[webkit-gtk] TLS Errors API
Brian Holt
brian.holt at samsung.com
Thu Oct 3 01:32:01 PDT 2013
Hi all,
A new patch has been submitted https://bugs.webkit.org/show_bug.cgi?id=120160 with this API:
WEBKIT_API GTlsCertificate *
webkit_tls_permission_request_get_certificate (WebKitTLSPermissionRequest *request);
WEBKIT_API GTlsCertificateFlags
webkit_tls_permission_request_get_tls_errors (WebKitTLSPermissionRequest *request);
WEBKIT_API const gchar *
webkit_tls_permission_request_get_host (WebKitTLSPermissionRequest *request);
There is also a WIP patch integrating this into Epiphany at https://bugzilla.gnome.org/review?bug=708847&attachment=255846
Regards
Brian
> -----Original Message-----
> From: Carlos Garcia Campos [mailto:cgarcia at igalia.com]
> Sent: 26 September 2013 17:15
> To: Brian Holt
> Cc: webkit-gtk at lists.webkit.org
> Subject: Re: [webkit-gtk] TLS Errors API
>
> El jue, 26-09-2013 a las 15:59 +0000, Brian Holt escribió:
> > Hi WebKitGtk+,
> >
> >
> >
> > I’m working on the TLS Errors API to provide the user with a
> > WebKitTLSPermissionRequest object if they connect to the
> > permission-request signal and a page load fails with TLS errors. See
> > https://bugs.webkit.org/show_bug.cgi?id=120160.
> >
> >
> >
> > I am proposing a new class called WebKitTLSPermissionRequest, that
> > will inherit from WebKitPermissionRequest with its _allow() and
> > _deny() API that will additionally provide the user with functions to
> > find out more about the request, such as
> >
> >
> >
> > WEBKIT_API GTlsCertificate*
> >
> > webkit_tls_permission_request_get_certificate
> > (WebKitTLSPermissionRequest *request);
> >
> >
> >
> > WEBKIT_API GTlsCertificateFlags
> >
> > webkit_tls_permission_request_get_certificate_flags
> > (WebKitTLSPermissionRequest *request);
>
> I would use get_tls_errors() for consistency with libsoup. GLib has
> g_tls_client_connection_get_validation_flags() and
> g_tls_connection_get_peer_certificate_errors() as well, so we couls
> also use get_validation_flags() or get_certificate_errors(). Personally
> I prefer get_tls_errors or get_certificate_errors.
>
> >
> >
> > WEBKIT_API GError *
> >
> > webkit_tls_permission_request_get_error
> > (WebKitTLSPermissionRequest *request);
>
> I don't think we want to expose this in the API. People interested in
> the error, should connect to load-failed and set the TLS errors policy
> to fail. In this case we are only interested in the certificate itself
> and the error flags, because we already know the error is TLS problem.
>
> >
> >
> > WEBKIT_API const gchar *
> >
> > webkit_tls_permission_request_get_failing_uri
> > (WebKitTLSPermissionRequest *request);
>
> Not sure we need this either, I would probably add get_host, so that
> the user can create an error page saying "Failed to connect to $host".
> This will still be the active URI of the WebKitWebView if the page is
> loaded properly with load_alternate_html.
>
> >
> >
> > Comments and feedback welcome.
>
> Looks great in general. Thanks!
>
> >
> >
> > Regards
> >
> > Brian
> >
> >
> >
> >
> >
> > Brian Holt
> > Senior Software Engineer
> >
> > Samsung Electronics (UK) Limited
> > Registered number: 03086621
> > Registered address: Samsung House, 1000 Hillswood Drive, Chertsey,
> > Surrey KT16 0PS, England
> >
> > South Street Email: brian.holt at samsung.com
> > Staines Fax: +44 (0)1784 428620
> > MIDDLESEX Office: +44 (0)1784 428600 (ext 380)
> > TW18 4QE
> >
> > England
> >
> >
> >
> >
> > _______________________________________________
> > webkit-gtk mailing list
> > webkit-gtk at lists.webkit.org
> > https://lists.webkit.org/mailman/listinfo/webkit-gtk
>
> --
> Carlos Garcia Campos
> http://pgp.rediris.es:11371/pks/lookup?op=get&search=0xF3D322D0EC4582C3
More information about the webkit-gtk
mailing list