[Webkit-unassigned] [Bug 187679] [Curl] Add allowSpecificHTTPSCertificateForHost support.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 27 21:01:44 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=187679
--- Comment #13 from Fujii Hironori <Hironori.Fujii at sony.com> ---
FWIW, theoretically it is possible to post decidePolicyForAuthenticationChallenge callback while verify_callback is called by blocking the curl thread.
(In reply to Basuke Suzuki from comment #8)
> To ignore verification error not using above way, it is possible to disable
> validation for specific session, but it doesn't check the received
> certificate. Any certificate sent from the server is accepted for that
> connection. It should be ignore specific certificates for the host.
This is a bad idea. User agents shouldn't continue a handshake and receive data without user consent of accepting the invalid cert.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181128/58b92652/attachment.html>
More information about the webkit-unassigned
mailing list