From: Daniel Carl <danielcarl@gmx.de>
Date: Wed, 28 May 2014 10:03:03 +0000 (+0200)
Subject: Fixed considered invalid certificate in hsts over proxy.
X-Git-Url: https://git.owens.tech/projects.html/projects.html/git?a=commitdiff_plain;h=7e32ef0b53046209ce7cc808deb6a56c89bf3989;p=vimb.git

Fixed considered invalid certificate in hsts over proxy.
---

diff --git a/src/hsts.c b/src/hsts.c
index 85be3be..309a2cd 100644
--- a/src/hsts.c
+++ b/src/hsts.c
@@ -341,11 +341,15 @@ static void request_started(SoupSessionFeature *feature,
 {
     HSTSProvider *provider = HSTS_PROVIDER(feature);
     SoupURI *uri           = soup_message_get_uri(msg);
+    GTlsCertificate *certificate;
+    GTlsCertificateFlags errors;
+
     if (should_secure_host(provider, uri->host)) {
         if (uri->scheme != SOUP_URI_SCHEME_HTTPS
-            || !(soup_message_get_flags(msg) & SOUP_MESSAGE_CERTIFICATE_TRUSTED)
+            || (soup_message_get_https_status(msg, &certificate, &errors) && errors)
         ) {
             soup_session_cancel_message(session, msg, SOUP_STATUS_SSL_FAILED);
+            g_warning("cancel invalid hsts request to %s://%s", uri->scheme, uri->host);
         }
     }
 }