[webkit-help] WebKit+cairo open HTTPS issue & local certificate file issue

[Rick Xu]

I have tried both Brent's and Chris's approach. Both are good on my
laptop. To my understanding, these two methods are essentially
different, right? Chris's trying to suppress the error message. But
Brent's approach really uses the certificate.

My question is: now I have several own certificates, because I need to
visit some specific websites. I am not sure if it will be ok if we
just put those certificates (.pem files) under the certificates
folder. I haven't tried it because I haven't gotten the certificates.
But I really want to make sure that before the testing.

Thanks a lot!

Best,

-Rick



2010/6/10 Brent Fulgham <bfulgham at gmail.com>:
> Hi Rick,
>
> On Jun 10, 2010, at 1:38 PM, Rick Xu wrote:
>
>> Sorry to bother.
>>
>> I have successfully built the WebKit/Cairo on WinXP (32-bit). The
>> generated WinLauncher.exe works fine for normal http URL addresses.
>
> Great!
>
>> However, when I try to open a HTTPS URL, like
>> https://mail.google.com/, the browser just stops there with no
>> response at all. I know the WinLauncher.exe is not a comprehensive
>> browser. But, I noticed that there is cacert.pem file included in the
>> "requirement" folder.
>
> Sorry about this.  I had very specific needs for my initial Wincairo work, and am generally only hosting local content generated by a containing application.  Consequently, I haven't devoted much (any?) time to the larger issues of network security and so forth.
>
> However, I have built and configured things so that https works properly.  I suspect that the problem you are having is that you do not have a security certificate available for Wincairo to use.  Obviously I need to provide better error reporting mechanisms here.
>
> The Wincairo port tells libcurl (the portion of the system that actually handles the https stuff) to check for a certificate in WebKit's working directory (generally, wherever WebKit.dll is located) in a subdirectory:
>
> WebKitBuild
> \
> |----------   bin
> \
>  |-------------  WebKit.resources
>  \
>  |-------------- certificates
>  \
>   |--------------- cacert.pem
>
> I include the cacert.pem in the "WebKitSDK" stuff on my iDisk site.  You can also just grab the one from the cURL site (that's basically all I'm using here.)
>
> This should be enough to get https working properly.
>
>> Another question is about the local certification. In WebKit/Safari
>> version, it provides a function to "install certificate" from local
>> certificate files. I am thinking of specifying a folder to store local
>> certificate files for the WebKit/Cairo build.
>
> Right now, all of this is controlled by the CoreFoundation bundle handling operations, which work pretty similarly on Wincairo as they do on the real Apple version.  That said, I haven't tested or played with this at all.  I am not sure I even hooked up all the logic in the WebKit.dll API layer to deal with this.  Let me know what you discover and I'll be happy to help you figure out what to do to get it working.
>
> Best regards,
>
> -Brent