[Webkit-unassigned] [Bug 162910] [SOUP] Move global TLS errors handling from ResourceHandle to SoupNetworkSession

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 5 01:01:28 PDT 2016


--- Comment #9 from Carlos Garcia Campos <cgarcia at igalia.com> ---
(In reply to comment #7)
> (In reply to comment #3)
> > What's the problem of using SHA1 here? What's the security problem exactly?
> I see certificates and SHA1 and think "Somebody could theoretically create a
> collision and something unexpected could happen and that's really bad with
> certificates."  I'm not sure what the exact attack would look like, but it's
> up to you to decide whether that's important enough.

hmm, I see, thanks for the clarification. I don't think it's so urgent to block this anyway, we can open a bug report for this and Michael can contribute a patch :-)

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161005/3c231080/attachment.html>

More information about the webkit-unassigned mailing list