[Webkit-unassigned] [Bug 113755] New: [Soup]TLS error bad certificate check in case of redirections

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 2 00:36:55 PDT 2013


           Summary: [Soup]TLS error bad certificate check in case of
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit EFL
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: youennf at gmail.com
                CC: demarchi at webkit.org

ResourceHandleSoup::handleUnignoredTLSErrors currently checks whether TLS errors are ignorable or not.
In case of a redirection, the URL that is used to do the check is the initial request URL, not the URL used after the redirection.

This may cause two potential issues:
1. If a certificate is added in the list of authorized certificates for a domain N1, it will not be found in case of a redirection from a domain N2 to N1.
2. If TLS errors are skipped for a domain N1, TLS errors will also be skipped for a domain N2 in case of a redirection from N1 to N2.

EWebLauncher has this behavior when enforcing TLS errors checks (setIgnoreSSLErrors(false)) and registering a self-signed certificate to a specific domain.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list