<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - [GTK] Certificate database missing when accessing HTTPS via WebKitWebSourceGStreamer"
href="https://bugs.webkit.org/show_bug.cgi?id=163166">163166</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[GTK] Certificate database missing when accessing HTTPS via WebKitWebSourceGStreamer
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>Other
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P3
</td>
</tr>
<tr>
<th>Component</th>
<td>WebKit Gtk
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>jana@saout.de
</td>
</tr>
<tr>
<th>CC</th>
<td>bugs-noreply@webkitgtk.org
</td>
</tr></table>
<p>
<div>
<pre>Using WebkitGtk 2.14.0 (I don't know if this issue is relater to the GStreamer code, WK2 or SOUP interface, but it happens on my WebkitGtk branch, so I picke [GTK]):
A video tag linking to a .m3u8 file (e.g. this one)
<a href="https://video.twimg.com/ext_tw_video/783084968578723841/pu/pl/b-QJrB5LSssa0f07.m3u8">https://video.twimg.com/ext_tw_video/783084968578723841/pu/pl/b-QJrB5LSssa0f07.m3u8</a>
will make GStreamer choose the "HLS" plugin, which will try to create a HTTP source to read that particular file.
The gstreamer interface will attach this to WebKitWebSourceGStreamer, which will start the request using libsoup.
However, this always fails with "unacceptable TLS certificate" for me. I did some chasing:
The TLS connection in use doesn't have any certificate database set (i.e. the GObject property "database" of GTlsConnectionGnutls is NULL).
Some debugging output pointed out that for ALL other HTTP connections, there is a non-NULL database set.
Digging further yielded that this HTTP connection is made from the WebKitWebProcess task whereas all other requests are madefromthe WebkitNetworkProcess task.
This is the point where my knowledge ends because I don't know what was supposed to happen here. In case all HTTP traffic is supposed to to through the network process, you have the issue there. If not, the issue might be that the web process doesn't have access to the certificate database.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>