[Webkit-unassigned] [Bug 131734] [EFL][WK1] SSL Strict is set according to input parameter.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 16 22:32:47 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=131734





--- Comment #4 from Jeongeun Kim <je_julie.kim at samsung.com>  2014-04-16 22:33:05 PST ---
(In reply to comment #3)
> EAPI void ewk_network_tls_certificate_check_set(Eina_Bool enable);
> 
> > Source/WebKit/efl/ewk/ewk_network.cpp:58
> >      unsigned policy = WebCore::SoupNetworkSession::defaultSession().sslPolicy();
> 
> Now I understand this API behavior is to enable soup SSL policy if checkCertificates is enabled. However, it looks this API is getting current ssl policy value unnecessary because you set *policy* value only depends on *checkCertificates*. I think there are two choices. One is just to set the policy regardless of current policy value. The other is to enable only both when *checkCertificates* is enabled and *current policy value* is disabled.
> 
> Below may be one of examples for first one.
> 
> void ewk_network_tls_certificate_check_set(Eina_Bool checkCertificates) {
>     if (checkCertificates)
>         policy = WebCore::SoupNetworkSession::SSLStrict;
>     else
>         policy = ~WebCore::SoupNetworkSession::SSLStrict;
> 
>     WebCore::SoupNetworkSession::defaultSession().setSSLPolicy(policy);
> }

Thanks, Gyuyoung.
SoupNetworkSession::SSLPolicy SoupNetworkSession::sslPolicy() includes two options, SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE and SOUP_SESSION_SSL_STRICT.
We can set both of them using setSSLPolicy. That's why I'm getting current value.
Originally, ewk_network_tls_certificate_check_set is only related to SSL-Strict. 
As to the second suggestion, It means that 
if (checkCertificates && !(policy | WebCore::SoupNetworkSession::SSLStrict))
    policy |= WebCore::SoupNetworkSession::SSLStrict;
else if (!checkCertificates && (policy | WebCore::SoupNetworkSession::SSLStrict))
    policy &= ~WebCore::SoupNetworkSession::SSLStrict;
So, your suggestion is that?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list