Changeset 159587 in webkit


Ignore:
Timestamp:
Nov 20, 2013 3:25:38 PM (10 years ago)
Author:
commit-queue@webkit.org
Message:

[curl] Improve detecting and handling of SSL related errors
https://bugs.webkit.org/show_bug.cgi?id=119436

Patch by Robert Sipka <sipka@inf.u-szeged.hu> on 2013-11-20
Reviewed by Brent Fulgham.

Set the exact SSL verification error on CURL
and store the enabled domain with certificate.

  • WebCore.vcxproj/WebCore.vcxproj:
  • WebCore.vcxproj/WebCore.vcxproj.filters:
  • platform/network/ResourceHandle.h:
  • platform/network/ResourceHandleInternal.h:

(WebCore::ResourceHandleInternal::ResourceHandleInternal):

  • platform/network/curl/ResourceError.h:

(WebCore::ResourceError::ResourceError):
(WebCore::ResourceError::sslErrors):
(WebCore::ResourceError::setSSLErrors):

  • platform/network/curl/ResourceHandleCurl.cpp:

(WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate):

  • platform/network/curl/ResourceHandleManager.cpp:

(WebCore::ResourceHandleManager::downloadTimerCallback):
(WebCore::ResourceHandleManager::initializeHandle):

  • platform/network/curl/SSLHandle.cpp: Added.

(WebCore::allowsAnyHTTPSCertificateHosts):
(WebCore::sslIgnoreHTTPSCertificate):
(WebCore::sslCertificateFlag):
(WebCore::pemData):
(WebCore::certVerifyCallback):
(WebCore::sslctxfun):
(WebCore::setSSLVerifyOptions):

  • platform/network/curl/SSLHandle.h: Added.
Location:
trunk/Source/WebCore
Files:
2 added
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r159585 r159587  
     12013-11-20  Robert Sipka  <sipka@inf.u-szeged.hu>
     2
     3        [curl] Improve detecting and handling of SSL related errors
     4        https://bugs.webkit.org/show_bug.cgi?id=119436
     5
     6        Reviewed by Brent Fulgham.
     7
     8        Set the exact SSL verification error on CURL
     9        and store the enabled domain with certificate.
     10
     11        * WebCore.vcxproj/WebCore.vcxproj:
     12        * WebCore.vcxproj/WebCore.vcxproj.filters:
     13        * platform/network/ResourceHandle.h:
     14        * platform/network/ResourceHandleInternal.h:
     15        (WebCore::ResourceHandleInternal::ResourceHandleInternal):
     16        * platform/network/curl/ResourceError.h:
     17        (WebCore::ResourceError::ResourceError):
     18        (WebCore::ResourceError::sslErrors):
     19        (WebCore::ResourceError::setSSLErrors):
     20        * platform/network/curl/ResourceHandleCurl.cpp:
     21        (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate):
     22        * platform/network/curl/ResourceHandleManager.cpp:
     23        (WebCore::ResourceHandleManager::downloadTimerCallback):
     24        (WebCore::ResourceHandleManager::initializeHandle):
     25        * platform/network/curl/SSLHandle.cpp: Added.
     26        (WebCore::allowsAnyHTTPSCertificateHosts):
     27        (WebCore::sslIgnoreHTTPSCertificate):
     28        (WebCore::sslCertificateFlag):
     29        (WebCore::pemData):
     30        (WebCore::certVerifyCallback):
     31        (WebCore::sslctxfun):
     32        (WebCore::setSSLVerifyOptions):
     33        * platform/network/curl/SSLHandle.h: Added.
     34
    1352013-11-20  Bem Jones-Bey  <bjonesbe@adobe.com>
    236
  • trunk/Source/WebCore/WebCore.vcxproj/WebCore.vcxproj

    r159583 r159587  
    83978397    </ClCompile>
    83988398    <ClCompile Include="..\platform\network\curl\SocketStreamHandleCurl.cpp">
     8399      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
     8400      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
     8401      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|Win32'">true</ExcludedFromBuild>
     8402      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|x64'">true</ExcludedFromBuild>
     8403      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
     8404      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
     8405      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|Win32'">true</ExcludedFromBuild>
     8406      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|x64'">true</ExcludedFromBuild>
     8407    </ClCompile>
     8408    <ClCompile Include="..\platform\network\curl\SSLHandle.cpp">
    83998409      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
    84008410      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
     
    1954919559    </CustomBuildStep>
    1955019560    <CustomBuildStep Include="..\platform\network\curl\ResourceResponse.h">
     19561      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
     19562      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
     19563      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|Win32'">true</ExcludedFromBuild>
     19564      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|x64'">true</ExcludedFromBuild>
     19565      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild>
     19566      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild>
     19567      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|Win32'">true</ExcludedFromBuild>
     19568      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|x64'">true</ExcludedFromBuild>
     19569    </CustomBuildStep>
     19570    <CustomBuildStep Include="..\platform\network\curl\SSLHandle.h">
    1955119571      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild>
    1955219572      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild>
  • trunk/Source/WebCore/WebCore.vcxproj/WebCore.vcxproj.filters

    r159583 r159587  
    19271927      <Filter>platform\network\curl</Filter>
    19281928    </ClCompile>
     1929    <ClCompile Include="..\platform\network\curl\SSLHandle.cpp">
     1930      <Filter>platform\network\curl</Filter>
     1931    </ClCompile>
    19291932    <ClCompile Include="..\platform\sql\SQLiteAuthorizer.cpp">
    19301933      <Filter>platform\sql</Filter>
     
