[Webkit-unassigned] [Bug 104356] [SOUP] Failed to connect secure Websocket request (wss://)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Dec 7 05:04:21 PST 2012


https://bugs.webkit.org/show_bug.cgi?id=104356





--- Comment #6 from Dan Winship <danw at gnome.org>  2012-12-07 05:06:47 PST ---
(From update of attachment 178192)
View in context: https://bugs.webkit.org/attachment.cgi?id=178192&action=review

> Source/WebCore/platform/network/soup/SocketStreamHandleSoup.cpp:308
> +    // FIXME: We don't have a way to get root CA's certificate info here, so, "accept-certificate" will say UNKNOWN_CA for all connection.

That's not true; GTlsConnection will check against the system CA list by default. This change is only needed for connecting to wss servers using unrecognized CAs.

IIRC, Safari's behavior is to use the same list of certificate exceptions as it uses for https connections, and not provide any way to override it from the wss side. (ie, you have to have already ok'ed the bad certificate on an https connection before you can use it for wss connections). I think there may be discussion about this in other open bugs here. (For the soup backend, there's currently no way to add certificate exceptions at the webkit level, although I think Epiphany and Midori both implement it for https at higher levels.)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list