[Webkit-unassigned] [Bug 90267] [SOUP] Handle SSL errors

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jun 29 04:29:11 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=90267


Carlos Garcia Campos <cgarcia at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #150136|                            |review?
               Flag|                            |




--- Comment #1 from Carlos Garcia Campos <cgarcia at igalia.com>  2012-06-29 04:29:10 PST ---
Created an attachment (id=150136)
 --> (https://bugs.webkit.org/attachment.cgi?id=150136&action=review)
Patch

Handle SSL errors in the soup backend adding a way to allow the WebKit layer decide on what to do. This will allow us to expose an API to handles SSL errors from the UI process in WebKit2. The behaviour is the same than the current one in both WebKit1 and WebKit2, except for the cases where a subresource has a different https origin and the certificate can't be trusted. In such cases the subresource fails to load now. Now it works the following way:

         - When the main resource receives the response with SSL errors, it asynchronously asks the WebKit layer to check the certificate in a way similar to the policy checker.
         - The default implementation for all ports using the soup backend is to accept the certificate for compatibility. In WebKit2 a message will be send to the UI process, but for now the certificate is always accepted too.
         - If the WebKit layer accepts the certificate, it's stored in the DocumentLoader to check it for subresources.
         - When a subresource receives the response with SSL errors, the certificate is compared to the saved certificate in DocumentLoader, which is considered the trusted certificate. It will be accepted or denied depending on the trusted certificate without asking the WebKit layer.
         - If the certificate is accepted the resource continues loading normally. If it's denied the resource load finishes with a normal SSL error.
         - If the ssl mode is set to strict in the SoupSession (in WebKit2 is always set to FALSE), this mechanism doesn't even start because soup returns and error earlier and the load finishes with a normal SSL error.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list