    1509915102      <Filter>platform\network\curl</Filter>
    1510015103    </CustomBuildStep>
     15104    <CustomBuildStep Include="..\platform\network\curl\SSLHandle.h">
     15105      <Filter>platform\network\curl</Filter>
     15106    </CustomBuildStep>
    1510115107    <CustomBuildStep Include="..\platform\image-decoders\gif\GIFImageDecoder.h">
    1510215108      <Filter>platform\image-decoders\gif</Filter>
  • trunk/Source/WebCore/platform/network/ResourceHandle.h

    r159479 r159587  
    152152#endif // USE(CFNETWORK)
    153153
    154 #if PLATFORM(WIN) && USE(CURL)
     154#if (PLATFORM(WIN) || PLATFORM(NIX)) && USE(CURL)
    155155    static void setHostAllowsAnyHTTPSCertificate(const String&);
    156156#endif
  • trunk/Source/WebCore/platform/network/ResourceHandleInternal.h

    r159479 r159587  
    103103            , m_authFailureCount(0)
    104104            , m_formDataStream(loader)
     105            , m_sslErrors(0)
    105106#endif
    106107#if USE(SOUP)
     
    181182
    182183        FormDataStream m_formDataStream;
     184        unsigned m_sslErrors;
    183185        Vector<char> m_postBytes;
    184186
  • trunk/Source/WebCore/platform/network/curl/ResourceError.h

    r95901 r159587  
    3434{
    3535public:
    36     ResourceError()
     36    ResourceError() : m_sslErrors(0)
    3737    {
    3838    }
    3939
    4040    ResourceError(const String& domain, int errorCode, const String& failingURL, const String& localizedDescription)
    41         : ResourceErrorBase(domain, errorCode, failingURL, localizedDescription)
     41        : ResourceErrorBase(domain, errorCode, failingURL, localizedDescription), m_sslErrors(0)
    4242    {
    4343    }
     44
     45    unsigned sslErrors() const { return m_sslErrors; }
     46    void setSSLErrors(unsigned sslVerifyResult) { m_sslErrors = sslVerifyResult; }
     47
     48private:
     49    unsigned m_sslErrors;
    4450};
    4551
  • trunk/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp

    r159435 r159587  
    3535#include "ResourceHandleInternal.h"
    3636#include "ResourceHandleManager.h"
     37#include "SSLHandle.h"
    3738
    3839#if PLATFORM(WIN) && USE(CF)
     
    116117}
    117118
    118 #if PLATFORM(WIN) && USE(CF)
    119 static HashSet<String>& allowsAnyHTTPSCertificateHosts()
    120 {
    121     static HashSet<String> hosts;
    122 
    123     return hosts;
    124 }
    125 
    126119void ResourceHandle::setHostAllowsAnyHTTPSCertificate(const String& host)
    127120{
    128     allowsAnyHTTPSCertificateHosts().add(host.lower());
    129 }
    130 #endif
     121    allowsAnyHTTPSCertificateHosts(host.lower());
     122}
    131123
    132124#if PLATFORM(WIN) && USE(CF)
  • trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp

    r159435 r159587  
    4747#include "ResourceHandle.h"
    4848#include "ResourceHandleInternal.h"
     49#include "SSLHandle.h"
    4950
    5051#if OS(WINDOWS)
     
    623624#endif
    624625            if (d->client()) {
    625                 d->client()->didFail(job, ResourceError(String(), msg->data.result, String(url), String(curl_easy_strerror(msg->data.result))));
     626                ResourceError resourceError(String(), msg->data.result, String(url), String(curl_easy_strerror(msg->data.result)));
     627                resourceError.setSSLErrors(d->m_sslErrors);
     628                d->client()->didFail(job, resourceError);
    626629                CurlCacheManager::getInstance().didFail(job->firstRequest().url().string());
    627630            }
     
    943946        curl_easy_setopt(d->m_handle, CURLOPT_VERBOSE, 1);
    944947#endif
     948    curl_easy_setopt(d->m_handle, CURLOPT_SSL_VERIFYPEER, 1L);
     949    curl_easy_setopt(d->m_handle, CURLOPT_SSL_VERIFYHOST, 2L);
    945950    curl_easy_setopt(d->m_handle, CURLOPT_PRIVATE, job);
    946951    curl_easy_setopt(d->m_handle, CURLOPT_ERRORBUFFER, m_curlErrorBuffer);
     
    957962    curl_easy_setopt(d->m_handle, CURLOPT_PROTOCOLS, allowedProtocols);
    958963    curl_easy_setopt(d->m_handle, CURLOPT_REDIR_PROTOCOLS, allowedProtocols);
    959     // FIXME: Enable SSL verification when we have a way of shipping certs
    960     // and/or reporting SSL errors to the user.
     964
    961965    if (ignoreSSLErrors)
    962966        curl_easy_setopt(d->m_handle, CURLOPT_SSL_VERIFYPEER, false);
     967    else
     968        setSSLVerifyOptions(job);
    963969
    964970    if (!m_certificatePath.isNull())
Note: See TracChangeset for help on using the changeset viewer.