diff mbox series

[8/9] webkit: Ignore TLS errors.

Message ID 20200207091017.26244-8-greearb@candelatech.com
State Accepted
Headers show
Series [1/9] supplicant: Update HS20 readme. | expand

Commit Message

Ben Greear Feb. 7, 2020, 9:10 a.m. UTC
From: Ben Greear <greearb@candelatech.com>

Hopefully this helps with self-signed certs.

Signed-off-by: Ben Greear <greearb@candelatech.com>
---
 src/utils/browser.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Jouni Malinen Feb. 16, 2020, 5:29 p.m. UTC | #1
On Fri, Feb 07, 2020 at 01:10:16AM -0800, greearb@candelatech.com wrote:
> Hopefully this helps with self-signed certs.

Thanks, applied with fixes to make this be used only with webkit2 (since
this breaks webkit build and is not needed there either). In general, it
is obviously not good direction to disable server certificate
validation, but that's what was needed for various OSU server test
scenarios in the past, so starting with same using webkit2 looks
acceptable. That said, I did separately change "hs20-osu-client browser
<URL>" case default to server certificate validation and added a new
command like argument -T to disable that.
diff mbox series

Patch

diff --git a/src/utils/browser.c b/src/utils/browser.c
index a9247092f..4f39c4186 100644
--- a/src/utils/browser.c
+++ b/src/utils/browser.c
@@ -211,6 +211,7 @@  int hs20_web_browser(const char *url)
 	SoupSession *s;
 #endif
 	struct browser_context ctx;
+	WebKitWebContext *wkctx;
 
 	memset(&ctx, 0, sizeof(ctx));
 	if (!gtk_init_check(NULL, NULL))
@@ -278,6 +279,9 @@  int hs20_web_browser(const char *url)
 		     "hs20-client/1.0", NULL);
 	g_object_set(G_OBJECT(settings), "auto-load-images", TRUE, NULL);
 
+	wkctx = webkit_web_context_get_default();
+	webkit_web_context_set_tls_errors_policy(wkctx, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+
 	webkit_web_view_load_uri(view, url);
 
 	gtk_main();