Bug 104482

Summary: [GTK] Add API to set a TLS errors policy to WebKit2 GTK+ API
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, danw, gustavo, gyuyoung.kim, mrobinson, rakuco, webkit.review.bot
Priority: P2 Keywords: Gtk, Soup
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Patch mrobinson: review+

Carlos Garcia Campos
Reported 2012-12-09 04:53:43 PST
We are currently always ignoring all TLS errors unconditionally. We should provide an API to allow change the TLS errors policy to not ignore errors and fail.
Attachments
Patch (28.58 KB, patch)
2012-12-09 05:53 PST, Carlos Garcia Campos 		mrobinson: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2012-12-09 05:53:23 PST
Created attachment 178415 [details] Patch
WebKit Review Bot
Comment 2 2012-12-09 05:58:41 PST
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Dan Winship
Comment 3 2012-12-09 07:34:37 PST
I'd be happier if WEBKIT_TLS_ERRORS_POLICY_IGNORE had a name that suggested "the application will handle TLS errors itself, so WebKit doesn't have to" rather than "let's just ignore TLS errors completely! whee!". maybe WEBKIT_TLS_ERRORS_HANDLED_BY_WEBKIT / ..._HANDLED_BY_APPLICATION ?
Martin Robinson
Comment 4 2012-12-09 07:38:23 PST
Maybe WEBKIT_TLS_ERRORS_POLICY_CONTINUE or WEBKIT_TLS_ERRORS_POLICY_LOAD_ANYWAY?
Carlos Garcia Campos
Comment 5 2012-12-09 07:55:25 PST
(In reply to comment #3) > I'd be happier if WEBKIT_TLS_ERRORS_POLICY_IGNORE had a name that suggested "the application will handle TLS errors itself, so WebKit doesn't have to" rather than "let's just ignore TLS errors completely! whee!". > > maybe WEBKIT_TLS_ERRORS_HANDLED_BY_WEBKIT / ..._HANDLED_BY_APPLICATION ? IGNORE doesn't mean the app will handle them, but that webkit will ignore the errors, and continue with the load normally, as we currently do. I'll add a new policy ASK to let the app handle the errors in a follow up patch. The idea of the ignore policy is that it doesn't require IPC traffic at all, and ignore is the default policy (for compatibility)
Dan Winship
Comment 6 2012-12-09 08:07:20 PST
(In reply to comment #5) > The idea of the ignore policy is that it doesn't require IPC traffic at all, and ignore is the default policy (for compatibility) Do we have API guarantees on WK2 yet? Either ASK or FAIL would be a better default...
Carlos Garcia Campos
Comment 7 2012-12-09 08:12:55 PST
(In reply to comment #6) > (In reply to comment #5) > > The idea of the ignore policy is that it doesn't require IPC traffic at all, and ignore is the default policy (for compatibility) > > Do we have API guarantees on WK2 yet? Either ASK or FAIL would be a better default... Not for API compatibility, but to not break SSL pages in GTK and EFL, we can make ASK the default from our API and still keep ignore SSL errors the default in webcore.
Carlos Garcia Campos
Comment 8 2012-12-20 10:43:28 PST
Committed r138273: <http://trac.webkit.org/changeset/138273>
Note You need to log in before you can comment on or make changes to this bug.