[webkit-gtk] Support for PKCS11 / Smartcard?

mailto428496 mailto628496 at cox.net
Wed Dec 5 22:19:49 PST 2018 

Michael,


On 12/04/2018 10:28 AM, Michael Catanzaro wrote:
>
>
> On Mon, Dec 3, 2018 at 8:16 PM, mailto428496 <mailto628496 at cox.net>
> wrote:
>> Michael,
>>
>> As you predicted it didn't work for smartcard authentication with WebKit
>> (MiniBrowser) (perhaps I was overly optimistic that somehow it would
>> magically work ;) and I am not sure how else to test it?  But setting
>> the GIO_USE_TLS=gnutls-pkcs11 variable does cause it to start looking at
>> smartcard related libraries.  So that sounds like there is hope that it
>> would work after you got the client authentication working, that I
>> assume would interface with whatever gnutls-pkcs11 provided?  Any idea
>> when that might happen?  Also, it seems like it would be useful to leave
>> the pkcs11 code around that you had recently removed ;)
>
> That's what we need to figure out. Maybe you could do the same thing
> with glib-networking 2.58 (e.g. in Fedora 29) and see if the smartcard
> libraries are still being used? I think it should still be used, just
> via GnuTLS rather than via gnutls-pkcs11. Not sure.

I will have to see about setting up Fedora 29 in a VM to test.

>
>> Let me know if you have any ideas on how to test the glib-networking
>> without WebKit, I am just not sure what else smartcard auth related
>> would use it?
>
> I'll ask around and see if someone has ideas.
>
>> Also, this might be a long shot, but how hard would it be to get WebKit
>> to redirect to another browser like firefox that could do the auth, or
>> is the WebKit API just too specific for that to ever work?  For fun I
>> actually linked WebKitWebProcess to firefox and it does pop up firefox,
>> but not surprisingly none of the information gets passed.
>
> Hehe, there's no way to make that work, indeed.
>
> We just need to fix https://bugs.webkit.org/show_bug.cgi?id=164509. It
> shouldn't be too hard and it's on my TODO. I can't promise when I'll
> get to it, though.
>

Ok, do you have a ballpark on when you might have time to work on this? 
Are we talking a few months, or a year or more?

Thanks,


Jim

More information about the webkit-gtk mailing list