On 01/31/2018 01:23 PM, Michael Catanzaro wrote:
Hi, In the future, please use [email protected] instead.
Thanks, I just subscribed to it.
On Wed, Jan 31, 2018 at 12:05 PM, Ben Greear <[email protected]> wrote:I am unsure how to port this part....any ideas? SoupSession *s; s = webkit_web_context_get_default_session(); g_object_set(G_OBJECT(s), "ssl-ca-file", "/etc/ssl/certs/ca-certificates.crt", NULL); g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL);Good news: you can just remove that code. Modern WebKitGTK+ automatically verifies TLS certificates using the system trust. The old version of WebKitGTK+ you were using before did not perform any certificate verification at all, so you had to grab the SoupSession and try to do it manually. That's not possible anymore, because the SoupSession lives in the network process, so WebKit must do it for you. One concern: I see you were setting ssl-strict to FALSE. That means libsoup would accept all certificates, and you must have some code elsewhere in your application to manually verify the certificates. Most applications got this wrong, either by not doing it at all, or by doing it too late, after sending an HTTP request. (It has to happen before the first HTTP request is sent, or your application will leak e.g. secure session cookies to any attacker.)
I am trying to port the osu client in the hostapd process. Truth is, I don't really understand why ssl-strict was originally set to false, maybe just to make testing easier. This is mostly just a demo tool to test out certain hotspot 2.0 wifi related features, so leaking cookies or similar is not a big concern in this case. In case you or someone else has time to review the changes, here is the patch I am working on testing: https://github.com/greearb/hostap-ct/commit/8f5aa3ecd4f0e6c23eff848e542bc1ff4d230af7 Thanks, Ben -- Ben Greear <[email protected]> Candela Technologies Inc http://www.candelatech.com _______________________________________________ webkit-gtk mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-gtk
