[Webkit-unassigned] [Bug 187679] [Curl] Add allowSpecificHTTPSCertificateForHost support.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 27 16:15:49 PST 2018


--- Comment #8 from Basuke Suzuki <Basuke.Suzuki at sony.com> ---
Unfortunately there's no way to continue curl connection once it detect verification error. It has to be restarted from the beginning.

Our initial idea is that CurlContext has global exceptional list for each (host, certificates) pair to allow exception while validating in a callback of OpenSSL to prevent validation error reported to libcurl.

To ignore verification error not using above way, it is possible to disable validation for specific session, but it doesn't check the received certificate. Any certificate sent from the server is accepted for that connection. It should be ignore specific certificates for the host.

Other idea is that a request can have local exceptional certificate list. Then when we get a ServerTrustRequest and the user allow to communicate to server for the certificate, the request will be restarted from the beginning with the exceptional certificates. It's a little bit complecated than original, but it may work.

Any way, Curl port needs some sort of allowSpecificHTTPSCertificateForHost feature in WebKit layer to support Server Trust Evaluation. Can we reopen this bug?

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181128/88df3af0/attachment.html>

More information about the webkit-unassigned mailing list