Changeset 202640 in webkit


Ignore:
Timestamp:
Jun 29, 2016 12:19:24 PM (8 years ago)
Author:
commit-queue@webkit.org
Message:

WKWebView should ask WKNavigationDelegate about bad ssl certificates
https://bugs.webkit.org/show_bug.cgi?id=159176
Source/WebKit2:

rdar://problem/26864882

Patch by Alex Christensen <achristensen@webkit.org> on 2016-06-29
Reviewed by Sam Weinig.

This can be tested manually by visiting a site in MiniBrowser that has invalid ssl certificates, but we don't have proper ssl testing yet.
Before this change, we would just open the site as if nothing were invalid, now we call the WKNavigationDelegate's didReceiveAuthenticationChallenge
like we did before using NSURLSession, and we do not open the page, also like we did before using NSURLSession.

  • NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
When using NSURLConnection and responding to canAuthenticateAgainstProtectionSpace with YES,
we get an NSURLAuthenticationChallenge when a bad ssl certificate is encountered in the handshake.
When using NSURLSession, we want to call webView:didReceiveAuthenticationChallenge:completionHandler: in this case.
The default implementation of NavigationState::NavigationClient::canAuthenticateAgainstProtectionSpace returns true
if there is an implementation of webView:didReceiveAuthenticationChallenge:completionHandler: in its WKNavigationDelegate.
Internal clients can implement _webView:canAuthenticateAgainstProtectionSpace:
and Safari uses canHandleHTTPSServerTrustEvaluation, so it will be unaffected.

Tools:

Patch by Alex Christensen <achristensen@webkit.org> on 2016-06-29
Reviewed by Sam Weinig.

  • MiniBrowser/mac/WK2BrowserWindowController.m:

(-[WK2BrowserWindowController webView:didFinishLoadingNavigation:]):
(-[WK2BrowserWindowController webView:didReceiveAuthenticationChallenge:completionHandler:]):
(-[WK2BrowserWindowController webView:didFailNavigation:withError:]):

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r202638 r202640  
     12016-06-29  Alex Christensen  <achristensen@webkit.org>
     2
     3        WKWebView should ask WKNavigationDelegate about bad ssl certificates
     4        https://bugs.webkit.org/show_bug.cgi?id=159176
     5        rdar://problem/26864882
     6
     7        Reviewed by Sam Weinig.
     8
     9        This can be tested manually by visiting a site in MiniBrowser that has invalid ssl certificates, but we don't have proper ssl testing yet.
     10        Before this change, we would just open the site as if nothing were invalid, now we call the WKNavigationDelegate's didReceiveAuthenticationChallenge
     11        like we did before using NSURLSession, and we do not open the page, also like we did before using NSURLSession.
     12
     13        * NetworkProcess/NetworkLoad.cpp:
     14        (WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
     15        When using NSURLConnection and responding to canAuthenticateAgainstProtectionSpace with YES,
     16        we get an NSURLAuthenticationChallenge when a bad ssl certificate is encountered in the handshake.
     17        When using NSURLSession, we want to call webView:didReceiveAuthenticationChallenge:completionHandler: in this case.
     18        The default implementation of NavigationState::NavigationClient::canAuthenticateAgainstProtectionSpace returns true
     19        if there is an implementation of webView:didReceiveAuthenticationChallenge:completionHandler: in its WKNavigationDelegate.
     20        Internal clients can implement _webView:canAuthenticateAgainstProtectionSpace:
     21        and Safari uses canHandleHTTPSServerTrustEvaluation, so it will be unaffected.
     22
    1232016-06-29  Beth Dakin  <bdakin@apple.com>
    224

  • trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp

    r202511 r202640  
    353353        return;
    354354    }
    355    
    356     if (m_challenge->protectionSpace().authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
    357         completionHandler(AuthenticationChallengeDisposition::UseCredential, serverTrustCredential(*m_challenge));
    358         return;
    359     }
    360    
     355
    361356    if (m_parameters.clientCredentialPolicy == DoNotAskClientForAnyCredentials) {
    362357        completionHandler(AuthenticationChallengeDisposition::UseCredential, { });

  • trunk/Tools/ChangeLog

    r202622 r202640  
     12016-06-29  Alex Christensen  <achristensen@webkit.org>
     2
     3        WKWebView should ask WKNavigationDelegate about bad ssl certificates
     4        https://bugs.webkit.org/show_bug.cgi?id=159176
     5
     6        Reviewed by Sam Weinig.
     7
     8        * MiniBrowser/mac/WK2BrowserWindowController.m:
     9        (-[WK2BrowserWindowController webView:didFinishLoadingNavigation:]):
     10        (-[WK2BrowserWindowController webView:didReceiveAuthenticationChallenge:completionHandler:]):
     11        (-[WK2BrowserWindowController webView:didFailNavigation:withError:]):
     12
    1132016-06-29  Carlos Alberto Lopez Perez  <clopez@igalia.com>
    214

  • trunk/Tools/MiniBrowser/mac/WK2BrowserWindowController.m

    r199630 r202640  
    568568}
    569569
     570- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *__nullable credential))completionHandler
     571{
     572    LOG(@"didReceiveAuthenticationChallenge: %@", challenge);
     573    completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
     574}
     575
    570576- (void)webView:(WKWebView *)webView didFailNavigation:(WKNavigation *)navigation withError:(NSError *)error
    571577{
Note: See TracChangeset for help on using the changeset viewer.