WebKit Bugzilla
Attachment 340739 Details for
Bug 185782
: [Curl] Allow passing contents of Root CA data directly.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
PATCH
185782.diff (text/plain), 7.53 KB, created by
Basuke Suzuki
on 2018-05-18 14:46:39 PDT
(
hide
)
Description:
PATCH
Filename:
MIME Type:
Creator:
Basuke Suzuki
Created:
2018-05-18 14:46:39 PDT
Size:
7.53 KB
patch
obsolete
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 3b01181ae06..1616db0cdd3 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,36 @@ >+2018-05-18 Basuke Suzuki <Basuke.Suzuki@sony.com> >+ >+ [Curl] Allow passing contents of Root CA data directly. >+ https://bugs.webkit.org/show_bug.cgi?id=185782 >+ >+ Currently the data must be in a file and set by its path. This patch >+ allow application to set root CA data by passing binary data directly, >+ or adding special prefix ":memory:" via regular setCACertPath() method. >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ No new tests. Tested internally. >+ >+ * platform/network/curl/CurlRequest.cpp: >+ (WebCore::CurlRequest::setupTransfer): Set Cert Path if Available. >+ * platform/network/curl/CurlSSLHandle.cpp: >+ (WebCore::CurlSSLHandle::CurlSSLHandle): Add empty check before set. >+ (WebCore::CurlSSLHandle::setCACertPath): Added. >+ (WebCore::CurlSSLHandle::setCACertData): Added. >+ * platform/network/curl/CurlSSLHandle.h: >+ (WebCore::CurlSSLHandle::getCipherList const): Return type to const reference. >+ (WebCore::CurlSSLHandle::getSignatureAlgorithmsList const): Ditto. >+ (WebCore::CurlSSLHandle::getCurvesList const): Ditto. >+ (WebCore::CurlSSLHandle::setCipherList): Set argument name to simple data. >+ (WebCore::CurlSSLHandle::setSignatureAlgorithmsList): Ditto. >+ (WebCore::CurlSSLHandle::setCurvesList): Ditto. >+ (WebCore::CurlSSLHandle::setIgnoreSSLErrors): Add setter. >+ (WebCore::CurlSSLHandle::getCACertPath const): Return type to const reference. >+ (WebCore::CurlSSLHandle::getCACertData const): Added. >+ (WebCore::CurlSSLHandle::setCACertPath): Deleted. >+ * platform/network/curl/CurlSSLVerifier.cpp: >+ (WebCore::CurlSSLVerifier::CurlSSLVerifier): Set Cert Data if exists. >+ > 2018-05-18 Basuke Suzuki <Basuke.Suzuki@sony.com> > > [Curl] Bug fix on suspend/resume behavior. >diff --git a/Source/WebCore/platform/network/curl/CurlRequest.cpp b/Source/WebCore/platform/network/curl/CurlRequest.cpp >index 2aa48f16179..b86c1813ae4 100644 >--- a/Source/WebCore/platform/network/curl/CurlRequest.cpp >+++ b/Source/WebCore/platform/network/curl/CurlRequest.cpp >@@ -239,7 +239,9 @@ CURL* CurlRequest::setupTransfer() > m_curlHandle->setSslKeyPassword(sslClientCertificate->second.utf8().data()); > } > >- m_curlHandle->setCACertPath(sslHandle.getCACertPath().utf8().data()); >+ const auto& caCertPath = sslHandle.getCACertPath(); >+ if (!caCertPath.isEmpty()) >+ m_curlHandle->setCACertPath(caCertPath.utf8().data()); > > if (m_shouldSuspend) > setRequestPaused(true); >diff --git a/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp b/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp >index e84f776cce3..ea68b103bea 100644 >--- a/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp >+++ b/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp >@@ -44,11 +44,10 @@ > namespace WebCore { > > CurlSSLHandle::CurlSSLHandle() >- : m_caCertPath(getCACertPathEnv()) > { >- char* ignoreSSLErrors = getenv("WEBKIT_IGNORE_SSL_ERRORS"); >- if (ignoreSSLErrors) >- m_ignoreSSLErrors = true; >+ auto caCertPath = getCACertPathEnv(); >+ if (!caCertPath.isEmpty()) >+ setCACertPath(WTFMove(caCertPath)); > > #if NEED_OPENSSL_THREAD_SUPPORT > ThreadSupport::setup(); >@@ -76,6 +75,27 @@ String CurlSSLHandle::getCACertPathEnv() > return String(); > } > >+void CurlSSLHandle::setCACertPath(String&& caCertPath) >+{ >+ static const char* onMemoryIdentifier = ":memory:"; >+ >+ if (caCertPath.startsWith(onMemoryIdentifier)) { >+ auto caCertString = caCertPath.substring(strlen(onMemoryIdentifier)).utf8(); >+ Vector<char> caCertData; >+ caCertData.append(caCertString.data(), caCertString.length()); >+ setCACertData(WTFMove(caCertData)); >+ } else { >+ m_caCertPath = WTFMove(caCertPath); >+ m_caCertData.clear(); >+ } >+} >+ >+void CurlSSLHandle::setCACertData(Vector<char>&& caCertData) >+{ >+ m_caCertPath = String(); >+ m_caCertData = WTFMove(caCertData); >+} >+ > void CurlSSLHandle::setHostAllowsAnyHTTPSCertificate(const String& hostName) > { > LockHolder mutex(m_mutex); >diff --git a/Source/WebCore/platform/network/curl/CurlSSLHandle.h b/Source/WebCore/platform/network/curl/CurlSSLHandle.h >index 1ff8457ac72..aa20e622aec 100644 >--- a/Source/WebCore/platform/network/curl/CurlSSLHandle.h >+++ b/Source/WebCore/platform/network/curl/CurlSSLHandle.h >@@ -50,18 +50,21 @@ class CurlSSLHandle { > public: > CurlSSLHandle(); > >- String getCipherList() const { return m_cipherList; } >- String getSignatureAlgorithmsList() const { return m_signatureAlgorithmsList; } >- String getCurvesList() const { return m_curvesList; } >+ const String& getCipherList() const { return m_cipherList; } >+ const String& getSignatureAlgorithmsList() const { return m_signatureAlgorithmsList; } >+ const String& getCurvesList() const { return m_curvesList; } > >- void setCipherList(String&& cipherList) { m_cipherList = WTFMove(cipherList); } >- void setSignatureAlgorithmsList(String&& signatureAlgorithmsList) { m_signatureAlgorithmsList = WTFMove(signatureAlgorithmsList); } >- void setCurvesList(String&& curvesList) { m_curvesList = WTFMove(curvesList); } >+ void setCipherList(String&& data) { m_cipherList = WTFMove(data); } >+ void setSignatureAlgorithmsList(String&& data) { m_signatureAlgorithmsList = WTFMove(data); } >+ void setCurvesList(String&& data) { m_curvesList = WTFMove(data); } > > bool shouldIgnoreSSLErrors() const { return m_ignoreSSLErrors; } >+ void setIgnoreSSLErrors(bool flag) { m_ignoreSSLErrors = flag; } > >- String getCACertPath() const { return m_caCertPath; } >- void setCACertPath(String&& caCertPath) { m_caCertPath = WTFMove(caCertPath); } >+ const String& getCACertPath() const { return m_caCertPath; } >+ const Vector<char>& getCACertData() const { return m_caCertData; } >+ WEBCORE_EXPORT void setCACertPath(String&&); >+ WEBCORE_EXPORT void setCACertData(Vector<char>&&); > > WEBCORE_EXPORT void setHostAllowsAnyHTTPSCertificate(const String&); > bool isAllowedHTTPSCertificateHost(const String&); >@@ -100,13 +103,13 @@ private: > > String getCACertPathEnv(); > >- bool m_ignoreSSLErrors { false }; >- > String m_cipherList; > String m_signatureAlgorithmsList; > String m_curvesList; >- > String m_caCertPath; >+ Vector<char> m_caCertData; >+ >+ bool m_ignoreSSLErrors { false }; > > Lock m_mutex; > HashMap<String, ListHashSet<String>, ASCIICaseInsensitiveHash> m_allowedHosts; >diff --git a/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp b/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp >index 8475e5c77a5..20f9cd39f36 100644 >--- a/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp >+++ b/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp >@@ -44,6 +44,14 @@ CurlSSLVerifier::CurlSSLVerifier(CurlHandle* curlHandle, const String& hostName, > SSL_CTX_set_app_data(ctx, this); > SSL_CTX_set_verify(ctx, SSL_CTX_get_verify_mode(ctx), certVerifyCallback); > >+#if defined(LIBRESSL_VERSION_NUMBER) >+ const auto& caCertData = sslHandle.getCACertData(); >+ if (!caCertData.isEmpty()) { >+ void* data = const_cast<void*>(static_cast<const void*>(caCertData.data())); >+ SSL_CTX_load_verify_mem(ctx, data, caCertData.size()); >+ } >+#endif >+ > #if (!defined(LIBRESSL_VERSION_NUMBER)) > auto signatureAlgorithmsList = sslHandle.getSignatureAlgorithmsList(); > if (!signatureAlgorithmsList.isEmpty())
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=340739">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
youennf
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185782
:
340739
|
342825
|
342841
|
342842
|
342950
|
342954