Changeset 181074 in webkit


Ignore:
Timestamp:
Mar 5, 2015 2:38:30 AM (9 years ago)
Author:
Carlos Garcia Campos
Message:

[SOUP] Check TLS errors as soon as they are set in the SoupMessage
https://bugs.webkit.org/show_bug.cgi?id=142244

Reviewed by Sergio Villar Senin.

Source/WebCore:

Connect to the notify::tls-errors signal of SoupMessage to cancel
the load earlier in case of TLS failure, preventing any private
data from being sent to the server before the TLS errors are checked.

  • platform/network/soup/ResourceHandleSoup.cpp:

(WebCore::tlsErrorsChangedCallback):
(WebCore::gotHeadersCallback):
(WebCore::createSoupMessageForHandleAndRequest):

Tools:

Check that the SSL server doesn't process any request in case of
TLS errors when the policy is set to FAIL.

  • TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:

(testTLSErrorsPolicy):
(testTLSErrorsRedirect):
(testTLSErrorsHTTPAuth):
(testLoadFailedWithTLSErrors):
(testSubresourceLoadFailedWithTLSErrors):
(httpsServerCallback):

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r181072 r181074  
     12015-03-05  Carlos Garcia Campos  <cgarcia@igalia.com>
     2
     3        [SOUP] Check TLS errors as soon as they are set in the SoupMessage
     4        https://bugs.webkit.org/show_bug.cgi?id=142244
     5
     6        Reviewed by Sergio Villar Senin.
     7
     8        Connect to the notify::tls-errors signal of SoupMessage to cancel
     9        the load earlier in case of TLS failure, preventing any private
     10        data from being sent to the server before the TLS errors are checked.
     11
     12        * platform/network/soup/ResourceHandleSoup.cpp:
     13        (WebCore::tlsErrorsChangedCallback):
     14        (WebCore::gotHeadersCallback):
     15        (WebCore::createSoupMessageForHandleAndRequest):
     16
    1172015-03-05  Grzegorz Czajkowski  <g.czajkowski@samsung.com>
    218
  • trunk/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp

    r180928 r181074  
    331331}
    332332
    333 static void gotHeadersCallback(SoupMessage* message, gpointer data)
     333static void tlsErrorsChangedCallback(SoupMessage* message, GParamSpec*, gpointer data)
    334334{
    335335    ResourceHandle* handle = static_cast<ResourceHandle*>(data);
     
    337337        return;
    338338
    339     if (handleUnignoredTLSErrors(handle, message)) {
     339    if (handleUnignoredTLSErrors(handle, message))
    340340        handle->cancel();
    341         return;
    342     }
     341}
     342
     343static void gotHeadersCallback(SoupMessage* message, gpointer data)
     344{
     345    ResourceHandle* handle = static_cast<ResourceHandle*>(data);
     346    if (!handle || handle->cancelledOrClientless())
     347        return;
    343348
    344349    ResourceHandleInternal* d = handle->getInternal();
     
    935940        soup_message_headers_set_content_length(soupMessage->request_headers, 0);
    936941
     942    g_signal_connect(d->m_soupMessage.get(), "notify::tls-errors", G_CALLBACK(tlsErrorsChangedCallback), handle);
    937943    g_signal_connect(d->m_soupMessage.get(), "got-headers", G_CALLBACK(gotHeadersCallback), handle);
    938944    g_signal_connect(d->m_soupMessage.get(), "wrote-body-data", G_CALLBACK(wroteBodyDataCallback), handle);
  • trunk/Tools/ChangeLog

    r181071 r181074  
     12015-03-05  Carlos Garcia Campos  <cgarcia@igalia.com>
     2
     3        [SOUP] Check TLS errors as soon as they are set in the SoupMessage
     4        https://bugs.webkit.org/show_bug.cgi?id=142244
     5
     6        Reviewed by Sergio Villar Senin.
     7
     8        Check that the SSL server doesn't process any request in case of
     9        TLS errors when the policy is set to FAIL.
     10
     11        * TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:
     12        (testTLSErrorsPolicy):
     13        (testTLSErrorsRedirect):
     14        (testTLSErrorsHTTPAuth):
     15        (testLoadFailedWithTLSErrors):
     16        (testSubresourceLoadFailedWithTLSErrors):
     17        (httpsServerCallback):
     18
    1192015-03-05  Pawel Forysiuk  <p.forysiuk@samsung.com>
    220
  • trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp

    r176256 r181074  
    130130}
    131131
     132static bool assertIfSSLRequestProcessed = false;
     133
    132134static void testTLSErrorsPolicy(SSLTest* test, gconstpointer)
    133135{
     
    135137    // TLS errors are treated as transport failures by default.
    136138    g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_FAIL);
     139
     140    assertIfSSLRequestProcessed = true;
    137141    test->loadURI(kHttpsServer->getURIForPath("/").data());
    138142    test->waitUntilLoadFinished();
     
    140144    g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
    141145    g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
     146    assertIfSSLRequestProcessed = false;
    142147
    143148    webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
     
    159164    webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
    160165
     166    assertIfSSLRequestProcessed = true;
    161167    test->loadURI(kHttpsServer->getURIForPath("/redirect").data());
    162168    test->waitUntilLoadFinished();
     
    164170    g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
    165171    g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
     172    assertIfSSLRequestProcessed = false;
    166173
    167174    webkit_web_context_set_tls_errors_policy(context, originalPolicy);
     
    181188    webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
    182189
     190    assertIfSSLRequestProcessed = true;
    183191    g_signal_connect(test->m_webView, "authenticate", G_CALLBACK(webViewAuthenticationCallback), NULL);
    184192    test->loadURI(kHttpsServer->getURIForPath("/auth").data());
     
    187195    g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
    188196    g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
     197    assertIfSSLRequestProcessed = false;
    189198
    190199    webkit_web_context_set_tls_errors_policy(context, originalPolicy);
     
    236245    webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
    237246
     247    assertIfSSLRequestProcessed = true;
    238248    // The load-failed-with-tls-errors signal should be emitted when there is a TLS failure.
    239249    test->loadURI(kHttpsServer->getURIForPath("/test-tls/").data());
     
    245255    g_assert_cmpint(test->m_loadEvents[1], ==, LoadTrackingTest::LoadFailedWithTLSErrors);
    246256    g_assert_cmpint(test->m_loadEvents[2], ==, LoadTrackingTest::LoadFinished);
     257    assertIfSSLRequestProcessed = false;
    247258
    248259    // Test allowing an exception for this certificate on this host.
     
    319330    webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
    320331
     332    assertIfSSLRequestProcessed = true;
    321333    test->loadURI(kHttpServer->getURIForPath("/").data());
    322334    test->waitUntilSubresourceLoadFail();
    323335    g_assert(G_IS_TLS_CERTIFICATE(test->m_certificate.get()));
    324336    g_assert_cmpuint(test->m_tlsErrors, ==, G_TLS_CERTIFICATE_UNKNOWN_CA);
     337    assertIfSSLRequestProcessed = false;
    325338}
    326339
     
    331344        return;
    332345    }
     346
     347    g_assert(!assertIfSSLRequestProcessed);
    333348
    334349    if (g_str_equal(path, "/")) {
Note: See TracChangeset for help on using the changeset viewer.