Changeset 174927 in webkit


Ignore:
Timestamp:
Oct 21, 2014 12:35:05 AM (9 years ago)
Author:
commit-queue@webkit.org
Message:

[SOUP] Disable SSLv3
https://bugs.webkit.org/show_bug.cgi?id=137859

Patch by Michael Catanzaro <Michael Catanzaro> on 2014-10-21
Reviewed by Carlos Garcia Campos.

Set G_TLS_GNUTLS_PRIORITY if unset.

  • NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:

(main):

  • WebProcess/EntryPoint/unix/WebProcessMain.cpp:

(main):

Location:
trunk/Source/WebKit2
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit2/ChangeLog

    r174921 r174927  
     12014-10-21  Michael Catanzaro  <mcatanzaro@igalia.com>
     2
     3        [SOUP] Disable SSLv3
     4        https://bugs.webkit.org/show_bug.cgi?id=137859
     5
     6        Reviewed by Carlos Garcia Campos.
     7
     8        Set G_TLS_GNUTLS_PRIORITY if unset.
     9
     10        * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
     11        (main):
     12        * WebProcess/EntryPoint/unix/WebProcessMain.cpp:
     13        (main):
     14
    1152014-10-20  Chris Dumez  <cdumez@apple.com>
    216
  • trunk/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp

    r169255 r174927  
    2626#include "NetworkProcessMainUnix.h"
    2727
     28#include <cstdlib>
     29
    2830using namespace WebKit;
    2931
    3032int main(int argc, char** argv)
    3133{
     34    // Disable SSLv3 very early because it is practically impossible to safely
     35    // use setenv() when multiple threads are running, as another thread calling
     36    // getenv() could cause a crash, and many functions use getenv() internally.
     37    // This workaround will stop working if glib-networking switches away from
     38    // GnuTLS or simply stops parsing this variable. We intentionally do not
     39    // overwrite this priority string if it's already set by the user.
     40    // Keep this in sync with WebProcessMain.cpp.
     41    // https://bugzilla.gnome.org/show_bug.cgi?id=738633
     42    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
     43
    3244    return NetworkProcessMainUnix(argc, argv);
    3345}
  • trunk/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp

    r169255 r174927  
    2626#include "WebProcessMainUnix.h"
    2727
     28#include <cstdlib>
     29
    2830using namespace WebKit;
    2931
    3032int main(int argc, char** argv)
    3133{
     34    // Disable SSLv3 very early because it is practically impossible to safely
     35    // use setenv() when multiple threads are running, as another thread calling
     36    // getenv() could cause a crash, and many functions use getenv() internally.
     37    // This workaround will stop working if glib-networking switches away from
     38    // GnuTLS or simply stops parsing this variable. We intentionally do not
     39    // overwrite this priority string if it's already set by the user.
     40    // Keep this in sync with NetworkProcessMain.cpp.
     41    // https://bugzilla.gnome.org/show_bug.cgi?id=738633
     42    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
     43
    3244    return WebProcessMainUnix(argc, argv);
    3345}
Note: See TracChangeset for help on using the changeset viewer.