Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 21 Jul 2013 12:39:23 +0000
From:      Olivier Duchateau <duchateau.olivier@gmail.com>
To:        "SF, Adrian" <asfw@sutolyst.me.uk>
Cc:        xfce@FreeBSD.org
Subject:   Re: FreeBSD Port: www/midori https certificate checking broken
Message-ID:  <20130721123923.4dbe9b708feca04f0522cfcd@gmail.com>
In-Reply-To: <CAFjWpnBxOQhojFN_HS11EZy=Uvrs8LnR1GDWL6rOfnPDBVH22g@mail.gmail.com>
References:  <CAFjWpnBxOQhojFN_HS11EZy=Uvrs8LnR1GDWL6rOfnPDBVH22g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, 21 Jul 2013 01:57:07 +0200
"SF, Adrian" <asfw@sutolyst.me.uk> wrote:

> Hi,
> 
> Midori reports all https sites as having an invalid ssl certificate. I
> found this issue on Midori’s bugtracker (
> https://bugs.launchpad.net/midori/+bug/983137 ) but this dates from
> last year and had been fixed according to the tracker.
> 
> I’m running FreeBSD 9.1, midori and libsoup are both up to date from ports.

Hi,

SSL certificate in Midori is known "issue".

By default it accepts all certificates (trusted an untrusted), because 'ssl-strict' property (in libsoup) is set to FALSE (from line 167 to 197 in midori/midori-session.c file) [1].
If we change this value to TRUE, all untrusted sites are blocked.

In FAQ [2] ("Certificate Handling" section), main developer mentions gcr (it's GNOME application which enhances your currently lignome-keyring, but it's only available with GNOME3 so Gtk3).
Moreover with new webkit2 API (webkitgtk >= 1.11.91) https support in WebKit will be better.

Let us be patient.

[1] http://bazaar.launchpad.net/~midori/midori/trunk/view/6270/midori/midori-session.c
[2] http://www.midori-browser.org/faqs/#security_features

> 
> Regards,
> Adrian
> _______________________________________________
> freebsd-xfce@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-xfce
> To unsubscribe, send any mail to "freebsd-xfce-unsubscribe@freebsd.org"


-- 
olivier

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130721123923.4dbe9b708feca04f0522cfcd>