From e01f2be50938a629cec7adaace3d7635282369d2 Mon Sep 17 00:00:00 2001
From: Rob Bradford <rob@linux.intel.com>
Date: Thu, 10 Nov 2011 16:26:07 +0000
Subject: proxy: Force all SSL certificates to be trusted

By setting the CA file we make it a certificate error if the certificate
is self-signed.

Fixes: https://bugzilla.gnome.org/show_bug.cgi?id=663783
---
 rest/rest-proxy.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/rest/rest-proxy.c b/rest/rest-proxy.c
index 69bd90f..088fd0a 100644
--- a/rest/rest-proxy.c
+++ b/rest/rest-proxy.c
@@ -247,6 +247,16 @@ rest_proxy_init (RestProxy *self)
 
   priv->session = soup_session_async_new ();
   priv->session_sync = soup_session_sync_new ();
+
+  /* with ssl-strict (defaults TRUE) setting ssl-ca-file forces all
+   * certificates to be trusted */
+  g_object_set (priv->session,
+                "ssl-ca-file", REST_SYSTEM_CA_FILE,
+                NULL);
+  g_object_set (priv->session_sync,
+                "ssl-ca-file", REST_SYSTEM_CA_FILE,
+                NULL);
+
 #if WITH_GNOME
   soup_session_add_feature_by_type (priv->session,
                                     SOUP_TYPE_PROXY_RESOLVER_GNOME);
-- 
cgit v1.2.3