Attachment 342842 Details for Bug 185782 – FIX

[patch] FIX

185782.diff (text/plain), 7.19 KB, created by Basuke Suzuki on 2018-06-15 13:53:01 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Basuke Suzuki

Created: 2018-06-15 13:53:01 PDT

Size: 7.19 KB

patch

obsolete

>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index 93e51bcecc1..6f8d340156c 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,35 @@
>+2018-06-15  Basuke Suzuki  <Basuke.Suzuki@sony.com>
>+
>+        [Curl] Allow passing contents of Root CA data directly.
>+        https://bugs.webkit.org/show_bug.cgi?id=185782
>+
>+        Currently the data must be in a file and set by its path. This patch
>+        allow application to set root CA data by passing binary data directly.
>+
>+        Reviewed by Youenn Fablet.
>+
>+        No new tests. Tested internally.
>+
>+        * platform/network/curl/CurlRequest.cpp:
>+        (WebCore::CurlRequest::setupTransfer):
>+        * platform/network/curl/CurlSSLHandle.cpp:
>+        (WebCore::CurlSSLHandle::CurlSSLHandle):
>+        (WebCore::CurlSSLHandle::setCACertPath):
>+        (WebCore::CurlSSLHandle::setCACertData):
>+        * platform/network/curl/CurlSSLHandle.h:
>+        (WebCore::CurlSSLHandle::getCipherList const):
>+        (WebCore::CurlSSLHandle::getSignatureAlgorithmsList const):
>+        (WebCore::CurlSSLHandle::getCurvesList const):
>+        (WebCore::CurlSSLHandle::setCipherList):
>+        (WebCore::CurlSSLHandle::setSignatureAlgorithmsList):
>+        (WebCore::CurlSSLHandle::setCurvesList):
>+        (WebCore::CurlSSLHandle::setIgnoreSSLErrors):
>+        (WebCore::CurlSSLHandle::getCACertPath const):
>+        (WebCore::CurlSSLHandle::getCACertData const):
>+        (WebCore::CurlSSLHandle::setCACertPath): Deleted.
>+        * platform/network/curl/CurlSSLVerifier.cpp:
>+        (WebCore::CurlSSLVerifier::CurlSSLVerifier):
>+
> 2018-06-15  Zalan Bujtas  <zalan@apple.com>
> 
>         [LFC] Fix static position left/top
>diff --git a/Source/WebCore/platform/network/curl/CurlRequest.cpp b/Source/WebCore/platform/network/curl/CurlRequest.cpp
>index 5aa728c9706..0d2547cb54d 100644
>--- a/Source/WebCore/platform/network/curl/CurlRequest.cpp
>+++ b/Source/WebCore/platform/network/curl/CurlRequest.cpp
>@@ -233,7 +233,9 @@ CURL* CurlRequest::setupTransfer()
>         m_curlHandle->setSslKeyPassword(sslClientCertificate->second.utf8().data());
>     }
> 
>-    m_curlHandle->setCACertPath(sslHandle.getCACertPath().utf8().data());
>+    const auto& caCertPath = sslHandle.getCACertPath();
>+    if (!caCertPath.isEmpty())
>+        m_curlHandle->setCACertPath(caCertPath.utf8().data());
> 
>     if (m_shouldSuspend)
>         setRequestPaused(true);
>diff --git a/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp b/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp
>index e84f776cce3..1d04d8cc75e 100644
>--- a/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp
>+++ b/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp
>@@ -44,11 +44,10 @@
> namespace WebCore {
> 
> CurlSSLHandle::CurlSSLHandle()
>-    : m_caCertPath(getCACertPathEnv())
> {
>-    char* ignoreSSLErrors = getenv("WEBKIT_IGNORE_SSL_ERRORS");
>-    if (ignoreSSLErrors)
>-        m_ignoreSSLErrors = true;
>+    auto caCertPath = getCACertPathEnv();
>+    if (!caCertPath.isEmpty())
>+        setCACertPath(WTFMove(caCertPath));
> 
> #if NEED_OPENSSL_THREAD_SUPPORT
>     ThreadSupport::setup();
>@@ -76,6 +75,18 @@ String CurlSSLHandle::getCACertPathEnv()
>     return String();
> }
> 
>+void CurlSSLHandle::setCACertPath(String&& caCertPath)
>+{
>+    m_caCertPath = WTFMove(caCertPath);
>+    m_caCertData.clear();
>+}
>+
>+void CurlSSLHandle::setCACertData(Vector<char>&& caCertData)
>+{
>+    m_caCertPath = String();
>+    m_caCertData = WTFMove(caCertData);
>+}
>+
> void CurlSSLHandle::setHostAllowsAnyHTTPSCertificate(const String& hostName)
> {
>     LockHolder mutex(m_mutex);
