[Webkit-unassigned] [Bug 90267] Handle SSL errors for SOUP
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 6 09:39:56 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=90267
--- Comment #20 from Martin Robinson <mrobinson at webkit.org> 2012-07-06 09:39:55 PST ---
(From update of attachment 151088)
View in context: https://bugs.webkit.org/attachment.cgi?id=151088&action=review
>>> Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:431
>>> + if (d->m_response.soupMessageTLSErrors() && !ignoreSSLErrors && !allowsAnyHTTPSCertificateHosts().contains(handle->firstRequest().url().host().lower())) {
>>
>> Does host() also include the port number? If I'm not mistaken you want something like the security domain (scheme-host-scheme). The scheme may not be important here, but perhaps it would be better to make this conditional on protocolHostAndPortAreEqual.
>>
>> I also wonder what happens when you make a request to http://foo.com and then http://foo.com:80.
>
> hmm, I've followed the same approach than CF, see ResourceHandleCFNet.cpp. Chromium also stores the certs per host using handler->request_url().host() in ssl_policy.cc
I'll defer here to someone who knows more than me about TLS, perhaps Dan or Sergio.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list