Hugh McIntyre wrote: > Uros Nedic wrote: >> [2] Let we extend libsoup with additional interfaces capable >> to deal with this issue, or to change actual implementation >> of interface we have conflict with. > > If you look at the following libsoup bugs, it looks like > libsoup is planning to add new certificate APIs, and therefore > OpenSolaris should preferably not add it's own conflicting APIs. > > http://bugzilla.gnome.org/show_bug.cgi?id=507802 > > and > > http://bugzilla.gnome.org/show_bug.cgi?id=507801 (pass certs in memory, > not just files) > > and > > http://bugzilla.gnome.org/show_bug.cgi?id=334021 > > There's more than a suggestion in one of these bugs that Fedora plans to > migrate the SSL backend to Mozilla's NSS for Fedora at least, which > OpenSolaris may not want to. But either way it seems this case should > not get sidelined into inventing new APIs nor really get into a > discussion of different WebKit network stacks.
I don't see why we wouldn't want to migrate to Mozilla NSS. In fact I would strongly encourage it. Some of the core developers of Mozilla NSS actually work for Sun. We already have core parts of OpenSolaris that either depend on NSS to function at all or can use it as an option. > Instead the discussion should maybe stick to just the question of what > the default HTTPS setting should be, whether Darren's suggestion of > linking this case to shipping a working root CA file is appropriate, and > how to document how to load alternate certs. Lets assume there is a file that had the same set of CA certificates as is present in firefox and it was in a format suitable for libsoup. With that assumption is there any reason not to have HTTPS enabled with Webkit pointing to that file ? -- Darren J Moffat
