[webkit-dev] Question on porting webkit to webkit2
Michael Catanzaro
mcatanzaro at igalia.com
Wed Jan 31 13:23:28 PST 2018
Hi,
In the future, please use webkit-gtk at lists.webkit.org instead.
On Wed, Jan 31, 2018 at 12:05 PM, Ben Greear <greearb at candelatech.com>
wrote:
> I am unsure how to port this part....any ideas?
>
> SoupSession *s;
>
> s = webkit_web_context_get_default_session();
> g_object_set(G_OBJECT(s), "ssl-ca-file",
> "/etc/ssl/certs/ca-certificates.crt", NULL);
> g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL);
Good news: you can just remove that code. Modern WebKitGTK+
automatically verifies TLS certificates using the system trust.
The old version of WebKitGTK+ you were using before did not perform any
certificate verification at all, so you had to grab the SoupSession and
try to do it manually. That's not possible anymore, because the
SoupSession lives in the network process, so WebKit must do it for you.
One concern: I see you were setting ssl-strict to FALSE. That means
libsoup would accept all certificates, and you must have some code
elsewhere in your application to manually verify the certificates. Most
applications got this wrong, either by not doing it at all, or by doing
it too late, after sending an HTTP request. (It has to happen before
the first HTTP request is sent, or your application will leak e.g.
secure session cookies to any attacker.)
Michael
More information about the webkit-dev
mailing list