The problem here isn't webkitgtk but a miscommunication between libsoup/glib-networking/gnutls.
In libsoup/soup-socket.c:soup_socket_handshake_sync() a connectinon attempt is made. Then there is a check whether a TLS or SSL error occurred (different things in this case). If it was a TLS error; higher up the callstack a retry is scheduled. This time using SSL instead of TLS (exactly to prevent TLS incompabilities) In this case however the error reported by g_tls_connection_handshake is a certificate parsing error, which is classified as SSL error, so no retry is performed. If one forces the certificate parsing error to be a TLS error, the retried connection will succeed (including parsing the certificate), so this certificate can't be completely broken. Are people on this list who want to handle this themselves or should I file this with those other projects? _______________________________________________ webkit-gtk mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-gtk
