[Webkit-unassigned] [Bug 187679] [Curl] Add allowSpecificHTTPSCertificateForHost support.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 27 12:34:36 PST 2018


--- Comment #5 from Basuke Suzuki <Basuke.Suzuki at sony.com> ---
I cannot get any information about `decidePolicyForAuthenticationChallenge` from Apple document or WebKit repository, but does that mean 
 URLSession's URLSession:task:didReceiveChallenge:completionHandler: delegete method?

Let me guess the underlying implementation of Safari based on above delegate.  

1) First time connection hit a invalid certificate(s), it invokes server trust evaluation through the authentication manager to ask the client app to validate this invalid certificate(s).

2) The app will ask user to trust or not to trust.

3) If a user choose to trust the certificate, it stores the certificate for a host in app's storage for further reference and call completionHandler with dispositon of useCredential for server trust.

4) When next communication to the same host happens, again it invoke server trust evaluation to the app and the app compares certificates with its permitted certificate list. If it's in the list, it allow communication by calling completion handler immediately. If not, go to 2).

Is this correct? There's a huge communication overhead via IPC calls with this way.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181127/920e9bae/attachment-0001.html>

More information about the webkit-unassigned mailing list