[Webkit-unassigned] [Bug 216038] [SOUP] webkit_web_view_get_https_status() probably broken with service workers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 1 09:31:52 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=216038
--- Comment #3 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Michael Catanzaro from comment #2)
> I can reproduce this problem on twitter.com in WebKitGTK 2.28.4, but not in
> 2.29.91, which indicates it is probably fixed. HOWEVER...
> CertificateInfo::isolated_copy is still not implemented, so that's weird.
> Magic?
So without having bisected it, I would guess that you (Alex) fixed it in r264724, but I don't understand how it's possible with that function unimplemented. WebKit is actually somehow loading the correct TLS certificate -- I can inspect it in Epiphany and view its properties -- whereas previously it reported that the website had no security (webkit_web_view_get_tls_info() returned NULL), indicating that the main resource was loaded via service workers. So there *should* be no way for WebKit to get the CertificateInfo if it's not properly encoded. But the encoding depends on CertificateInfo::isolated_copy, which just returns an empty struct, so ??????
I did think about how to implement CertificateInfo::isolated_copy. It's currently impossible to do without adding new GLib API, because the GTlsCertificate:private-key property is not readable. Internally to GTlsCertificate, it will be a PKCS#11 token, which is just a string that is simple to copy for use across threads. But no way to get it without new API. I've been considering adding it anyway for an unrelated project.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200901/ee1b6ef8/attachment.htm>
More information about the webkit-unassigned
mailing list