[Webkit-unassigned] [Bug 168486] [WinCairo][MiniBrowser] Add ca-bundle to display secure pages

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Feb 27 07:06:08 PST 2017


Alex Christensen <achristensen at apple.com> changed:

           What    |Removed                     |Added
 Attachment #302689|review?                     |review-
              Flags|                            |

--- Comment #6 from Alex Christensen <achristensen at apple.com> ---
Comment on attachment 302689
  --> https://bugs.webkit.org/attachment.cgi?id=302689

View in context: https://bugs.webkit.org/attachment.cgi?id=302689&action=review

> Source/WebCore/platform/network/curl/ResourceHandleManager.cpp:102
> +    char* envPath = getenv("CURL_CA_BUNDLE_PATH");

Preferring this if it exists seems ok.

> Tools/MiniBrowser/win/CMakeLists.txt:41
> +    file(DOWNLOAD ${MiniBrowser_CABUNDLE_URL} "${MiniBrowser_CERTIFICATES_DIR}/cacert.pem" SHOW_PROGRESS)

I'm not sure it's a good idea to download this file every time you build.  It could slow things down, it would require network access while building or fail, it would ping the curl server every time a developer runs cmake and developers might worry that they are being tracked, and CMake's file(DOWNLOAD ...) seems to ignore ssl errors, so it's unclear how secure it really is.  It would be nice to print out instructions for how to get the cacert.pem, but I don't think this is a good idea to commit to the repository as-is.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170227/8dfd928f/attachment.html>

More information about the webkit-unassigned mailing list