[Webkit-unassigned] [Bug 131734] [EFL][WK1] SSL Strict is set according to input parameter.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 16 22:39:14 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=131734


Gyuyoung Kim <gyuyoung.kim at samsung.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |gyuyoung.kim at samsung.com




--- Comment #5 from Gyuyoung Kim <gyuyoung.kim at samsung.com>  2014-04-16 22:39:18 PST ---
(In reply to comment #4)
> (In reply to comment #3)
> > EAPI void ewk_network_tls_certificate_check_set(Eina_Bool enable);
> > 
> > > Source/WebKit/efl/ewk/ewk_network.cpp:58
> > >      unsigned policy = WebCore::SoupNetworkSession::defaultSession().sslPolicy();
> > 
> > Now I understand this API behavior is to enable soup SSL policy if checkCertificates is enabled. However, it looks this API is getting current ssl policy value unnecessary because you set *policy* value only depends on *checkCertificates*. I think there are two choices. One is just to set the policy regardless of current policy value. The other is to enable only both when *checkCertificates* is enabled and *current policy value* is disabled.
> > 
> > Below may be one of examples for first one.
> > 
> > void ewk_network_tls_certificate_check_set(Eina_Bool checkCertificates) {
> >     if (checkCertificates)
> >         policy = WebCore::SoupNetworkSession::SSLStrict;
> >     else
> >         policy = ~WebCore::SoupNetworkSession::SSLStrict;
> > 
> >     WebCore::SoupNetworkSession::defaultSession().setSSLPolicy(policy);
> > }
> 
> Thanks, Gyuyoung.
> SoupNetworkSession::SSLPolicy SoupNetworkSession::sslPolicy() includes two options, SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE and SOUP_SESSION_SSL_STRICT.
> We can set both of them using setSSLPolicy. That's why I'm getting current value.
> Originally, ewk_network_tls_certificate_check_set is only related to SSL-Strict. 
> As to the second suggestion, It means that 
> if (checkCertificates && !(policy | WebCore::SoupNetworkSession::SSLStrict))
>     policy |= WebCore::SoupNetworkSession::SSLStrict;
> else if (!checkCertificates && (policy | WebCore::SoupNetworkSession::SSLStrict))
>     policy &= ~WebCore::SoupNetworkSession::SSLStrict;
> So, your suggestion is that?

Looks like my second suggestion. My point is that we don't need to get current policy value in your uploaded patch, because your patch sets the policy value  by using *checkCertificates* regardless current policy value. So, when the policy was already set to SSLStrict, we don't need to set it to SSLStrict again.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list