" argument; if the cert file
	and key file properties were set, create a server credential
	structure from them and pass that to soup_socket_server_new.

	* libsoup/soup-connection.c (SoupConnectionPrivate): Rename
	dest_uri to origin_uri to match RFC 2616 terminology. Add an
	"ssl_creds" field.
	(class_init, set_property, get_property): add SSL_CREDS property
	(soup_connection_connect_async, soup_connection_connect_sync):
	Pass ssl_creds to soup_socket_client_new calls.

	* libsoup/soup-socket.c: Use GObject properties, including an
	ssl_creds property
	(soup_socket_set_flags): Gone (replaced with boolean properties)
	(soup_socket_new): Make this take a list of properties
	(listen_watch): copy ssl creds from listener to new socket
	(soup_socket_start_ssl): Pass remote hostname and socket creds
	structure to soup_ssl_wrap_iochannel.
	(soup_socket_client_new_async, soup_socket_client_new_sync,
	soup_socket_server_new): Replace the SSL boolean with an ssl_creds
	structure.

	* libsoup/soup-misc.c (soup_set_ssl_ca_file,
	soup_set_ssl_cert_files, soup_get_ssl_ca_file,
	soup_get_ssl_cert_files): Gone. SSL state is now per-session or
	per-server.

	* tests/get.c: add a "-c CAfile" argument, for loading a CA
	certificate file to validate https connections against

	* tests/simple-httpd.c: Add "-c certfile" and "-k keyfile"
	arguments for loading an SSL server certificate. Only start an SSL
	server if those arguments were used.

	* tests/test-cert.pem:
	* tests/test-key.pem: SSL certificate for testing simple-httpd

	* tests/revserver.c: Update for API changes
	* tests/simple-proxy.c: Likewise

1 files changed, 29 insertions, 1 deletions

diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c
index 2e0e9789..abb756ed 100644
--- a/libsoup/soup-session.c
+++ b/libsoup/soup-session.c
@@ -19,6 +19,7 @@
 #include "soup-connection-ntlm.h"
 #include "soup-marshal.h"
 #include "soup-message-queue.h"
+#include "soup-ssl.h"
 #include "soup-uri.h"
 
 typedef struct {
@@ -37,6 +38,9 @@ struct SoupSessionPrivate {
 	guint max_conns, max_conns_per_host;
 	gboolean use_ntlm;
 
+	char *ssl_ca_file;
+	gpointer ssl_creds;
+
 	SoupMessageQueue *queue;
 
 	GHashTable *hosts; /* SoupUri -> SoupSessionHost */
@@ -73,6 +77,7 @@ enum {
   PROP_MAX_CONNS,
   PROP_MAX_CONNS_PER_HOST,
   PROP_USE_NTLM,
+  PROP_SSL_CA_FILE,
 
   LAST_PROP
 };
@@ -206,6 +211,13 @@ class_init (GObjectClass *object_class)
 				      "Whether or not to use NTLM authentication",
 				      FALSE,
 				      G_PARAM_READWRITE));
+	g_object_class_install_property (
+		object_class, PROP_SSL_CA_FILE,
+		g_param_spec_string (SOUP_SESSION_SSL_CA_FILE,
+				      "SSL CA file",
+				      "File containing SSL CA certificates",
+				      NULL,
+				      G_PARAM_READWRITE));
 }
 
 SOUP_MAKE_TYPE (soup_session, SoupSession, class_init, init, PARENT_TYPE)
@@ -255,6 +267,10 @@ set_property (GObject *object, guint prop_id,
 	case PROP_USE_NTLM:
 		session->priv->use_ntlm = g_value_get_boolean (value);
 		break;
+	case PROP_SSL_CA_FILE:
+		g_free (session->priv->ssl_ca_file);
+		session->priv->ssl_ca_file = g_strdup (g_value_get_string (value));
+		break;
 	default:
 		break;
 	}
@@ -281,6 +297,9 @@ get_property (GObject *object, guint prop_id,
 	case PROP_USE_NTLM:
 		g_value_set_boolean (value, session->priv->use_ntlm);
 		break;
+	case PROP_SSL_CA_FILE:
+		g_value_set_string (value, session->priv->ssl_ca_file);
+		break;
 	default:
 		break;
 	}
@@ -324,6 +343,13 @@ get_host_for_message (SoupSession *session, SoupMessage *msg)
 	host->root_uri = soup_uri_copy_root (source);
 
 	g_hash_table_insert (session->priv->hosts, host->root_uri, host);
+
+	if (host->root_uri->protocol == SOUP_PROTOCOL_HTTPS &&
+	    !session->priv->ssl_creds) {
+		session->priv->ssl_creds =
+			soup_ssl_get_client_credentials (session->priv->ssl_ca_file);
+	}
+
 	return host;
 }
 
@@ -792,6 +818,7 @@ run_queue (SoupSession *session, gboolean try_pruning)
 		/* If the hostname is known to be bad, fail right away */
 		if (host->error) {
 			soup_message_set_status (msg, host->error);
+			msg->status = SOUP_MESSAGE_STATUS_FINISHED;
 			soup_message_finished (msg);
 		}
 
@@ -830,8 +857,9 @@ run_queue (SoupSession *session, gboolean try_pruning)
 		conn = g_object_new (
 			(session->priv->use_ntlm ?
 			 SOUP_TYPE_CONNECTION_NTLM : SOUP_TYPE_CONNECTION),
-			SOUP_CONNECTION_DEST_URI, host->root_uri,
+			SOUP_CONNECTION_ORIGIN_URI, host->root_uri,
 			SOUP_CONNECTION_PROXY_URI, session->priv->proxy_uri,
+			SOUP_CONNECTION_SSL_CREDENTIALS, session->priv->ssl_creds,
 			NULL);
 		g_signal_connect (conn, "authenticate",
 				  G_CALLBACK (connection_authenticate),