Changeset 171485 in webkit


Ignore:
Timestamp:
Jul 23, 2014 1:18:47 PM (10 years ago)
Author:
mitz@apple.com
Message:

<rdar://problem/17782623> [iOS] Client-certificate authentication isn’t working with some certificates
https://bugs.webkit.org/show_bug.cgi?id=135206

Reviewed by Anders Carlsson.

  • Shared/cf/ArgumentCodersCF.cpp:

(IPC::copyPersistentRef): Added this helper function. It differs from
SecKeyCopyPersistentRef in that if multiple copies of the key exist in the keychain, it
ensures that we get a reference to the copy that is in the keychain access group that the
Networking process can use.
(IPC::encode): Use copyPersistentRef.

Location:
trunk/Source/WebKit2
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit2/ChangeLog

    r171479 r171485  
     12014-07-23  Dan Bernstein  <mitz@apple.com>
     2
     3        <rdar://problem/17782623> [iOS] Client-certificate authentication isn’t working with some certificates
     4        https://bugs.webkit.org/show_bug.cgi?id=135206
     5
     6        Reviewed by Anders Carlsson.
     7
     8        * Shared/cf/ArgumentCodersCF.cpp:
     9        (IPC::copyPersistentRef): Added this helper function. It differs from
     10        SecKeyCopyPersistentRef in that if multiple copies of the key exist in the keychain, it
     11        ensures that we get a reference to the copy that is in the keychain access group that the
     12        Networking process can use.
     13        (IPC::encode): Use copyPersistentRef.
     14
    1152014-07-23  Bem Jones-Bey  <bjonesbe@adobe.com>
    216
  • trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp

    r171060 r171485  
    4848#endif
    4949
    50 extern "C" OSStatus SecKeyCopyPersistentRef(SecKeyRef key, CFDataRef* persistentRef);
    5150extern "C" OSStatus SecKeyFindWithPersistentRef(CFDataRef persistentRef, SecKeyRef* lookedUpData);
    5251#endif
     
    629628    secKeyRefDecodingAllowed = allowsDecodingSecKeyRef;
    630629}
     630
     631static CFDataRef copyPersistentRef(SecKeyRef key)
     632{
     633    // This function differs from SecItemCopyPersistentRef in that it specifies an access group.
     634    // This is necessary in case there are multiple copies of the key in the keychain, because we
     635    // need a reference to the one that the Networking process will be able to access.
     636    CFDataRef persistentRef = nullptr;
     637    SecItemCopyMatching((CFDictionaryRef)@{
     638        (id)kSecReturnPersistentRef: @YES,
     639        (id)kSecValueRef: (id)key,
     640        (id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny,
     641        (id)kSecAttrAccessGroup: @"com.apple.identities",
     642    }, (CFTypeRef*)&persistentRef);
     643
     644    return persistentRef;
     645}
    631646#endif
    632647
     
    643658    CFDataRef keyData = nullptr;
    644659#if PLATFORM(IOS)
    645     SecKeyCopyPersistentRef(key, &keyData);
     660    keyData = copyPersistentRef(key);
    646661#endif
    647662#if PLATFORM(MAC)
Note: See TracChangeset for help on using the changeset viewer.