[webkit-gtk] TLS API in WebKit2
Dan Winship
danw at gnome.org
Wed Jun 20 11:17:04 PDT 2012
On 06/20/2012 01:15 PM, Carlos Garcia Campos wrote:
>>> - Set SOUP_SESSION_SSL_STRICT property.
>>
>> I think what you want is a signal basically like
>> GTlsConnection::accept-certificate; WebKit would always be ssl-strict =
>> FALSE internally, and when it got a response with a bad certificate, it
>> would emit some signal to let the app decide whether or not to accept
>> the response anyway. Or alternatively there could be an "always accept
>> certs" property. Default should be to not do that though.
>
> hmm, the problem is that we can't stop the load until the certificate is
> accepted. From the api point of view, it makes a lot of sense and maybe
> we could even use the generic permission request api added by Mario.
> So, I think we could do the opposite, set ssl-strict = TRUE internally,
> and handle the ssl-error emitting the new signal (or permission-request
> if we decide to use the generic permission request api) instead of
> load-error. The problem with this approach is that if the certificate is
> affected the next request will fail again because ssl-strict is TRUE.
Right. That's why I was saying you should always be ssl-strict=FALSE
internally. Then just check the tls-errors yourself, and from that point
you can expose whatever behavior you want to the higher API layers.
-- Dan
More information about the webkit-gtk
mailing list