Hugh McIntyre wrote:
> Uros Nedic wrote:
>> [2] Let we extend libsoup with additional interfaces capable
>> to deal with this issue, or to change actual implementation
>> of interface we have conflict with.
> 
> If you look at the following libsoup bugs, it looks like
> libsoup is planning to add new certificate APIs, and therefore
> OpenSolaris should preferably not add it's own conflicting APIs.
> 
> http://bugzilla.gnome.org/show_bug.cgi?id=507802
> 
> and
> 
> http://bugzilla.gnome.org/show_bug.cgi?id=507801  (pass certs in memory,
> not just files)
> 
> and
> 
> http://bugzilla.gnome.org/show_bug.cgi?id=334021
> 
> There's more than a suggestion in one of these bugs that Fedora plans to 
> migrate the SSL backend to Mozilla's NSS for Fedora at least, which 
> OpenSolaris may not want to.  But either way it seems this case should 
> not get sidelined into inventing new APIs nor really get into a 
> discussion of different WebKit network stacks.

I don't see why we wouldn't want to migrate to Mozilla NSS.  In fact I 
would strongly encourage it.  Some of the core developers of Mozilla NSS 
actually work for Sun.  We already have core parts of OpenSolaris that 
either depend on NSS to function at all or can use it as an option.

> Instead the discussion should maybe stick to just the question of what 
> the default HTTPS setting should be, whether Darren's suggestion of 
> linking this case to shipping a working root CA file is appropriate, and 
> how to document how to load alternate certs.

Lets assume there is a file that had the same set of CA certificates as 
is present in firefox and it was in a format suitable for libsoup.  With 
that assumption is there any reason not to have HTTPS enabled with 
Webkit pointing to that file ?

-- 
Darren J Moffat

Reply via email to