Hi,
In the future, please use webkit-...@lists.webkit.org instead.
On Wed, Jan 31, 2018 at 12:05 PM, Ben Greear <gree...@candelatech.com>
wrote:
I am unsure how to port this part....any ideas?
SoupSession *s;
s = webkit_web_context_get_default_session();
g_object_set(G_OBJECT(s), "ssl-ca-file",
"/etc/ssl/certs/ca-certificates.crt", NULL);
g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL);
Good news: you can just remove that code. Modern WebKitGTK+
automatically verifies TLS certificates using the system trust.
The old version of WebKitGTK+ you were using before did not perform any
certificate verification at all, so you had to grab the SoupSession and
try to do it manually. That's not possible anymore, because the
SoupSession lives in the network process, so WebKit must do it for you.
One concern: I see you were setting ssl-strict to FALSE. That means
libsoup would accept all certificates, and you must have some code
elsewhere in your application to manually verify the certificates. Most
applications got this wrong, either by not doing it at all, or by doing
it too late, after sending an HTTP request. (It has to happen before
the first HTTP request is sent, or your application will leak e.g.
secure session cookies to any attacker.)
Michael
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-dev
