Changeset 250217 in webkit


Ignore:
Timestamp:
Sep 23, 2019, 2:05:16 AM (6 years ago)
Author:
Michael Catanzaro
Message:

[SOUP] Stop setting G_TLS_GNUTLS_PRIORITY
https://bugs.webkit.org/show_bug.cgi?id=172154

Reviewed by Carlos Garcia Campos.

Nowadays, I maintain glib-networking. WebKit doesn't need to override its defaults to be
secure anymore. By overriding glib-networking's default priority, WebKit is force-reenabling
TLS 1.0 and TLS 1.1 even when glib-networking has disabled them.

  • NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:

(main):

  • WebProcess/EntryPoint/unix/WebProcessMain.cpp:

(main):

Location:
trunk/Source/WebKit
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r250197 r250217  
     12019-09-23  Michael Catanzaro  <mcatanzaro@igalia.com>
     2
     3        [SOUP] Stop setting G_TLS_GNUTLS_PRIORITY
     4        https://bugs.webkit.org/show_bug.cgi?id=172154
     5
     6        Reviewed by Carlos Garcia Campos.
     7
     8        Nowadays, I maintain glib-networking. WebKit doesn't need to override its defaults to be
     9        secure anymore. By overriding glib-networking's default priority, WebKit is force-reenabling
     10        TLS 1.0 and TLS 1.1 even when glib-networking has disabled them.
     11
     12        * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
     13        (main):
     14        * WebProcess/EntryPoint/unix/WebProcessMain.cpp:
     15        (main):
     16
    1172019-09-21  Dan Bernstein  <mitz@apple.com>
    218

  • trunk/Source/WebKit/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp

    r241654 r250217  
    3636int main(int argc, char** argv)
    3737{
    38     // Disable SSLv3 very early because it is practically impossible to safely
    39     // use setenv() when multiple threads are running, as another thread calling
    40     // getenv() could cause a crash, and many functions use getenv() internally.
    41     // This workaround will stop working if glib-networking switches away from
    42     // GnuTLS or simply stops parsing this variable. We intentionally do not
    43     // overwrite this priority string if it's already set by the user.
    44     // https://bugzilla.gnome.org/show_bug.cgi?id=738633
    45     // WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp.
    46     setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0:!ARCFOUR-128", 0);
    47 
    4838#if USE(GCRYPT)
    4939    PAL::GCrypt::initialize();

  • trunk/Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp

    r241654 r250217  
    3636int main(int argc, char** argv)
    3737{
    38     // Disable SSLv3 very early because it is practically impossible to safely
    39     // use setenv() when multiple threads are running, as another thread calling
    40     // getenv() could cause a crash, and many functions use getenv() internally.
    41     // This workaround will stop working if glib-networking switches away from
    42     // GnuTLS or simply stops parsing this variable. We intentionally do not
    43     // overwrite this priority string if it's already set by the user.
    44     // https://bugzilla.gnome.org/show_bug.cgi?id=738633
    45     // WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp.
    46     setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0:!ARCFOUR-128", 0);
    47 
    4838#if USE(GCRYPT)
    4939    PAL::GCrypt::initialize();
Note: See TracChangeset for help on using the changeset viewer.