Bug 146155

Summary: Remove treatsSHA1SignedCertificatesAsInsecure from WebPageConfiguration
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKit2Assignee: Michael Catanzaro <mcatanzaro>
Status: NEW ---    
Severity: Minor CC: andersca, beidson, cgarcia, mcatanzaro, mitz, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   
See Also: https://bugs.webkit.org/show_bug.cgi?id=142461
Attachments:
Description Flags
Patch
none
Patch
none
Patch beidson: review-

Description Michael Catanzaro 2015-06-19 12:25:20 PDT
WebPageConfiguration is not a great place for random platform-specific preferences. Currently it has only one such preference,  treatsSHA1SignedCertificatesAsInsecure. This preference will never be used by curl or soup ports (it's simply not possible to get such information about the certificate, and it wouldn't be appropriate for WebKit to warn about certificates that curl or other soup apps are OK with), so it should at least be guarded by #if PLATFORM(COCOA). But WebPageConfiguration is otherwise used to hold a few very important objects, not preferences (except for the WebPreferencesStore::ValueMap), and that is one highly-specific certificate check out of many possible such checks. Let's move this check down to a lower, platform-specific layer.
Comment 1 Michael Catanzaro 2015-06-19 12:43:37 PDT
Created attachment 255215 [details]
Patch
Comment 2 Michael Catanzaro 2015-06-19 12:51:36 PDT
Created attachment 255218 [details]
Patch
Comment 3 mitz 2015-06-20 08:48:28 PDT
I think a better terminology to use here might involve phrases like “certificate evaluation policy”, “trust evaluation policy”, or “security assessment policy”.
Comment 4 Michael Catanzaro 2015-06-20 09:33:16 PDT
Yes; those are much better than what I came up with.

I also need to update this to apply on top of r185795.
Comment 5 Michael Catanzaro 2015-06-20 17:08:25 PDT
Created attachment 255302 [details]
Patch
Comment 6 Michael Catanzaro 2016-01-02 10:41:53 PST
Ping, owners?
Comment 7 Michael Catanzaro 2016-03-26 11:03:39 PDT
Dan, maybe a good time to revisit this?
Comment 8 Brady Eidson 2017-04-24 19:11:46 PDT
Comment on attachment 255302 [details]
Patch

This patch has been pending review since 2015 with no recent activity.
It seems unlikely that it would even still apply to trunk in its current form.

Clearing from the review queue.

Feel free to update and resubmit if the patch is still relevant.