Changeset 162530 in webkit
- Timestamp:
- Jan 22, 2014 10:20:20 AM (10 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r162523 r162530 1 2014-01-22 Robert Sipka <sipka@inf.u-szeged.hu> 2 3 [curl] Improve detecting and handling of SSL client certificate 4 https://bugs.webkit.org/show_bug.cgi?id=125006 5 6 Reviewed by Brent Fulgham. 7 8 Add client certificate handling. 9 10 * platform/network/ResourceHandle.h: 11 * platform/network/curl/ResourceError.h: 12 (WebCore::ResourceError::hasSSLConnectError): 13 * platform/network/curl/ResourceHandleCurl.cpp: 14 (WebCore::ResourceHandle::setClientCertificateInfo): 15 * platform/network/curl/ResourceHandleManager.cpp: 16 (WebCore::ResourceHandleManager::initializeHandle): 17 * platform/network/curl/SSLHandle.cpp: 18 (WebCore::addAllowedClientCertificate): 19 (WebCore::setSSLClientCertificate): 20 * platform/network/curl/SSLHandle.h: 21 1 22 2014-01-22 Mihai Maerean <mmaerean@adobe.com> 2 23 -
trunk/Source/WebCore/platform/network/ResourceHandle.h
r162451 r162530 153 153 #if PLATFORM(WIN) && USE(CURL) 154 154 static void setHostAllowsAnyHTTPSCertificate(const String&); 155 static void setClientCertificateInfo(const String&, const String&, const String&); 155 156 #endif 156 157 #if PLATFORM(WIN) && USE(CURL) && USE(CF) -
trunk/Source/WebCore/platform/network/curl/ResourceError.h
r159587 r162530 28 28 29 29 #include "ResourceErrorBase.h" 30 #include <curl/curl.h> 30 31 31 32 namespace WebCore { … … 45 46 unsigned sslErrors() const { return m_sslErrors; } 46 47 void setSSLErrors(unsigned sslVerifyResult) { m_sslErrors = sslVerifyResult; } 48 bool hasSSLConnectError() const { return errorCode() == CURLE_SSL_CONNECT_ERROR; } 47 49 48 50 private: -
trunk/Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp
r161338 r162530 31 31 #include "CachedResourceLoader.h" 32 32 #include "CredentialStorage.h" 33 #include "FileSystem.h" 34 #include "Logging.h" 33 35 #include "NetworkingContext.h" 34 36 #include "NotImplemented.h" … … 120 122 { 121 123 allowsAnyHTTPSCertificateHosts(host.lower()); 124 } 125 126 void ResourceHandle::setClientCertificateInfo(const String& host, const String& certificate, const String& key) 127 { 128 if (fileExists(certificate)) 129 addAllowedClientCertificate(host, certificate, key); 130 else 131 LOG(Network, "Invalid client certificate file: %s!\n", certificate.latin1().data()); 122 132 } 123 133 -
trunk/Source/WebCore/platform/network/curl/ResourceHandleManager.cpp
r162464 r162530 963 963 curl_easy_setopt(d->m_handle, CURLOPT_PROTOCOLS, allowedProtocols); 964 964 curl_easy_setopt(d->m_handle, CURLOPT_REDIR_PROTOCOLS, allowedProtocols); 965 setSSLClientCertificate(job); 965 966 966 967 if (ignoreSSLErrors) -
trunk/Source/WebCore/platform/network/curl/SSLHandle.cpp
r159692 r162530 34 34 #include <openssl/x509_vfy.h> 35 35 #include <wtf/ListHashSet.h> 36 #include <wtf/text/CString.h> 36 37 37 38 namespace WebCore { 38 39 40 typedef std::tuple<WTF::String, WTF::String> clientCertificate; 39 41 static HashMap<String, ListHashSet<String>> allowedHosts; 42 static HashMap<String, clientCertificate> allowedClientHosts; 40 43 41 44 void allowsAnyHTTPSCertificateHosts(const String& host) … … 43 46 ListHashSet<String> certificates; 44 47 allowedHosts.set(host, certificates); 48 } 49 50 void addAllowedClientCertificate(const String& host, const String& certificate, const String& key) 51 { 52 clientCertificate clientInfo(certificate, key); 53 allowedClientHosts.set(host.lower(), clientInfo); 54 } 55 56 void setSSLClientCertificate(ResourceHandle* handle) 57 { 58 String host = handle->firstRequest().url().host(); 59 HashMap<String, clientCertificate>::iterator it = allowedClientHosts.find(host.lower()); 60 if (it == allowedClientHosts.end()) 61 return; 62 63 ResourceHandleInternal* d = handle->getInternal(); 64 clientCertificate clientInfo = it->value; 65 curl_easy_setopt(d->m_handle, CURLOPT_SSLCERT, std::get<0>(clientInfo).utf8().data()); 66 curl_easy_setopt(d->m_handle, CURLOPT_SSLCERTTYPE, "P12"); 67 curl_easy_setopt(d->m_handle, CURLOPT_SSLCERTPASSWD, std::get<1>(clientInfo).utf8().data()); 45 68 } 46 69 -
trunk/Source/WebCore/platform/network/curl/SSLHandle.h
r159587 r162530 44 44 45 45 46 void addAllowedClientCertificate(const String&, const String&, const String&); 46 47 void allowsAnyHTTPSCertificateHosts(const String&); 47 48 bool sslIgnoreHTTPSCertificate(const String&, const String&); 48 49 void setSSLVerifyOptions(ResourceHandle*); 50 void setSSLClientCertificate(ResourceHandle*); 49 51 50 52 }
Note: See TracChangeset
for help on using the changeset viewer.