Bug 145819
| Summary: | Websocket Invalid Certificate Error after accepting self signed certificate | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Fabio Rojas <frojas> |
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | ap, bfulgham, dbates, felix, hypertree, wilander |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Fabio Rojas
Steps to Repro:
- Get WebContent from Site A
- Have webcontent retrieve webpage from site B
- Site B uses a self signed cert
- User accepts self signed cert but does not add it to keychain
- Have web content try to communicate with site B using Websocket
- See the the following error in the logs:
[Error] WebSocket network error: OSStatus Error -9807: Invalid certificate chain (index.html, line 0)
- At this point if the browser navigates to site B it displays that the certificate on site B is trusted because the user has accepted it for this session
Seen on Safari Version 8.0.6 (10600.6.3)
Note:
- This works on:
Chrome Version 43.0.2357.124 (64-bit)
Firefox Version 38.0.5
IE: 10, 11 and Edge
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Fabio Rojas
Workaround: Add the self signed certificate from site B to the keychain
Alexey Proskuryakov
rdar://problem/9697244
Sanjay Kumar
Is this being considered for implementation ?
Without Self signed certificate we can not connect IoT devices to mobile Safari. This is a huge problem.