[webkit-dev] About https support of WebKitGTK

Alfred Peng alfred.peng at gmail.com
Wed Jun 24 01:57:31 PDT 2009


I tried to build the latest WebKitGTK 1.1.10 on OpenSolaris lately and
it works with some patching (will post the patch for review after
apache standard C++ library is integrated into OpenSolaris which
WebKitGTK depends on). The test program GtkLauncher also runs fine

WebKitGTK's default backend was cURL back to 1.0.x timeframe.
WebKitGTK doesn't support https by default at that time. However,
users can set the environment WEBKIT_IGNORE_SSL_ERRORS to ignore the
ssl certificate check.

The latest WebKitGTK 1.1.10 has switched to use libsoup as the default
backend (The HTTP Authentication dialog looks good BTW). And it
supports https by default. As I check the WebKitGTK source code,
WebKitGTK calls soup_session_async_new to create SoupSession. With
this session, WebKitGTK accepts all SSL certificates automatically
instead of checking against certain SSL Certificate Authorities. This
approach looks not so secure, for Epiphany for example.

Is there any plan to improve this situation in the future development
(Maybe before GNOME 2.28 release)? Is there any setting to disable
https support for now like we did for cURL backend?

Thanks & Best Regards,

More information about the webkit-dev mailing list