Changeset 246878 in webkit

Timestamp:

Jun 27, 2019 1:58:52 AM (5 years ago)

Author:

Carlos Garcia Campos

Message:

[SOUP] WebSockets: handle TLS certificate and errors
​https://bugs.webkit.org/show_bug.cgi?id=199223

Reviewed by Michael Catanzaro.

Connect to accept-certificate signal on the WebSocket message connection to decide what to do in case of TLS errors.

• NetworkProcess/soup/NetworkSessionSoup.cpp:

(WebKit::webSocketAcceptCertificateCallback):
(WebKit::webSocketMessageNetworkEventCallback):
(WebKit::NetworkSessionSoup::createWebSocketTask):

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• NetworkProcess/soup/NetworkSessionSoup.cpp (modified) (3 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-06-27  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [SOUP] WebSockets: handle TLS certificate and errors
+        https://bugs.webkit.org/show_bug.cgi?id=199223
+
+        Reviewed by Michael Catanzaro.
+
+        Connect to accept-certificate signal on the WebSocket message connection to decide what to do in case of TLS errors.
+
+        * NetworkProcess/soup/NetworkSessionSoup.cpp:
+        (WebKit::webSocketAcceptCertificateCallback):
+        (WebKit::webSocketMessageNetworkEventCallback):
+        (WebKit::NetworkSessionSoup::createWebSocketTask):
+
 2019-06-27  Carlos Garcia Campos  <cgarcia@igalia.com>
 

trunk/Source/WebKit/NetworkProcess/soup/NetworkSessionSoup.cpp

@@ -31 +31 @@
 #include "WebCookieManager.h"
 #include "WebSocketTaskSoup.h"
+#include <WebCore/DeprecatedGlobalSettings.h>
 #include <WebCore/NetworkStorageSession.h>
 #include <WebCore/ResourceRequest.h>
@@ -68 +69 @@
 }
 
+static gboolean webSocketAcceptCertificateCallback(GTlsConnection*, GTlsCertificate* certificate, GTlsCertificateFlags errors, SoupMessage* soupMessage)
+{
+    if (DeprecatedGlobalSettings::allowsAnySSLCertificate())
+        return TRUE;
+
+    return !SoupNetworkSession::checkTLSErrors(soupURIToURL(soup_message_get_uri(soupMessage)), certificate, errors);
+}
+
+static void webSocketMessageNetworkEventCallback(SoupMessage* soupMessage, GSocketClientEvent event, GIOStream* connection)
+{
+    if (event != G_SOCKET_CLIENT_TLS_HANDSHAKING)
+        return;
+
+    g_signal_connect(connection, "accept-certificate", G_CALLBACK(webSocketAcceptCertificateCallback), soupMessage);
+}
+
 std::unique_ptr<WebSocketTask> NetworkSessionSoup::createWebSocketTask(NetworkSocketChannel& channel, const ResourceRequest& request, const String& protocol)
 {
@@ -76 +93 @@
     GRefPtr<SoupMessage> soupMessage = adoptGRef(soup_message_new_from_uri(SOUP_METHOD_GET, soupURI.get()));
     request.updateSoupMessage(soupMessage.get());
+    if (request.url().protocolIs("wss"))
+        g_signal_connect(soupMessage.get(), "network-event", G_CALLBACK(webSocketMessageNetworkEventCallback), nullptr);
     return std::make_unique<WebSocketTask>(channel, soupSession(), soupMessage.get(), protocol);
 }