Changeset 102599 in webkit

Timestamp:

Dec 12, 2011 10:18:07 AM (12 years ago)

Author:

kubo@profusion.mobi

Message:

[EFL] Add API to manage root X.509 CA certificates.
​https://bugs.webkit.org/show_bug.cgi?id=74300

Reviewed by Martin Robinson.

• ewk/ewk_network.cpp:

(ewk_network_tls_ca_certificates_path_get):
(ewk_network_tls_ca_certificates_path_set):

• ewk/ewk_network.h:

Location:

trunk/Source/WebKit/efl

Files:

• ChangeLog (modified) (1 diff)
• ewk/ewk_network.cpp (modified) (1 diff)
• ewk/ewk_network.h (modified) (2 diffs)

trunk/Source/WebKit/efl/ChangeLog

@@ +1 @@
+2011-12-12  Raphael Kubo da Costa  <kubo@profusion.mobi>
+
+        [EFL] Add API to manage root X.509 CA certificates.
+        https://bugs.webkit.org/show_bug.cgi?id=74300
+
+        Reviewed by Martin Robinson.
+
+        * ewk/ewk_network.cpp:
+        (ewk_network_tls_ca_certificates_path_get):
+        (ewk_network_tls_ca_certificates_path_set):
+        * ewk/ewk_network.h:
+
 2011-12-12  Raphael Kubo da Costa  <kubo@profusion.mobi>
 

trunk/Source/WebKit/efl/ewk/ewk_network.cpp

@@ -96 +96 @@
 }
 
+const char* ewk_network_tls_ca_certificates_path_get()
+{
+    const char* bundlePath = 0;
+
+#if USE(SOUP)
+    SoupSession* defaultSession = WebCore::ResourceHandle::defaultSession();
+    g_object_get(defaultSession, "ssl-ca-file", &bundlePath, NULL);
+#endif
+
+    return bundlePath;
+}
+
+void ewk_network_tls_ca_certificates_path_set(const char* bundlePath)
+{
+#if USE(SOUP)
+    SoupSession* defaultSession = WebCore::ResourceHandle::defaultSession();
+    g_object_set(defaultSession, "ssl-ca-file", bundlePath, NULL);
+#endif
+}
+
 SoupSession* ewk_network_default_soup_session_get()
 {

trunk/Source/WebKit/efl/ewk/ewk_network.h

@@ -61 +61 @@
  *
  * By default, HTTPS connections are performed regardless of the validity of the certificate provided.
+ *
+ * @sa ewk_network_tls_ca_certificates_path_set
  */
 EAPI Eina_Bool        ewk_network_tls_certificate_check_get(void);
@@ -70 +72 @@
  *
  * @param enable Whether to check the provided certificates or not.
+ *
+ * @sa ewk_network_tls_ca_certificates_path_set
  */
 EAPI void             ewk_network_tls_certificate_check_set(Eina_Bool enable);
+
+/**
+ * Returns the path to a file containing the platform's root X.509 CA certificates.
+ *
+ * The file is a list of concatenated PEM-format X.509 certificates used as root CA certificates.
+ * They are used to validate all the certificates received when a TLS connection (such as an HTTPS one) is made.
+ *
+ * If @c ewk_network_tls_certificate_check_get() returns @c EINA_TRUE, the certificates set by this function
+ * will be used to decide whether a certificate provided by a web site is invalid and the request should then
+ * be cancelled.
+ *
+ * By default, the path is not set, so all certificates are considered as not signed by a trusted root CA.
+ *
+ * @sa ewk_network_tls_certificate_check_set
+ */
+EAPI const char      *ewk_network_tls_ca_certificates_path_get(void);
+
+/**
+ * Sets the path to a file containing the platform's root X.509 CA certificates.
+ *
+ * The file is a list of concatenated PEM-format X.509 certificates used as root CA certificates.
+ * They are used to validate all the certificates received when a TLS connection (such as an HTTPS one) is made.
+ *
+ * If @c ewk_network_tls_certificate_check_get() returns @c EINA_TRUE, the certificates set by this function
+ * will be used to decide whether a certificate provided by a web site is invalid and the request should then
+ * be cancelled.
+ *
+ * By default, the path is not set, so all certificates are considered as not signed by a trusted root CA.
+ *
+ * @param path The path to the certificate bundle.
+ *
+ * @sa ewk_network_tls_certificate_check_set
+ */
+EAPI void             ewk_network_tls_ca_certificates_path_set(const char *path);
 
 /**