[webkit-gtk] SSL Handshake failed on some sites

Thomas Weißschuh thomas at t-8ch.de
Tue Feb 26 11:37:43 PST 2013

The problem here isn't webkitgtk but a miscommunication between

In libsoup/soup-socket.c:soup_socket_handshake_sync() a connectinon attempt is
made. Then there is a check whether a TLS or SSL error occurred (different
things in this case). If it was a TLS error; higher up the callstack a retry is
scheduled. This time using SSL instead of TLS (exactly to prevent TLS
In this case however the error reported by g_tls_connection_handshake is a
certificate parsing error, which is classified as SSL error, so no retry is
If one forces the certificate parsing error to be a TLS error, the retried
connection will succeed (including parsing the certificate), so this
certificate can't be completely broken.

Are people on this list who want to handle this themselves or should I file
this with those other projects?

More information about the webkit-gtk mailing list