[webkit-gtk] TLS Errors API

Carlos Garcia Campos cgarcia at igalia.com
Thu Sep 26 09:14:47 PDT 2013


El jue, 26-09-2013 a las 15:59 +0000, Brian Holt escribió:
> Hi WebKitGtk+, 
> 
>  
> 
> I’m working on the TLS Errors API to provide the user with a
> WebKitTLSPermissionRequest object if they connect to the
> permission-request signal and a page load fails with TLS errors. See
> https://bugs.webkit.org/show_bug.cgi?id=120160.
> 
>  
> 
> I am proposing a new class called WebKitTLSPermissionRequest, that
> will inherit from WebKitPermissionRequest with its _allow() and
> _deny() API that will additionally provide the user with functions to
> find out more about the request, such as 
> 
>  
> 
> WEBKIT_API GTlsCertificate*
> 
> webkit_tls_permission_request_get_certificate
> (WebKitTLSPermissionRequest *request);
> 
>  
> 
> WEBKIT_API GTlsCertificateFlags
> 
> webkit_tls_permission_request_get_certificate_flags
> (WebKitTLSPermissionRequest *request);

I would use get_tls_errors() for consistency with libsoup. GLib has
g_tls_client_connection_get_validation_flags() and
g_tls_connection_get_peer_certificate_errors() as well, so we couls also
use get_validation_flags() or get_certificate_errors(). Personally I
prefer get_tls_errors or get_certificate_errors.

>  
> 
> WEBKIT_API GError *
> 
> webkit_tls_permission_request_get_error
> (WebKitTLSPermissionRequest *request);

I don't think we want to expose this in the API. People interested in
the error, should connect to load-failed and set the TLS errors policy
to fail. In this case we are only interested in the certificate itself
and the error flags, because we already know the error is TLS problem.

>  
> 
> WEBKIT_API const gchar *
> 
> webkit_tls_permission_request_get_failing_uri
> (WebKitTLSPermissionRequest *request);

Not sure we need this either, I would probably add get_host, so that the
user can create an error page saying "Failed to connect to $host". This
will still be the active URI of the WebKitWebView if the page is loaded
properly with load_alternate_html.

>  
> 
> Comments and feedback welcome.

Looks great in general. Thanks!

>  
> 
> Regards
> 
> Brian
> 
>  
> 
>  
> 
> Brian Holt
> Senior Software Engineer
> 
> Samsung Electronics (UK) Limited
> Registered number:  03086621
> Registered address: Samsung House, 1000 Hillswood Drive, Chertsey,
>                     Surrey KT16 0PS, England
> 
> South Street        Email:  brian.holt at samsung.com
> Staines             Fax:    +44 (0)1784 428620
> MIDDLESEX           Office: +44 (0)1784 428600 (ext 380)
> TW18 4QE
> 
> England
> 
>  
> 
> 
> _______________________________________________
> webkit-gtk mailing list
> webkit-gtk at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-gtk

-- 
Carlos Garcia Campos
http://pgp.rediris.es:11371/pks/lookup?op=get&search=0xF3D322D0EC4582C3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.webkit.org/pipermail/webkit-gtk/attachments/20130926/c01c1991/attachment.sig>


More information about the webkit-gtk mailing list