Changeset 159587 in webkit
- Timestamp:
- Nov 20, 2013 3:25:38 PM (10 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 added
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r159585 r159587 1 2013-11-20 Robert Sipka <sipka@inf.u-szeged.hu> 2 3 [curl] Improve detecting and handling of SSL related errors 4 https://bugs.webkit.org/show_bug.cgi?id=119436 5 6 Reviewed by Brent Fulgham. 7 8 Set the exact SSL verification error on CURL 9 and store the enabled domain with certificate. 10 11 * WebCore.vcxproj/WebCore.vcxproj: 12 * WebCore.vcxproj/WebCore.vcxproj.filters: 13 * platform/network/ResourceHandle.h: 14 * platform/network/ResourceHandleInternal.h: 15 (WebCore::ResourceHandleInternal::ResourceHandleInternal): 16 * platform/network/curl/ResourceError.h: 17 (WebCore::ResourceError::ResourceError): 18 (WebCore::ResourceError::sslErrors): 19 (WebCore::ResourceError::setSSLErrors): 20 * platform/network/curl/ResourceHandleCurl.cpp: 21 (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): 22 * platform/network/curl/ResourceHandleManager.cpp: 23 (WebCore::ResourceHandleManager::downloadTimerCallback): 24 (WebCore::ResourceHandleManager::initializeHandle): 25 * platform/network/curl/SSLHandle.cpp: Added. 26 (WebCore::allowsAnyHTTPSCertificateHosts): 27 (WebCore::sslIgnoreHTTPSCertificate): 28 (WebCore::sslCertificateFlag): 29 (WebCore::pemData): 30 (WebCore::certVerifyCallback): 31 (WebCore::sslctxfun): 32 (WebCore::setSSLVerifyOptions): 33 * platform/network/curl/SSLHandle.h: Added. 34 1 35 2013-11-20 Bem Jones-Bey <bjonesbe@adobe.com> 2 36 -
trunk/Source/WebCore/WebCore.vcxproj/WebCore.vcxproj
r159583 r159587 8397 8397 </ClCompile> 8398 8398 <ClCompile Include="..\platform\network\curl\SocketStreamHandleCurl.cpp"> 8399 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> 8400 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> 8401 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|Win32'">true</ExcludedFromBuild> 8402 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|x64'">true</ExcludedFromBuild> 8403 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> 8404 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> 8405 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|Win32'">true</ExcludedFromBuild> 8406 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|x64'">true</ExcludedFromBuild> 8407 </ClCompile> 8408 <ClCompile Include="..\platform\network\curl\SSLHandle.cpp"> 8399 8409 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> 8400 8410 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> … … 19549 19559 </CustomBuildStep> 19550 19560 <CustomBuildStep Include="..\platform\network\curl\ResourceResponse.h"> 19561 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> 19562 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> 19563 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|Win32'">true</ExcludedFromBuild> 19564 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='DebugSuffix|x64'">true</ExcludedFromBuild> 19565 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> 19566 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> 19567 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|Win32'">true</ExcludedFromBuild> 19568 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Production|x64'">true</ExcludedFromBuild> 19569 </CustomBuildStep> 19570 <CustomBuildStep Include="..\platform\network\curl\SSLHandle.h"> 19551 19571 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> 19552 19572 <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> -
trunk/Source/WebCore/WebCore.vcxproj/WebCore.vcxproj.filters
