On 08/ 7/09 04:12 PM, Hugh McIntyre wrote: > So roughly speaking this seems to give 3 options: > > 1. Solaris adds some code to set SOUP_SESSION_SSL_CA_FILE based on an > environment variable or system default if they exist by default, else > either /dev/null (no HTTPS) or the default (no checking). > > 2. Solaris ships with SOUP_SESSION_SSL_CA_FILE set to /dev/null (HTTPS > disabled) but with documentation saying that users can call > g_object_set(..., SOUP_SESSION_SSL_CA_FILE, ...) to define either a > valid CA file to enable support with checking or reset to NULL which > seems to be claimed to turn checking back off. (Details in the link above). > > 3. Or a similar option to (2) where WebKit ships unmodified with no > checking, but the documentation states in a clear WARNING section that > https accesses include no checking unless the user sets > SOUP_SESSION_SSL_CA_FILE to a valid file (or /dev/null). > > Personally, #2 may be the best option especially if this can be made to > default to a system-supplied CA file if shipped. Since option (1) may > give the same effect but with more coding and more Solaris-only options > such as environment variables. > Thanks for the comments.
Option #2 looks good to me. I'll add those to the manual page if people agree with this. Thanks, -Alfred