[Webkit-unassigned] [Bug 168486] [WinCairo][MiniBrowser] Add ca-bundle to display secure pages

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Feb 27 10:48:53 PST 2017


--- Comment #7 from Basuke Suzuki <Basuke.Suzuki at am.sony.com> ---
(In reply to comment #6)

> Patch
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=302689&action=review
> > Source/WebCore/platform/network/curl/ResourceHandleManager.cpp:102
> > +    char* envPath = getenv("CURL_CA_BUNDLE_PATH");
> Preferring this if it exists seems ok.

> I'm not sure it's a good idea to download this file every time you build. 
> It could slow things down, it would require network access while building or
> fail, it would ping the curl server every time a developer runs cmake and
> developers might worry that they are being tracked,

That's right. Actually that is exactly annoying thing by update-webkit-dependency do for me. I agree to avoid this kind of download on build process.

> CMake's
> file(DOWNLOAD ...) seems to ignore ssl errors, so it's unclear how secure it
> really is.

OMG, this must be the biggest reason to deny this patch.

> It would be nice to print out instructions for how to get the
> cacert.pem, but I don't think this is a good idea to commit to the
> repository as-is.

My idea is not downloading it separately, but include it inside WinCairoRequirements, because that library must maintain regularly. But at this moment, it seems not easy to make change to WinCairoRequirements.

Until then, I just want to remove the download patch.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170227/d3868bfc/attachment-0001.html>

More information about the webkit-unassigned mailing list