Summary: | We should log the reason when a secure wss WebSocket connection could not be established | ||
---|---|---|---|
Product: | WebKit | Reporter: | Martyn Loughran <mail> |
Component: | Web Inspector | Assignee: | Nobody <webkit-unassigned> |
Status: | NEW --- | ||
Severity: | Normal | CC: | ap, bfulgham, fishd, graouts, inspector-bugzilla-changes, joenotcharles, webkit-bug-importer, wilander |
Priority: | P2 | Keywords: | InRadar |
Version: | 528+ (Nightly build) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Bug Depends on: | |||
Bug Blocks: | 40945 |
Description
Martyn Loughran
2010-06-30 10:07:52 PDT
What happens if you try to connect to the same host via HTTP (i.e., by entering an http:// address in address bar)? Is there an SSL certificate error displayed? WebSocket spec says: 4. If /secure/ is true, perform a TLS handshake over the connection. If this fails (e.g. the server's certificate could not be verified), then fail the WebSocket connection and abort these steps. > entering an http:// address
I meant https://, sorry.
Alexey, You're absolutely correct. The self signed certificate was not trusted by Safari and after changing the setting to always trust this certificate the WebSocket connection worked. So thanks! I wonder though whether it would be possible to make this more user friendly? Bringing up the same certificate warning message that Safari uses for https would seem to be ideal, but if that's not possible at least logging the failure reason somewhere would be really useful. Logging is absolutely what we should do. I'm not convinced that a warning sheet is a good idea - providing an easy way to bypass security equals to having no security at all, and we can avoid that for WebSocket, that would be good. We might eventually have to show the warning sheet due to pressure from other browsers (I'm told Chrome does that). |