Changeset 125258 in webkit
- Timestamp:
- Aug 10, 2012 12:46:53 AM (12 years ago)
- Location:
- trunk/Source
- Files:
-
- 14 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r125257 r125258 1 2012-08-09 Carlos Garcia Campos <cgarcia@igalia.com> 2 3 Handle SSL errors for SOUP 4 https://bugs.webkit.org/show_bug.cgi?id=90267 5 6 Reviewed by Martin Robinson. 7 8 No new tests, this is covered by existing tests. 9 10 * platform/LocalizedStrings.h: 11 (WebCore): Add unacceptableTLSCertificate() for SOUP. 12 * platform/efl/LocalizedStringsEfl.cpp: 13 (WebCore::unacceptableTLSCertificate): 14 * platform/gtk/LocalizedStringsGtk.cpp: 15 (WebCore::unacceptableTLSCertificate): 16 * platform/network/ResourceHandle.h: 17 * platform/network/soup/ResourceError.h: 18 (WebCore::ResourceError::ResourceError): Add new constructor for 19 SSL errors that receives a certificate and TLS errors. 20 (WebCore::ResourceError::tlsErrors): Return TLS errors. 21 (WebCore::ResourceError::certificate): Return the certificate. 22 * platform/network/soup/ResourceHandleSoup.cpp: 23 (HostTLSCertificates): Helper class to store certificates for a 24 host. 25 (WebCore::HostTLSCertificateSet::add): Add a new certificate. 26 (WebCore::HostTLSCertificateSet::contains): Check whether 27 certificate is stored. 28 (WebCore::HostTLSCertificateSet::computeCertificateHash): Compute 29 the SHA1 of the certificate data. 30 (WebCore::allowsAnyHTTPSCertificateHosts): Global set to store 31 hostnames for which SSL errors should be ignored. 32 (WebCore::clientCertificates): Global map to store client 33 certificates. 34 (WebCore::hasUnignoredTLSErrors): Helper function to check whether 35 current message contains TLS errors that shouldn't be ignored and 36 certificate hasn't been approved already. 37 (WebCore::sendRequestCallback): Finish the load with an error in 38 case of SSL errors not handled by the SoupSession. 39 (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Add 40 the given hostname to the list of hosts for which SSL errors are 41 ignored. 42 (WebCore::ResourceHandle::setClientCertificate): Store the client 43 certificate for the given host. 44 (WebCore::ResourceHandle::setIgnoreSSLErrors): Set whether all SSL 45 errors should be ignored. 46 1 47 2012-08-10 Arko Saha <arko@motorola.com> 2 48 -
trunk/Source/WebCore/platform/LocalizedStrings.h
r124636 r125258 221 221 String dateFormatDayInMonthText(); 222 222 #endif 223 #if USE(SOUP) 224 String unacceptableTLSCertificate(); 225 #endif 223 226 224 227 #if !PLATFORM(CHROMIUM) -
trunk/Source/WebCore/platform/efl/LocalizedStringsEfl.cpp
r124636 r125258 573 573 } 574 574 575 String unacceptableTLSCertificate() 576 { 577 return String::fromUTF8("Unacceptable TLS certificate"); 578 } 579 575 580 String localizedString(const char* key) 576 581 { -
trunk/Source/WebCore/platform/gtk/LocalizedStringsGtk.cpp
r124636 r125258 724 724 } 725 725 726 String unacceptableTLSCertificate() 727 { 728 return String::fromUTF8(_("Unacceptable TLS certificate")); 729 } 730 726 731 String localizedString(const char* key) 727 732 { -
trunk/Source/WebCore/platform/network/ResourceHandle.h
r122670 r125258 169 169 #if USE(SOUP) 170 170 static SoupSession* defaultSession(); 171 static void setHostAllowsAnyHTTPSCertificate(const String&); 172 static void setClientCertificate(const String& host, GTlsCertificate*); 173 static void setIgnoreSSLErrors(bool); 171 174 #endif 172 175 -
trunk/Source/WebCore/platform/network/soup/ResourceError.h
