[Webkit-unassigned] [Bug 179374] [GTK] [WPE] Add an API to set TLS settings

Tue Nov 7 06:52:19 PST 2017

https://bugs.webkit.org/show_bug.cgi?id=179374

Michael Catanzaro <mcatanzaro at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |givascu at igalia.com,
                   |                            |mcatanzaro at igalia.com

--- Comment #1 from Michael Catanzaro <mcatanzaro at igalia.com> ---
I guess a proposal is incoming?

It's going to depend on https://bugzilla.gnome.org/show_bug.cgi?id=745637 for sure. And possibly also on https://bugzilla.gnome.org/show_bug.cgi?id=711864 if you want to get any information about TLS certificates without having to parse them inside WebKit using libgcrypt. (And we might not want to do that to implement our API, since it would probably be better for our API to match whatever eventually ends up being exposed on GTlsCertificate)

The problem then becomes how to proxy information exposed by GTlsConnection and GTlsCertificate from the network process to the UI process, and designing a suitable API to expose it. This would be ambitious. I was not planning to expose TLS settings in the WebKit API at all, but I'm not opposed if you want to try.

Note: in the meantime you can use the G_TLS_GNUTLS_PRIORITY environment variable as a workaround. That would overwrite the secure defaults we set in NetworkProcessMain.cpp and WebProcessMain.cpp, so be careful if doing so.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171107/54317cab/attachment.html>