Changeset 159692 in webkit


Ignore:
Timestamp:
Nov 22, 2013 9:27:59 AM (10 years ago)
Author:
commit-queue@webkit.org
Message:

[curl] Fix of SSL certificate chain storage
https://bugs.webkit.org/show_bug.cgi?id=124768

Patch by Robert Sipka <sipka@inf.u-szeged.hu> on 2013-11-22
Reviewed by Brent Fulgham.

Change the certificates storage type into ListHashSet
from HashSet to keep the chain order in each case.
This ensures that there is no difference between the stored
and the recieved certificate chain.

  • platform/network/curl/SSLHandle.cpp:

(WebCore::allowsAnyHTTPSCertificateHosts):
(WebCore::sslIgnoreHTTPSCertificate):
(WebCore::pemData):
(WebCore::certVerifyCallback):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r159691 r159692  
     12013-11-22  Robert Sipka  <sipka@inf.u-szeged.hu>
     2
     3        [curl] Fix of SSL certificate chain storage
     4        https://bugs.webkit.org/show_bug.cgi?id=124768
     5
     6        Reviewed by Brent Fulgham.
     7
     8        Change the certificates storage type into ListHashSet
     9        from HashSet to keep the chain order in each case.
     10        This ensures that there is no difference between the stored
     11        and the recieved certificate chain.
     12
     13        * platform/network/curl/SSLHandle.cpp:
     14        (WebCore::allowsAnyHTTPSCertificateHosts):
     15        (WebCore::sslIgnoreHTTPSCertificate):
     16        (WebCore::pemData):
     17        (WebCore::certVerifyCallback):
     18
    1192013-11-22  Brent Fulgham  <bfulgham@apple.com>
    220

  • trunk/Source/WebCore/platform/network/curl/SSLHandle.cpp

    r159678 r159692  
    3333#include <openssl/ssl.h>
    3434#include <openssl/x509_vfy.h>
    35 #include <wtf/HashSet.h>
     35#include <wtf/ListHashSet.h>
    3636
    3737namespace WebCore {
    3838
    39 static HashMap<String, HashSet<String>> allowedHosts;
     39static HashMap<String, ListHashSet<String>> allowedHosts;
    4040
    4141void allowsAnyHTTPSCertificateHosts(const String& host)
    4242{
    43     HashSet<String> certificates;
     43    ListHashSet<String> certificates;
    4444    allowedHosts.set(host, certificates);
    4545}
    4646
    47 bool sslIgnoreHTTPSCertificate(const String& host, const HashSet<String>& certificates)
    48 {
    49     HashMap<String, HashSet<String>>::iterator it = allowedHosts.find(host);
     47bool sslIgnoreHTTPSCertificate(const String& host, const ListHashSet<String>& certificates)
     48{
     49    HashMap<String, ListHashSet<String>>::iterator it = allowedHosts.find(host);
    5050    if (it != allowedHosts.end()) {
    5151        if ((it->value).isEmpty()) {
     
    5555        if (certificates.size() != it->value.size())
    5656            return false;
    57         HashSet<String>::const_iterator certsIter = certificates.begin();
    58         HashSet<String>::iterator valueIter = (it->value).begin();
     57        ListHashSet<String>::const_iterator certsIter = certificates.begin();
     58        ListHashSet<String>::iterator valueIter = (it->value).begin();
    5959        for (; valueIter != (it->value).end(); ++valueIter, ++certsIter) {
    6060            if (*certsIter != *valueIter)
     
    125125#if !PLATFORM(WIN)
    126126// success of certificates extraction
    127 bool pemData(X509_STORE_CTX* ctx, HashSet<String>& certificates)
     127bool pemData(X509_STORE_CTX* ctx, ListHashSet<String>& certificates)
    128128{
    129129    bool ok = true;
     
    174174
    175175#if PLATFORM(WIN)
    176     HashMap<String, HashSet<String>>::iterator it = allowedHosts.find(host);
     176    HashMap<String, ListHashSet<String>>::iterator it = allowedHosts.find(host);
    177177    ok = (it != allowedHosts.end());
    178178#else
    179     HashSet<String> certificates;
     179    ListHashSet<String> certificates;
    180180    if (!pemData(ctx, certificates))
    181181        return 0;
Note: See TracChangeset for help on using the changeset viewer.