On 08/ 7/09 04:12 PM, Hugh McIntyre wrote:
> So roughly speaking this seems to give 3 options:
>
> 1.  Solaris adds some code to set SOUP_SESSION_SSL_CA_FILE based on an 
> environment variable or system default if they exist by default, else 
> either /dev/null (no HTTPS) or the default (no checking).
>
> 2.  Solaris ships with SOUP_SESSION_SSL_CA_FILE set to /dev/null (HTTPS 
> disabled) but with documentation saying that users can call 
> g_object_set(..., SOUP_SESSION_SSL_CA_FILE, ...) to define either a 
> valid CA file to enable support with checking or reset to NULL which 
> seems to be claimed to turn checking back off.  (Details in the link above).
>
> 3.  Or a similar option to (2) where WebKit ships unmodified with no 
> checking, but the documentation states in a clear WARNING section that 
> https accesses include no checking unless the user sets 
> SOUP_SESSION_SSL_CA_FILE to a valid file (or /dev/null).
>
> Personally, #2 may be the best option especially if this can be made to 
> default to a system-supplied CA file if shipped.  Since option (1) may 
> give the same effect but with more coding and more Solaris-only options 
> such as environment variables.
>   
Thanks for the comments.

Option #2 looks good to me. I'll add those to the manual page if people
agree with this.

Thanks,
-Alfred

Reply via email to