>diff --git a/Source/WebCore/platform/network/curl/CurlSSLHandle.h b/Source/WebCore/platform/network/curl/CurlSSLHandle.h
>index 1ff8457ac72..85151ff5010 100644
>--- a/Source/WebCore/platform/network/curl/CurlSSLHandle.h
>+++ b/Source/WebCore/platform/network/curl/CurlSSLHandle.h
>@@ -50,24 +50,27 @@ class CurlSSLHandle {
> public:
>     CurlSSLHandle();
> 
>-    String getCipherList() const { return m_cipherList; }
>-    String getSignatureAlgorithmsList() const { return m_signatureAlgorithmsList; }
>-    String getCurvesList() const { return m_curvesList; }
>+    const String& getCipherList() const { return m_cipherList; }
>+    const String& getSignatureAlgorithmsList() const { return m_signatureAlgorithmsList; }
>+    const String& getCurvesList() const { return m_curvesList; }
> 
>-    void setCipherList(String&& cipherList) { m_cipherList = WTFMove(cipherList); }
>-    void setSignatureAlgorithmsList(String&& signatureAlgorithmsList) { m_signatureAlgorithmsList = WTFMove(signatureAlgorithmsList); }
>-    void setCurvesList(String&& curvesList) { m_curvesList = WTFMove(curvesList); }
>+    WEBCORE_EXPORT void setCipherList(String&& data) { m_cipherList = WTFMove(data); }
>+    WEBCORE_EXPORT void setSignatureAlgorithmsList(String&& data) { m_signatureAlgorithmsList = WTFMove(data); }
>+    WEBCORE_EXPORT void setCurvesList(String&& data) { m_curvesList = WTFMove(data); }
> 
>     bool shouldIgnoreSSLErrors() const { return m_ignoreSSLErrors; }
>+    WEBCORE_EXPORT void setIgnoreSSLErrors(bool flag) { m_ignoreSSLErrors = flag; }
> 
>-    String getCACertPath() const { return m_caCertPath; }
>-    void setCACertPath(String&& caCertPath) { m_caCertPath = WTFMove(caCertPath); }
>+    const String& getCACertPath() const { return m_caCertPath; }
>+    const Vector<char>& getCACertData() const { return m_caCertData; }
>+    WEBCORE_EXPORT void setCACertPath(String&&);
>+    WEBCORE_EXPORT void setCACertData(Vector<char>&&);
> 
>     WEBCORE_EXPORT void setHostAllowsAnyHTTPSCertificate(const String&);
>     bool isAllowedHTTPSCertificateHost(const String&);
>     bool canIgnoredHTTPSCertificate(const String&, const ListHashSet<String>&);
> 
>-    void setClientCertificateInfo(const String&, const String&, const String&);
>+    WEBCORE_EXPORT void setClientCertificateInfo(const String&, const String&, const String&);
>     std::optional<ClientCertificate> getSSLClientCertificate(const String&);
> 
> private:
>@@ -100,13 +103,13 @@ private:
> 
>     String getCACertPathEnv();
> 
>-    bool m_ignoreSSLErrors { false };
>-
>     String m_cipherList;
>     String m_signatureAlgorithmsList;
>     String m_curvesList;
>-
>     String m_caCertPath;
>+    Vector<char> m_caCertData;
>+
>+    bool m_ignoreSSLErrors { false };
> 
>     Lock m_mutex;
>     HashMap<String, ListHashSet<String>, ASCIICaseInsensitiveHash> m_allowedHosts;
>diff --git a/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp b/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp
>index 8475e5c77a5..b50b029d66e 100644
>--- a/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp
>+++ b/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp
>@@ -44,6 +44,12 @@ CurlSSLVerifier::CurlSSLVerifier(CurlHandle* curlHandle, const String& hostName,
>     SSL_CTX_set_app_data(ctx, this);
>     SSL_CTX_set_verify(ctx, SSL_CTX_get_verify_mode(ctx), certVerifyCallback);
> 
>+#if defined(LIBRESSL_VERSION_NUMBER)
>+    const auto& caCertData = sslHandle.getCACertData();
>+    if (!caCertData.isEmpty())
>+        SSL_CTX_load_verify_mem(ctx, static_cast<void*>(const_cast<char*>(caCertData.data())), caCertData.size());
>+#endif
>+
> #if (!defined(LIBRESSL_VERSION_NUMBER))
>     auto signatureAlgorithmsList = sslHandle.getSignatureAlgorithmsList();
>     if (!signatureAlgorithmsList.isEmpty())

Actions: View | Formatted Diff | Diff

Attachments on bug 185782: 340739 | 342825 | 342841 | 342842 | 342950 | 342954