Shi-Ying Irene Huang wrote: > 4.11. Security Impact: > In the future, the WebKit community plans that WebKit/GTK+ will use > cURL > and then OpenSSL library to verify the peer's certificates for HTTPS > connections. However, this feature is not implemented yet.
So does this mean that: - HTTPS is not supported right now? - HTTPS is supported, but does no verification of the server certificate, thus defeating half of the point of HTTPS? - HTTPS is supported and checks the certificates properly, just not via CURL/OpenSSL? - or that WebKit does not do the network accesses itself? As a second security-related question, what's the support plan every time in future that Apple announces a Mac OS security fix that includes an update to it's WebKit? Will OpenSolaris be able to keep up promptly with this? Hugh. (not a LSARC member and thus no vote).
