Hi everyone,
I have custom gnome-shell-extension used lib soup 2. Extension main goal is start/stop through systemd.service third-party legacy java application with wss server on localhost, connect on it as client through wss protocol to configure and monitor application status. Because this java service application work on localhost only it use self signed CA and issued by selfsigned CA wss server ssl/tls certificate. This java application CA is untrusted and compromised, that’s why it can’t be installed on system trusted store. Gnome shell extension I use have dependency from Soup 2 library. I see in extension code soup2 deprecated methods:
// commented for debug Soup.session.ssl-strict = false;
and
Soup.session.ssl_ca_file = /path/to/cafile.pem
Last month, after operating system upgrade to Debian 12 gnome shell was updated from 3.x to 43 version. Shell-extension websocket client code and tls/ssl certificate validation code was broken.In soup 3 deprecated methods was removed.
Could you explain me please or give some code example how to use SoupMessage::accept-certificate (Soup.Message::accept-certificate) signal in gjs code, or how to use bypass tls certificate validity check, or how to use own TlsFileDatabase without CA trusted system store.
I think some method from Soup 3 library that ignore CA check in my case will be enough.
p s. Website libsoup.org not working, and many old documentation and links on release notes to gnome 43 was broken too (like Port Extensions to GNOME Shell 43 | GNOME JavaScript on bottom page has broken link to soup 2 to 3 migration guide).