r95901 r125258 28 28 29 29 #include "ResourceErrorBase.h" 30 #include <wtf/gobject/GRefPtr.h> 31 32 typedef struct _GTlsCertificate GTlsCertificate; 30 33 31 34 namespace WebCore { … … 35 38 public: 36 39 ResourceError() 40 : m_tlsErrors(0) 37 41 { 38 42 } … … 40 44 ResourceError(const String& domain, int errorCode, const String& failingURL, const String& localizedDescription) 41 45 : ResourceErrorBase(domain, errorCode, failingURL, localizedDescription) 46 , m_tlsErrors(0) 42 47 { 43 48 } 49 50 ResourceError(const String& domain, int errorCode, const String& failingURL, const String& localizedDescription, unsigned tlsErrors, GTlsCertificate* certificate) 51 : ResourceErrorBase(domain, errorCode, failingURL, localizedDescription) 52 , m_tlsErrors(tlsErrors) 53 , m_certificate(certificate) 54 { 55 } 56 57 unsigned tlsErrors() const { return m_tlsErrors; } 58 GTlsCertificate* certificate() const { return m_certificate.get(); } 59 60 private: 61 unsigned m_tlsErrors; 62 GRefPtr<GTlsCertificate> m_certificate; 44 63 }; 45 64 -
trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
r122652 r125258 35 35 #include "GOwnPtrSoup.h" 36 36 #include "HTTPParsers.h" 37 #include "LocalizedStrings.h" 37 38 #include "Logging.h" 38 39 #include "MIMETypeRegistry.h" … … 56 57 #include <sys/types.h> 57 58 #include <unistd.h> 59 #include <wtf/SHA1.h> 58 60 #include <wtf/gobject/GRefPtr.h> 61 #include <wtf/text/Base64.h> 59 62 #include <wtf/text/CString.h> 60 63 … … 159 162 }; 160 163 164 class HostTLSCertificateSet { 165 public: 166 void add(GTlsCertificate* certificate) 167 { 168 String certificateHash = computeCertificateHash(certificate); 169 if (!certificateHash.isEmpty()) 170 m_certificates.add(certificateHash); 171 } 172 173 bool contains(GTlsCertificate* certificate) 174 { 175 return m_certificates.contains(computeCertificateHash(certificate)); 176 } 177 178 private: 179 static String computeCertificateHash(GTlsCertificate* certificate) 180 { 181 GByteArray* data = 0; 182 g_object_get(G_OBJECT(certificate), "certificate", &data, NULL); 183 if (!data) 184 return String(); 185 186 static const size_t sha1HashSize = 20; 187 GRefPtr<GByteArray> certificateData = adoptGRef(data); 188 SHA1 sha1; 189 sha1.addBytes(certificateData->data, certificateData->len); 190 191 Vector<uint8_t, sha1HashSize> digest; 192 sha1.computeHash(digest); 193 194 return base64Encode(reinterpret_cast<const char*>(digest.data()), sha1HashSize); 195 } 196 197 HashSet<String> m_certificates; 198 }; 199 161 200 static void cleanupSoupRequestOperation(ResourceHandle*, bool isDestroying); 162 201 static void sendRequestCallback(GObject*, GAsyncResult*, gpointer); … … 168 207 #endif 169 208 209 static bool gIgnoreSSLErrors = false; 210 211 static HashSet<String>& allowsAnyHTTPSCertificateHosts() 212 { 213 DEFINE_STATIC_LOCAL(HashSet<String>, hosts, ()); 214 return hosts; 215 } 216 217 typedef HashMap<String, HostTLSCertificateSet> CertificatesMap; 218 static CertificatesMap& clientCertificates() 219 { 220 DEFINE_STATIC_LOCAL(CertificatesMap, certificates, ()); 221 return certificates; 222 } 223 170 224 ResourceHandleInternal::~ResourceHandleInternal() 171 225 { … … 350 404 } 351 405 406 static inline bool hasUnignoredTLSErrors(ResourceHandle* handle) 407 { 408 return handle->getInternal()->m_response.soupMessageTLSErrors() 409 && !gIgnoreSSLErrors 410 && !allowsAnyHTTPSCertificateHosts().contains(handle->firstRequest().url().host().lower()); 411 } 412 352 413 static void sendRequestCallback(GObject* source, GAsyncResult* res, gpointer data) 353 414 { … … 385 446 } 386 447 d->m_response.updateFromSoupMessage(soupMessage); 448 449 if (hasUnignoredTLSErrors(handle.get())) { 