Skip to site navigation (Press enter)

[webkit-changes] [109338] trunk/Source/WebKit2

sergio Thu, 01 Mar 2012 04:51:56 -0800

Title: [109338] trunk/Source/WebKit2

Revision: 109338
Author: ser...@webkit.org
Date: 2012-03-01 04:51:43 -0800 (Thu, 01 Mar 2012)

Log Message

[WK2] [GTK] [libsoup] SoupSession should use system CA
https://bugs.webkit.org/show_bug.cgi?id=79657


Reviewed by Martin Robinson.

SoupSession sould use system CA list to validate SSL
certificates. Do not use strict certificate validation though as
we want clients to decide whether or not accept/decline invalid
certificates (API to be added later).

No new tests required as current behaviour does not change at all
as we continue to accept invalid certificates by default.

* WebProcess/gtk/WebProcessMainGtk.cpp:
(WebKit::WebProcessMainGtk):

Modified Paths

trunk/Source/WebKit2/ChangeLog
trunk/Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp

Diff

Modified: trunk/Source/WebKit2/ChangeLog (109337 => 109338)


--- trunk/Source/WebKit2/ChangeLog	2012-03-01 12:40:24 UTC (rev 109337)
+++ trunk/Source/WebKit2/ChangeLog	2012-03-01 12:51:43 UTC (rev 109338)
@@ -1,3 +1,21 @@
+2012-03-01  Sergio Villar Senin  <svil...@igalia.com>
+
+        [WK2] [GTK] [libsoup] SoupSession should use system CA
+        https://bugs.webkit.org/show_bug.cgi?id=79657
+
+        Reviewed by Martin Robinson.
+
+        SoupSession sould use system CA list to validate SSL
+        certificates. Do not use strict certificate validation though as
+        we want clients to decide whether or not accept/decline invalid
+        certificates (API to be added later).
+
+        No new tests required as current behaviour does not change at all
+        as we continue to accept invalid certificates by default.
+
+        * WebProcess/gtk/WebProcessMainGtk.cpp:
+        (WebKit::WebProcessMainGtk):
+
 2012-03-01  Carlos Garcia Campos  <cgar...@igalia.com>
 
         Unreviewed. Fix WebKit2 GTK+ build.

Modified: trunk/Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp (109337 => 109338)


--- trunk/Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp	2012-03-01 12:40:24 UTC (rev 109337)
+++ trunk/Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp	2012-03-01 12:51:43 UTC (rev 109338)
@@ -64,6 +64,12 @@
     SoupSession* session = WebCore::ResourceHandle::defaultSession();
     soup_session_add_feature_by_type(session, WEB_TYPE_AUTH_DIALOG);
 
+    // Despite using system CAs to validate certificates we're
+    // accepting invalid certificates by default. New API will be
+    // added later to let client accept/discard invalid certificates.
+    g_object_set(session, SOUP_SESSION_SSL_USE_SYSTEM_CA_FILE, TRUE,
+                 SOUP_SESSION_SSL_STRICT, FALSE, NULL);
+
     RunLoop::run();
 
     return 0;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes