https://bugzilla.novell.com/show_bug.cgi?id=758431
https://bugzilla.novell.com/show_bug.cgi?id=758431#c9
--- Comment #9 from Guido Berhörster
I suggest to look at the epiphany code.
For reference, in 11.3, 11.4 and 12.1, we pass --with-ca-file=%{_sysconfdir}/ssl/ca-bundle.pem to epiphany. So epiphany was doing something with the ca file (look for GTLS_SYSTEM_CA_FILE in embed/ephy-embed.c and embed/ephy-embed-single.c -- it seems it's setting the ssl-ca-file property of the libsoup session object).
Midori has equivalent code for setting ssl-ca-file but checks for the file at runtime. The problem is that when it does not set the ssl-ca-file property because no bundle file is installed, soup_message_get_flags() from libsoup 2.32.2 in 11.4 returns a random number. A random number >= 32 means that the SOUP_MESSAGE_CERTIFICATE_TRUSTED is set, indicating a valid certificate while it actually has not been verified. With the later libsoup versions in 12.1 and Factory soup_message_get_flags() correctly returns 0, ie. the above flag not set as it should when it cannot verify its validity.
In 11.2, we had epiphany-https-unknown-security.patch with was forcing the use of EPHY_WEB_VIEW_STATE_IS_UNKNOWN all the time.
I can surely create such a patch specifically for midori in 11.4 treating all certificates as unverified, however since this seems like a libsoup bug it might affect other consumers? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.