[webkit-gtk] SSL Handshake failed on some sites

[Thomas Weißschuh]

The problem here isn't webkitgtk but a miscommunication between
libsoup/glib-networking/gnutls.

In libsoup/soup-socket.c:soup_socket_handshake_sync() a connectinon attempt is
made. Then there is a check whether a TLS or SSL error occurred (different
things in this case). If it was a TLS error; higher up the callstack a retry is
scheduled. This time using SSL instead of TLS (exactly to prevent TLS
incompabilities)
In this case however the error reported by g_tls_connection_handshake is a
certificate parsing error, which is classified as SSL error, so no retry is
performed.
If one forces the certificate parsing error to be a TLS error, the retried
connection will succeed (including parsing the certificate), so this
certificate can't be completely broken.

Are people on this list who want to handle this themselves or should I file
this with those other projects?