r159583 r159587 1927 1927 <Filter>platform\network\curl</Filter> 1928 1928 </ClCompile> 1929 <ClCompile Include="..\platform\network\curl\SSLHandle.cpp"> 1930 <Filter>platform\network\curl</Filter> 1931 </ClCompile> 1929 1932 <ClCompile Include="..\platform\sql\SQLiteAuthorizer.cpp"> 1930 1933 <Filter>platform\sql</Filter> … … 15099 15102 <Filter>platform\network\curl</Filter> 15100 15103 </CustomBuildStep> 15104 <CustomBuildStep Include="..\platform\network\curl\SSLHandle.h"> 15105 <Filter>platform\network\curl</Filter> 15106 </CustomBuildStep> 15101 15107 <CustomBuildStep Include="..\platform\image-decoders\gif\GIFImageDecoder.h"> 15102 15108 <Filter>platform\image-decoders\gif</Filter> -
trunk/Source/WebCore/platform/network/ResourceHandle.h
r159479 r159587 152 152 #endif // USE(CFNETWORK) 153 153 154 #if PLATFORM(WIN) && USE(CURL)154 #if (PLATFORM(WIN) || PLATFORM(NIX)) && USE(CURL) 155 155 static void setHostAllowsAnyHTTPSCertificate(const String&); 156 156 #endif -
trunk/Source/WebCore/platform/network/ResourceHandleInternal.h
r159479 r159587 103 103 , m_authFailureCount(0) 104 104 , m_formDataStream(loader) 105 , m_sslErrors(0) 105 106 #endif 106 107 #if USE(SOUP) … … 181 182 182 183 FormDataStream m_formDataStream; 184 unsigned m_sslErrors; 183 185 Vector<char> m_postBytes; 184 186 -
trunk/Source/WebCore/platform/network/curl/ResourceError.h
r95901 r159587 34 34 { 35 35 public: 36 ResourceError() 36 ResourceError() : m_sslErrors(0) 37 37 { 38 38 } 39 39 40 40 ResourceError(const String& domain, int errorCode, const String& failingURL, const String& localizedDescription) 41 : ResourceErrorBase(domain, errorCode, failingURL, localizedDescription) 41 : ResourceErrorBase(domain, errorCode, failingURL, localizedDescription), m_sslErrors(0) 42 42 { 43 43 } 44 45 unsigned sslErrors() const { return m_sslErrors; } 46 void setSSLErrors(unsigned sslVerifyResult) { m_sslErrors = sslVerifyResult; } 47 48 private: 49 unsigned m_sslErrors; 44 50 }; 45 51 -
trunk/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp
r159435 r159587 35 35 #include "ResourceHandleInternal.h" 36 36 #include "ResourceHandleManager.h" 37 #include "SSLHandle.h" 37 38 38 39 #if PLATFORM(WIN) && USE(CF) … … 116 117 } 117 118 118 #if PLATFORM(WIN) && USE(CF)119 static HashSet<String>& allowsAnyHTTPSCertificateHosts()120 {121 static HashSet<String> hosts;122 123 return hosts;124 }125 126 119 void ResourceHandle::setHostAllowsAnyHTTPSCertificate(const String& host) 127 120 { 128 allowsAnyHTTPSCertificateHosts().add(host.lower()); 129 } 130 #endif 121 allowsAnyHTTPSCertificateHosts(host.lower()); 122 } 131 123 132 124 #if PLATFORM(WIN) && USE(CF) -
trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp
r159435 r159587 47 47 #include "ResourceHandle.h" 48 48 #include "ResourceHandleInternal.h" 49 #include "SSLHandle.h" 49 50 50 51 #if OS(WINDOWS) … … 623 624 #endif 624 625 if (d->client()) { 625 d->client()->didFail(job, ResourceError(String(), msg->data.result, String(url), String(curl_easy_strerror(msg->data.result)))); 626 ResourceError resourceError(String(), msg->data.result, String(url), String(curl_easy_strerror(msg->data.result))); 627 resourceError.setSSLErrors(d->m_sslErrors); 628 d->client()->didFail(job, resourceError); 626 629 CurlCacheManager::getInstance().didFail(job->firstRequest().url().string()); 627 630 } … … 943 946 curl_easy_setopt(d->m_handle, CURLOPT_VERBOSE, 1); 944 947 #endif 948 curl_easy_setopt(d->m_handle, CURLOPT_SSL_VERIFYPEER, 1L); 949 curl_easy_setopt(d->m_handle, CURLOPT_SSL_VERIFYHOST, 2L); 945 950 curl_easy_setopt(d->m_handle, CURLOPT_PRIVATE, job); 946 951 curl_easy_setopt(d->m_handle, CURLOPT_ERRORBUFFER, m_curlErrorBuffer); … … 957 962 curl_easy_setopt(d->m_handle, CURLOPT_PROTOCOLS, allowedProtocols); 958 963 curl_easy_setopt(d->m_handle, CURLOPT_REDIR_PROTOCOLS, allowedProtocols); 959 // FIXME: Enable SSL verification when we have a way of shipping certs 960 // and/or reporting SSL errors to the user. 964 961 965 if (ignoreSSLErrors) 962 966 curl_easy_setopt(d->m_handle, CURLOPT_SSL_VERIFYPEER, false); 967 else 968 setSSLVerifyOptions(job); 963 969 964 970 if (!m_certificatePath.isNull())
Note: See TracChangeset
for help on using the changeset viewer.