Uros Nedic wrote: > [2] Let we extend libsoup with additional interfaces capable > to deal with this issue, or to change actual implementation > of interface we have conflict with.
If you look at the following libsoup bugs, it looks like libsoup is planning to add new certificate APIs, and therefore OpenSolaris should preferably not add it's own conflicting APIs. http://bugzilla.gnome.org/show_bug.cgi?id=507802 and http://bugzilla.gnome.org/show_bug.cgi?id=507801 (pass certs in memory, not just files) and http://bugzilla.gnome.org/show_bug.cgi?id=334021 There's more than a suggestion in one of these bugs that Fedora plans to migrate the SSL backend to Mozilla's NSS for Fedora at least, which OpenSolaris may not want to. But either way it seems this case should not get sidelined into inventing new APIs nor really get into a discussion of different WebKit network stacks. Instead the discussion should maybe stick to just the question of what the default HTTPS setting should be, whether Darren's suggestion of linking this case to shipping a working root CA file is appropriate, and how to document how to load alternate certs. For the documentation, it does seem this should be listed as some type of uncommitted if there is risk of another change in backend in future. Hugh.
