From owner-freebsd-xfce@FreeBSD.ORG Sun Jul 21 10:39:30 2013 Return-Path: Delivered-To: xfce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id AE695D9E for ; Sun, 21 Jul 2013 10:39:30 +0000 (UTC) (envelope-from duchateau.olivier@gmail.com) Received: from mail-wg0-x22b.google.com (mail-wg0-x22b.google.com [IPv6:2a00:1450:400c:c00::22b]) by mx1.freebsd.org (Postfix) with ESMTP id 478A6186 for ; Sun, 21 Jul 2013 10:39:30 +0000 (UTC) Received: by mail-wg0-f43.google.com with SMTP id z11so5075957wgg.10 for ; Sun, 21 Jul 2013 03:39:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=jiiypgfKwfqtZO//OONQcWGASQYcNiMzvlqvstxcY1c=; b=Yhvffamr5MwuP79DqAYdguESMGTiOlxtx+X2xnoT/tgIGyHWd77X8hqom2DPpEp2Wr Vf9+mqkfN94CvwAx9gWjO5uAKS6vYGzrvilQNZzPYVatGyANacLHO6Rbuuq0MLm9ytQC 0PZQWp9RCRTZVy2j61mOOt/3BtB8hsFk99T5dg7GqtKW5GyfgtA/CLi54kiMBvrmVFzk c4auR4smykpqyroksn+0+ZPWGJUuP77k3fq3D8hbRgjjRW+43DwKD+wzeisGlMkyOcHF i4R0WBVt2hp3m0yiAX68OxhaZ9m1rCBn0r0uOoXGXXU/VwqaMVNfv/zaKaibWDzIRAqJ 3ScQ== X-Received: by 10.180.102.37 with SMTP id fl5mr26705326wib.52.1374403169285; Sun, 21 Jul 2013 03:39:29 -0700 (PDT) Received: from tuborg (AMarseille-653-1-51-146.w2-4.abo.wanadoo.fr. [2.4.42.146]) by mx.google.com with ESMTPSA id b20sm33700168wiw.4.2013.07.21.03.39.27 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Sun, 21 Jul 2013 03:39:28 -0700 (PDT) Date: Sun, 21 Jul 2013 12:39:23 +0000 From: Olivier Duchateau To: "SF, Adrian" Subject: Re: FreeBSD Port: www/midori https certificate checking broken Message-Id: <20130721123923.4dbe9b708feca04f0522cfcd@gmail.com> In-Reply-To: References: X-Mailer: Sylpheed 3.3.0 (GTK+ 2.24.17; i386-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: xfce@FreeBSD.org X-BeenThere: freebsd-xfce@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: XFCE for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jul 2013 10:39:30 -0000 On Sun, 21 Jul 2013 01:57:07 +0200 "SF, Adrian" wrote: > Hi, > > Midori reports all https sites as having an invalid ssl certificate. I > found this issue on Midori’s bugtracker ( > https://bugs.launchpad.net/midori/+bug/983137 ) but this dates from > last year and had been fixed according to the tracker. > > I’m running FreeBSD 9.1, midori and libsoup are both up to date from ports. Hi, SSL certificate in Midori is known "issue". By default it accepts all certificates (trusted an untrusted), because 'ssl-strict' property (in libsoup) is set to FALSE (from line 167 to 197 in midori/midori-session.c file) [1]. If we change this value to TRUE, all untrusted sites are blocked. In FAQ [2] ("Certificate Handling" section), main developer mentions gcr (it's GNOME application which enhances your currently lignome-keyring, but it's only available with GNOME3 so Gtk3). Moreover with new webkit2 API (webkitgtk >= 1.11.91) https support in WebKit will be better. Let us be patient. [1] http://bazaar.launchpad.net/~midori/midori/trunk/view/6270/midori/midori-session.c [2] http://www.midori-browser.org/faqs/#security_features > > Regards, > Adrian > _______________________________________________ > freebsd-xfce@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-xfce > To unsubscribe, send any mail to "freebsd-xfce-unsubscribe@freebsd.org" -- olivier