Bug 104482 - [GTK] Add API to set a TLS errors policy to WebKit2 GTK+ API
: [GTK] Add API to set a TLS errors policy to WebKit2 GTK+ API
Status: RESOLVED FIXED
: WebKit
WebKit2
: 528+ (Nightly build)
: PC Linux
: P2 Normal
Assigned To:
:
: Gtk, Soup
:
:
  Show dependency treegraph
 
Reported: 2012-12-09 04:53 PST by
Modified: 2012-12-20 10:43 PST (History)


Attachments
Patch (28.58 KB, patch)
2012-12-09 05:53 PST, Carlos Garcia Campos
mrobinson: review+
Review Patch | Details | Formatted Diff | Diff


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2012-12-09 04:53:43 PST
We are currently always ignoring all TLS errors unconditionally. We should provide an API to allow change the TLS errors policy to not ignore errors and fail.
------- Comment #1 From 2012-12-09 05:53:23 PST -------
Created an attachment (id=178415) [details]
Patch
------- Comment #2 From 2012-12-09 05:58:41 PST -------
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
------- Comment #3 From 2012-12-09 07:34:37 PST -------
I'd be happier if WEBKIT_TLS_ERRORS_POLICY_IGNORE had a name that suggested "the application will handle TLS errors itself, so WebKit doesn't have to" rather than "let's just ignore TLS errors completely! whee!".

maybe WEBKIT_TLS_ERRORS_HANDLED_BY_WEBKIT / ..._HANDLED_BY_APPLICATION ?
------- Comment #4 From 2012-12-09 07:38:23 PST -------
Maybe WEBKIT_TLS_ERRORS_POLICY_CONTINUE or WEBKIT_TLS_ERRORS_POLICY_LOAD_ANYWAY?
------- Comment #5 From 2012-12-09 07:55:25 PST -------
(In reply to comment #3)
> I'd be happier if WEBKIT_TLS_ERRORS_POLICY_IGNORE had a name that suggested "the application will handle TLS errors itself, so WebKit doesn't have to" rather than "let's just ignore TLS errors completely! whee!".
> 
> maybe WEBKIT_TLS_ERRORS_HANDLED_BY_WEBKIT / ..._HANDLED_BY_APPLICATION ?

IGNORE doesn't mean the app will handle them, but that webkit will ignore the errors, and continue with the load normally, as we currently do. I'll add a new policy ASK to let the app handle the errors in a follow up patch. The idea of the ignore policy is that it doesn't require IPC traffic at all, and ignore is the default policy (for compatibility)
------- Comment #6 From 2012-12-09 08:07:20 PST -------
(In reply to comment #5)
> The idea of the ignore policy is that it doesn't require IPC traffic at all, and ignore is the default policy (for compatibility)

Do we have API guarantees on WK2 yet? Either ASK or FAIL would be a better default...
------- Comment #7 From 2012-12-09 08:12:55 PST -------
(In reply to comment #6)
> (In reply to comment #5)
> > The idea of the ignore policy is that it doesn't require IPC traffic at all, and ignore is the default policy (for compatibility)
> 
> Do we have API guarantees on WK2 yet? Either ASK or FAIL would be a better default...

Not for API compatibility, but to not break SSL pages in GTK and EFL, we can make ASK the default from our API and still keep ignore SSL errors the default in webcore.
------- Comment #8 From 2012-12-20 10:43:28 PST -------
Committed r138273: <http://trac.webkit.org/changeset/138273>