Bug 104482

Summary: [GTK] Add API to set a TLS errors policy to WebKit2 GTK+ API
Product: WebKit Reporter: Carlos Garcia Campos <cgarcia@igalia.com>
Component: WebKit2Assignee: Nobody <webkit-unassigned@lists.webkit.org>
Status: RESOLVED FIXED    
Severity: Normal CC: danw@gnome.org, dchris@gmail.com, gns@gnome.org, gyuyoung.kim@samsung.com, mrobinson@webkit.org, rakuco@webkit.org, webkit.review.bot@gmail.com
Priority: P2 Keywords: Gtk, Soup
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Patch mrobinson: review+

Description From 2012-12-09 04:53:43 PST
We are currently always ignoring all TLS errors unconditionally. We should provide an API to allow change the TLS errors policy to not ignore errors and fail.
------- Comment #1 From 2012-12-09 05:53:23 PST -------
Created an attachment (id=178415) [details]
Patch
------- Comment #2 From 2012-12-09 05:58:41 PST -------
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
------- Comment #3 From 2012-12-09 07:34:37 PST -------
I'd be happier if WEBKIT_TLS_ERRORS_POLICY_IGNORE had a name that suggested "the application will handle TLS errors itself, so WebKit doesn't have to" rather than "let's just ignore TLS errors completely! whee!".

maybe WEBKIT_TLS_ERRORS_HANDLED_BY_WEBKIT / ..._HANDLED_BY_APPLICATION ?
------- Comment #4 From 2012-12-09 07:38:23 PST -------
Maybe WEBKIT_TLS_ERRORS_POLICY_CONTINUE or WEBKIT_TLS_ERRORS_POLICY_LOAD_ANYWAY?
------- Comment #5 From 2012-12-09 07:55:25 PST -------
(In reply to comment #3)
> I'd be happier if WEBKIT_TLS_ERRORS_POLICY_IGNORE had a name that suggested "the application will handle TLS errors itself, so WebKit doesn't have to" rather than "let's just ignore TLS errors completely! whee!".
> 
> maybe WEBKIT_TLS_ERRORS_HANDLED_BY_WEBKIT / ..._HANDLED_BY_APPLICATION ?

IGNORE doesn't mean the app will handle them, but that webkit will ignore the errors, and continue with the load normally, as we currently do. I'll add a new policy ASK to let the app handle the errors in a follow up patch. The idea of the ignore policy is that it doesn't require IPC traffic at all, and ignore is the default policy (for compatibility)
------- Comment #6 From 2012-12-09 08:07:20 PST -------
(In reply to comment #5)
> The idea of the ignore policy is that it doesn't require IPC traffic at all, and ignore is the default policy (for compatibility)

Do we have API guarantees on WK2 yet? Either ASK or FAIL would be a better default...
------- Comment #7 From 2012-12-09 08:12:55 PST -------
(In reply to comment #6)
> (In reply to comment #5)
> > The idea of the ignore policy is that it doesn't require IPC traffic at all, and ignore is the default policy (for compatibility)
> 
> Do we have API guarantees on WK2 yet? Either ASK or FAIL would be a better default...

Not for API compatibility, but to not break SSL pages in GTK and EFL, we can make ASK the default from our API and still keep ignore SSL errors the default in webcore.
------- Comment #8 From 2012-12-20 10:43:28 PST -------
Committed r138273: <http://trac.webkit.org/changeset/138273>