https://bugzilla.novell.com/show_bug.cgi?id=758431
https://bugzilla.novell.com/show_bug.cgi?id=758431#c12
--- Comment #12 from Guido Berhörster
2.32.2 in 11.4 returns a random number. A random number >= 32 means that the SOUP_MESSAGE_CERTIFICATE_TRUSTED is set, indicating a valid certificate while
Hrm, that should of course read "A number with the 5th bit (SOUP_MESSAGE_CERTIFICATE_TRUSTED) set indicates a valid certificate..." Looking at the libsoup code it seems that when starting a SSL connection soup-socket.c:soup_socket_start_proxy_ssl() trusts certificates by default and relies on soup-socket.c:soup_socket_write()/read_from_network() receiving a SOUP_SSL_ERROR_CERTIFICATE to mark the certificate untrusted. However, that never happens when a CA certificate bundle has not been passed in because soup-gnutls.c:do_handshake() then does not do any verification by calling soup-gnutls.c:verify_certificate() which can raise a SOUP_SSL_ERROR_CERTIFICATE. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.