[Webkit-unassigned] [Bug 104356] [SOUP] Failed to connect secure Websocket request (wss://)

Fri Dec 7 05:50:03 PST 2012

https://bugs.webkit.org/show_bug.cgi?id=104356

--- Comment #7 from Basavaraj Padmashali Sidda <basavaraj.ps at samsung.com>  2012-12-07 05:52:29 PST ---
(In reply to comment #6)
> (From update of attachment 178192 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=178192&action=review
> 
> > Source/WebCore/platform/network/soup/SocketStreamHandleSoup.cpp:308
> > +    // FIXME: We don't have a way to get root CA's certificate info here, so, "accept-certificate" will say UNKNOWN_CA for all connection.
> 
> That's not true; GTlsConnection will check against the system CA list by default. This change is only needed for connecting to wss servers using unrecognized CAs.
> 
> IIRC, Safari's behavior is to use the same list of certificate exceptions as it uses for https connections, and not provide any way to override it from the wss side. (ie, you have to have already ok'ed the bad certificate on an https connection before you can use it for wss connections). I think there may be discussion about this in other open bugs here. (For the soup backend, there's currently no way to add certificate exceptions at the webkit level, although I think Epiphany and Midori both implement it for https at higher levels.)

Hi Dan
You mean "accept_certificate" callaback will not get triggered or called if WSS servers using recognized CA ?

We tried following thing
for wss, g_tls_connection_set_database() is used, we get error UNKNOWN_CA in the callback
for https when we use g_object_set(SOUP_SESSION, "tls-database",..), we get trusted certificate without any error.. 
However, we used same database for g_object_set() and g_tls_connection_set_database().

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.