Make it per session instead of global to the network process.
Created attachment 409358 [details] Patch
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See https://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Comment on attachment 409358 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409358&action=review > Source/WebCore/platform/network/soup/SoupNetworkSession.h:82 > + bool m_ignoreTLSErrors { false }; You may want to have this be consistent with its default value on WebsiteDataStore. You may also want to have the default be false, but it was true on WebProcessPool so this is maintaining the status quo.
Committed r267502: <https://trac.webkit.org/changeset/267502> All reviewed patches have been landed. Closing bug and clearing flags on attachment 409358 [details].
GTK and WPE layout test bots are exiting early after this change: https://build.webkit.org/results/GTK%20Linux%2064-bit%20Release%20(Tests)/r267504%20(16003)/results.html Maybe something missing in WTR?
Using http/tests/ssl/verify-ssl-enabled.php (a failure) and enabling logging, the only network request/response that appears is: set 24 00:52:47 lauro-desktop WebKitNetworkProcess[1575042]: < HTTP/1.1 1 Cancelled set 24 00:52:47 lauro-desktop WebKitNetworkProcess[1575042]: < Soup-Debug-Timestamp: 1600919567 set 24 00:52:47 lauro-desktop WebKitNetworkProcess[1575042]: < Soup-Debug: SoupMessage 0 (0x563077e470d0) set 24 00:52:47 lauro-desktop WebKitNetworkProcess[1575042]: (Instead of the regular GET request)
Comment on attachment 409358 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=409358&action=review >> Source/WebCore/platform/network/soup/SoupNetworkSession.h:82 >> + bool m_ignoreTLSErrors { false }; > > You may want to have this be consistent with its default value on WebsiteDataStore. > You may also want to have the default be false, but it was true on WebProcessPool so this is maintaining the status quo. The default is false for the GLib API, but true internally so that TLS errors are ignored by default in WTR. But it seems I broke it, see bug #216911