diff options
author | Patrick Ohly <patrick.ohly@intel.com> | 2014-09-08 12:44:55 +0200 |
---|---|---|
committer | Patrick Ohly <patrick.ohly@intel.com> | 2014-09-12 11:38:56 +0200 |
commit | f5ae660c70fbab214bdd11895178629371b91d17 (patch) | |
tree | b219a7a81563b4f0c1ee97313fee8c1e516900d6 | |
parent | b747a8c2e404f85eee148f119cad4b0bb646ba10 (diff) |
SoupTransport: drop CA file check
It used to be necessary to specify a CA file for libsoup to enable SSL
certificate checking. Nowadays libsoup uses the default CA store
unless told otherwise, so the check in SyncEvolution became
obsolete. However, now there is a certain risk that no SSL checking is
done although the user asked for it (when libsoup is not recent enough
or compiled correctly).
-rw-r--r-- | src/syncevo/SoupTransportAgent.cpp | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/src/syncevo/SoupTransportAgent.cpp b/src/syncevo/SoupTransportAgent.cpp index 0caec3d6..b9a3c8de 100644 --- a/src/syncevo/SoupTransportAgent.cpp +++ b/src/syncevo/SoupTransportAgent.cpp @@ -127,15 +127,10 @@ void SoupTransportAgent::send(const char *data, size_t len) } // use CA certificates if available and needed, - // fail if not available and needed + // otherwise let soup use system default certificates if (m_verifySSL) { if (!m_cacerts.empty()) { g_object_set(m_session.get(), SOUP_SESSION_SSL_CA_FILE, m_cacerts.c_str(), NULL); - } else { - SoupURI *uri = soup_message_get_uri(message.get()); - if (!strcmp(uri->scheme, SOUP_URI_SCHEME_HTTPS)) { - SE_THROW_EXCEPTION(TransportException, "SSL certificate checking requested, but no CA certificate file configured"); - } } } |