[webkit-changes] [WebKit/WebKit] d9754b: [AutoInstall] Always load default CA certificates
Sam Sneddon
noreply at github.com
Tue Jan 7 11:14:29 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d9754b78f0d93ba690c1a46f05ff54919290f22b
https://github.com/WebKit/WebKit/commit/d9754b78f0d93ba690c1a46f05ff54919290f22b
Author: Sam Sneddon <gsnedders at apple.com>
Date: 2025-01-07 (Tue, 07 Jan 2025)
Changed paths:
M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/autoinstall.py
Log Message:
-----------
[AutoInstall] Always load default CA certificates
https://bugs.webkit.org/show_bug.cgi?id=230211
rdar://83298684
Reviewed by Jonathan Bedard and Philippe Normand.
Instead of loading only the specified CA certificates, we load both
the default and any custom-specified CA certificates. This increases
the probability that we manage to construct a valid chain and verify
the server certificate.
Note that on macOS this doesn't currently use the system trust store,
per the Python documentation; this just loads the OpenSSL default
certificates. While not ideal, this is still an improvement.
* Tools/Scripts/libraries/webkitcorepy/webkitcorepy/autoinstall.py:
(AutoInstall._request):
Canonical link: https://commits.webkit.org/288548@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list