Changeset 181074 in webkit
- Timestamp:
- Mar 5, 2015 2:38:30 AM (9 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r181072 r181074 1 2015-03-05 Carlos Garcia Campos <cgarcia@igalia.com> 2 3 [SOUP] Check TLS errors as soon as they are set in the SoupMessage 4 https://bugs.webkit.org/show_bug.cgi?id=142244 5 6 Reviewed by Sergio Villar Senin. 7 8 Connect to the notify::tls-errors signal of SoupMessage to cancel 9 the load earlier in case of TLS failure, preventing any private 10 data from being sent to the server before the TLS errors are checked. 11 12 * platform/network/soup/ResourceHandleSoup.cpp: 13 (WebCore::tlsErrorsChangedCallback): 14 (WebCore::gotHeadersCallback): 15 (WebCore::createSoupMessageForHandleAndRequest): 16 1 17 2015-03-05 Grzegorz Czajkowski <g.czajkowski@samsung.com> 2 18 -
trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
r180928 r181074 331 331 } 332 332 333 static void gotHeadersCallback(SoupMessage* message, gpointer data)333 static void tlsErrorsChangedCallback(SoupMessage* message, GParamSpec*, gpointer data) 334 334 { 335 335 ResourceHandle* handle = static_cast<ResourceHandle*>(data); … … 337 337 return; 338 338 339 if (handleUnignoredTLSErrors(handle, message)) {339 if (handleUnignoredTLSErrors(handle, message)) 340 340 handle->cancel(); 341 return; 342 } 341 } 342 343 static void gotHeadersCallback(SoupMessage* message, gpointer data) 344 { 345 ResourceHandle* handle = static_cast<ResourceHandle*>(data); 346 if (!handle || handle->cancelledOrClientless()) 347 return; 343 348 344 349 ResourceHandleInternal* d = handle->getInternal(); … … 935 940 soup_message_headers_set_content_length(soupMessage->request_headers, 0); 936 941 942 g_signal_connect(d->m_soupMessage.get(), "notify::tls-errors", G_CALLBACK(tlsErrorsChangedCallback), handle); 937 943 g_signal_connect(d->m_soupMessage.get(), "got-headers", G_CALLBACK(gotHeadersCallback), handle); 938 944 g_signal_connect(d->m_soupMessage.get(), "wrote-body-data", G_CALLBACK(wroteBodyDataCallback), handle); -
trunk/Tools/ChangeLog
r181071 r181074 1 2015-03-05 Carlos Garcia Campos <cgarcia@igalia.com> 2 3 [SOUP] Check TLS errors as soon as they are set in the SoupMessage 4 https://bugs.webkit.org/show_bug.cgi?id=142244 5 6 Reviewed by Sergio Villar Senin. 7 8 Check that the SSL server doesn't process any request in case of 9 TLS errors when the policy is set to FAIL. 10 11 * TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp: 12 (testTLSErrorsPolicy): 13 (testTLSErrorsRedirect): 14 (testTLSErrorsHTTPAuth): 15 (testLoadFailedWithTLSErrors): 16 (testSubresourceLoadFailedWithTLSErrors): 17 (httpsServerCallback): 18 1 19 2015-03-05 Pawel Forysiuk <p.forysiuk@samsung.com> 2 20 -
trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp
r176256 r181074 130 130 } 131 131 132 static bool assertIfSSLRequestProcessed = false; 133 132 134 static void testTLSErrorsPolicy(SSLTest* test, gconstpointer) 133 135 { … … 135 137 // TLS errors are treated as transport failures by default. 136 138 g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_FAIL); 139 140 assertIfSSLRequestProcessed = true; 137 141 test->loadURI(kHttpsServer->getURIForPath("/").data()); 138 142 test->waitUntilLoadFinished(); … … 140 144 g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed)); 141 145 g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted)); 146 assertIfSSLRequestProcessed = false; 142 147 143 148 webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE); … … 159 164 webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL); 160 165 166 assertIfSSLRequestProcessed = true; 161 167 test->loadURI(kHttpsServer->getURIForPath("/redirect").data()); 162 168 test->waitUntilLoadFinished(); … … 164 170 g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed)); 165 171 g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted)); 172 assertIfSSLRequestProcessed = false; 166 173 167 174 webkit_web_context_set_tls_errors_policy(context, originalPolicy); … … 181 188 webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL); 182 189 190 assertIfSSLRequestProcessed = true; 183 191 g_signal_connect(test->m_webView, "authenticate", G_CALLBACK(webViewAuthenticationCallback), NULL); 184 192 test->loadURI(kHttpsServer->getURIForPath("/auth").data()); … … 187 195 g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed)); 188 196 g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted)); 197 assertIfSSLRequestProcessed = false; 189 198 190 199 webkit_web_context_set_tls_errors_policy(context, originalPolicy); … … 236 245 webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL); 237 246 247 assertIfSSLRequestProcessed = true; 238 248 // The load-failed-with-tls-errors signal should be emitted when there is a TLS failure. 239 249 test->loadURI(kHttpsServer->getURIForPath("/test-tls/").data()); … … 245 255 g_assert_cmpint(test->m_loadEvents[1], ==, LoadTrackingTest::LoadFailedWithTLSErrors); 246 256 g_assert_cmpint(test->m_loadEvents[2], ==, LoadTrackingTest::LoadFinished); 257 assertIfSSLRequestProcessed = false; 247 258 248 259 // Test allowing an exception for this certificate on this host. … … 319 330 webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL); 320 331 332 assertIfSSLRequestProcessed = true; 321 333 test->loadURI(kHttpServer->getURIForPath("/").data()); 322 334 test->waitUntilSubresourceLoadFail(); 323 335 g_assert(G_IS_TLS_CERTIFICATE(test->m_certificate.get())); 324 336 g_assert_cmpuint(test->m_tlsErrors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA); 337 assertIfSSLRequestProcessed = false; 325 338 } 326 339 … … 331 344 return; 332 345 } 346 347 g_assert(!assertIfSSLRequestProcessed); 333 348 334 349 if (g_str_equal(path, "/")) {
Note: See TracChangeset
for help on using the changeset viewer.