[Pkg-owncloud-commits] [owncloud-client] 123/498: Nicer fix for the security issue #3283.
Sandro Knauß
hefee-guest at moszumanska.debian.org
Tue Aug 11 14:48:42 UTC 2015
This is an automated email from the git hooks/post-receive script.
hefee-guest pushed a commit to branch master
in repository owncloud-client.
commit 89376e14d6135a6f39a6df99d54fde253573575c
Author: Christian Kamm <kamm at incasoftware.de>
Date: Wed Jun 3 10:46:33 2015 +0200
Nicer fix for the security issue #3283.
---
src/libsync/account.cpp | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/libsync/account.cpp b/src/libsync/account.cpp
index b3174e4..a7acd11 100644
--- a/src/libsync/account.cpp
+++ b/src/libsync/account.cpp
@@ -511,14 +511,13 @@ void Account::slotHandleErrors(QNetworkReply *reply , QList<QSslError> errors)
addApprovedCerts(approvedCerts);
// all ssl certs are known and accepted. We can ignore the problems right away.
// qDebug() << out << "Certs are known and trusted! This is not an actual error.";
- reply->ignoreSslErrors();
+
+ // Warning: Do *not* use ignoreSslErrors() (without args) here:
+ // it permanently ignores all SSL errors for this host, even
+ // certificate changes.
+ reply->ignoreSslErrors(errors);
} else {
_treatSslErrorsAsFailure = true;
- // if during normal operation, a new certificate was MITM'ed, and the user does not
- // ACK it, the running request must be aborted and the QNAM must be reset, to not
- // treat the new cert as granted. See bug #3283
- reply->abort();
- resetNetworkAccessManager();
return;
}
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud-client.git
More information about the Pkg-owncloud-commits
mailing list