[Webkit-unassigned] [Bug 168486] [WinCairo][MiniBrowser] Add ca-bundle to display secure pages

Mon Feb 27 07:06:08 PST 2017

https://bugs.webkit.org/show_bug.cgi?id=168486

Alex Christensen <achristensen at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #302689|review?                     |review-
              Flags|                            |

--- Comment #6 from Alex Christensen <achristensen at apple.com> ---
Comment on attachment 302689
  --> https://bugs.webkit.org/attachment.cgi?id=302689
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=302689&action=review

> Source/WebCore/platform/network/curl/ResourceHandleManager.cpp:102
> +    char* envPath = getenv("CURL_CA_BUNDLE_PATH");

Preferring this if it exists seems ok.

> Tools/MiniBrowser/win/CMakeLists.txt:41
> +    file(DOWNLOAD ${MiniBrowser_CABUNDLE_URL} "${MiniBrowser_CERTIFICATES_DIR}/cacert.pem" SHOW_PROGRESS)

I'm not sure it's a good idea to download this file every time you build.  It could slow things down, it would require network access while building or fail, it would ping the curl server every time a developer runs cmake and developers might worry that they are being tracked, and CMake's file(DOWNLOAD ...) seems to ignore ssl errors, so it's unclear how secure it really is.  It would be nice to print out instructions for how to get the cacert.pem, but I don't think this is a good idea to commit to the repository as-is.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170227/8dfd928f/attachment.html>