450 CertificatesMap::iterator iter = clientCertificates().find(handle->firstRequest().url().host().lower()); 451 if (iter == clientCertificates().end() || !iter->second.contains(d->m_response.soupMessageCertificate())) { 452 GOwnPtr<char> uri(soup_uri_to_string(soup_request_get_uri(d->m_soupRequest.get()), FALSE)); 453 client->didFail(handle.get(), ResourceError(g_quark_to_string(SOUP_HTTP_ERROR), SOUP_STATUS_SSL_FAILED, 454 uri.get(), unacceptableTLSCertificate(), 455 d->m_response.soupMessageTLSErrors(), d->m_response.soupMessageCertificate())); 456 cleanupSoupRequestOperation(handle.get()); 457 return; 458 } 459 } 387 460 } else { 388 461 d->m_response.setURL(handle->firstRequest().url()); … … 740 813 } 741 814 815 void ResourceHandle::setHostAllowsAnyHTTPSCertificate(const String& host) 816 { 817 allowsAnyHTTPSCertificateHosts().add(host.lower()); 818 } 819 820 void ResourceHandle::setClientCertificate(const String& host, GTlsCertificate* certificate) 821 { 822 clientCertificates().add(host.lower(), HostTLSCertificateSet()).iterator->second.add(certificate); 823 } 824 825 void ResourceHandle::setIgnoreSSLErrors(bool ignoreSSLErrors) 826 { 827 gIgnoreSSLErrors = ignoreSSLErrors; 828 } 829 742 830 static bool hasBeenSent(ResourceHandle* handle) 743 831 { -
trunk/Source/WebKit/efl/ChangeLog
r124945 r125258 1 2012-08-09 Carlos Garcia Campos <cgarcia@igalia.com> 2 3 Handle SSL errors for SOUP 4 https://bugs.webkit.org/show_bug.cgi?id=90267 5 6 Reviewed by Martin Robinson. 7 8 Ignore SSL errors by default for compatibility. 9 10 * ewk/ewk_main.cpp: 11 (_ewk_init_body): 12 1 13 2012-08-07 Ryuan Choi <ryuan.choi@samsung.com> 2 14 -
trunk/Source/WebKit/efl/ewk/ewk_main.cpp
r123731 r125258 177 177 soup_session_add_feature(session, auth_dialog); 178 178 179 WebCore::ResourceHandle::setIgnoreSSLErrors(true); 180 179 181 return true; 180 182 } -
trunk/Source/WebKit/gtk/ChangeLog
r124896 r125258 1 2012-08-09 Carlos Garcia Campos <cgarcia@igalia.com> 2 3 Handle SSL errors for SOUP 4 https://bugs.webkit.org/show_bug.cgi?id=90267 5 6 Reviewed by Martin Robinson. 7 8 Ignore SSL errors by default for compatibility. 9 10 * webkit/webkitglobals.cpp: 11 (webkitInit): 12 1 13 2012-08-07 Carlos Garcia Campos <cgarcia@igalia.com> 2 14 -
trunk/Source/WebKit/gtk/webkit/webkitglobals.cpp
r121707 r125258 532 532 g_object_unref(authDialog); 533 533 534 WebCore::ResourceHandle::setIgnoreSSLErrors(true); 535 534 536 #if USE(CLUTTER) 535 537 gtk_clutter_init(0, 0); -
trunk/Source/WebKit2/ChangeLog
r125197 r125258 1 2012-08-09 Carlos Garcia Campos <cgarcia@igalia.com> 2 3 Handle SSL errors for SOUP 4 https://bugs.webkit.org/show_bug.cgi?id=90267 5 6 Reviewed by Martin Robinson. 7 8 Ignore SSL errors by default for compatibility. 9 10 * WebProcess/efl/WebProcessMainEfl.cpp: 11 (WebKit::WebProcessMainEfl): 12 * WebProcess/gtk/WebProcessMainGtk.cpp: 13 (WebKit::WebProcessMainGtk): 14 1 15 2012-08-09 Alexey Proskuryakov <ap@apple.com> 2 16 -
trunk/Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp
r124989 r125258 85 85 #endif 86 86 87 WebCore::ResourceHandle::setIgnoreSSLErrors(true); 88 87 89 int socket = atoi(argv[1]); 88 90 WebProcess::shared().initialize(socket, RunLoop::main()); -
trunk/Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp
r122571 r125258 81 81 soup_cache_load(soupCache.get()); 82 82 83 // This is for compatibility, it will be removed when UI process can handle SSL errors. 84 WebCore::ResourceHandle::setIgnoreSSLErrors(true); 85 83 86 RunLoop::run(); 84 87
Note: See TracChangeset
for help on using the changeset viewer.