FreeBSD Port: www/midori https certificate checking broken

Olivier Duchateau duchateau.olivier at gmail.com
Sun Jul 21 10:39:30 UTC 2013


On Sun, 21 Jul 2013 01:57:07 +0200
"SF, Adrian" <asfw at sutolyst.me.uk> wrote:

> Hi,
> 
> Midori reports all https sites as having an invalid ssl certificate. I
> found this issue on Midori’s bugtracker (
> https://bugs.launchpad.net/midori/+bug/983137 ) but this dates from
> last year and had been fixed according to the tracker.
> 
> I’m running FreeBSD 9.1, midori and libsoup are both up to date from ports.

Hi,

SSL certificate in Midori is known "issue".

By default it accepts all certificates (trusted an untrusted), because 'ssl-strict' property (in libsoup) is set to FALSE (from line 167 to 197 in midori/midori-session.c file) [1].
If we change this value to TRUE, all untrusted sites are blocked.

In FAQ [2] ("Certificate Handling" section), main developer mentions gcr (it's GNOME application which enhances your currently lignome-keyring, but it's only available with GNOME3 so Gtk3).
Moreover with new webkit2 API (webkitgtk >= 1.11.91) https support in WebKit will be better.

Let us be patient.

[1] http://bazaar.launchpad.net/~midori/midori/trunk/view/6270/midori/midori-session.c
[2] http://www.midori-browser.org/faqs/#security_features

> 
> Regards,
> Adrian
> _______________________________________________
> freebsd-xfce at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-xfce
> To unsubscribe, send any mail to "freebsd-xfce-unsubscribe at freebsd.org"


-- 
olivier


More information about the freebsd-xfce mailing list