>From "Alfred Peng" <Alfred.Peng at Sun.COM>, August 07, 2009 2:40 AM:
> On 08/ 7/09 04:12 PM, Hugh McIntyre wrote: >> 2. Solaris ships with SOUP_SESSION_SSL_CA_FILE set to /dev/null (HTTPS >> disabled) but with documentation saying that users can call >> g_object_set(..., SOUP_SESSION_SSL_CA_FILE, ...) to define either a >> valid CA file to enable support with checking or reset to NULL which >> seems to be claimed to turn checking back off. (Details in the link >> above). > > Option #2 looks good to me. I'll add those to the manual page if people > agree with this. I agree. This option seems sane to me, as well, as long as consumers of WebKit can *easily* change this. i.e. The man page needs to have an explicit example as to how to enable the CA file (or /dev/null). If no other platform has considered the security implications yet, it's quite viable whatever gets done here will be used as the reference elsewhere. Therefore, it's vital that what differs ought to be explicitly and obviously defined. This will also help porters with quickly (minimal effort beyond configure && make && make install) achieving "feature-parity" on OpenSolaris when porting things which rely upon WebKit. Just my two cents, but as I am awaiting integration of WebKit so that I can port a couple of things which depend on it, I thought now would be the time to chime in. :) Warmest, --Matt -- Matt Lewandowsky Greenviolet http://greenviolet.net/
