WebKit [LSARC/2008/782 FastTrack timeout 26/12/2008]
Hugh McIntyre
lists at mcintyreweb.com
Thu Jan 1 23:59:57 PST 2009
Shi-Ying Irene Huang wrote:
> 4.11. Security Impact:
> In the future, the WebKit community plans that WebKit/GTK+ will use cURL
> and then OpenSSL library to verify the peer's certificates for HTTPS
> connections. However, this feature is not implemented yet.
So does this mean that:
- HTTPS is not supported right now?
- HTTPS is supported, but does no verification of the server
certificate, thus defeating half of the point of HTTPS?
- HTTPS is supported and checks the certificates properly, just not via
CURL/OpenSSL?
- or that WebKit does not do the network accesses itself?
As a second security-related question, what's the support plan every
time in future that Apple announces a Mac OS security fix that includes
an update to it's WebKit? Will OpenSolaris be able to keep up promptly
with this?
Hugh. (not a LSARC member and thus no vote).
More information about the opensolaris-arc
mailing list