Attachment 342954 Details for Bug 185782 – FIX

[patch] FIX

185782.diff (text/plain), 8.30 KB, created by Basuke Suzuki on 2018-06-18 11:14:00 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Basuke Suzuki

Created: 2018-06-18 11:14:00 PDT

Size: 8.30 KB

patch

obsolete

>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index 93e51bcecc1..2ae61073d66 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,37 @@
>+2018-06-18  Basuke Suzuki  <Basuke.Suzuki@sony.com>
>+
>+        [Curl] Allow passing contents of Root CA data directly.
>+        https://bugs.webkit.org/show_bug.cgi?id=185782
>+
>+        Currently the data must be in a file and set by its path. This patch
>+        allow application to set root CA data by passing binary data directly.
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        No new tests. Tested internally.
>+
>+        * platform/network/curl/CurlRequest.cpp:
>+        (WebCore::CurlRequest::setupTransfer):
>+        * platform/network/curl/CurlSSLHandle.cpp:
>+        (WebCore::CurlSSLHandle::CurlSSLHandle):
>+        (WebCore::CurlSSLHandle::getCACertPathEnv):
>+        (WebCore::CurlSSLHandle::setCACertPath):
>+        (WebCore::CurlSSLHandle::setCACertData):
>+        (WebCore::CurlSSLHandle::clearCACertInfo):
>+        * platform/network/curl/CurlSSLHandle.h:
>+        (WebCore::CurlSSLHandle::getCipherList const):
>+        (WebCore::CurlSSLHandle::getSignatureAlgorithmsList const):
>+        (WebCore::CurlSSLHandle::getCurvesList const):
>+        (WebCore::CurlSSLHandle::setCipherList):
>+        (WebCore::CurlSSLHandle::setSignatureAlgorithmsList):
>+        (WebCore::CurlSSLHandle::setCurvesList):
>+        (WebCore::CurlSSLHandle::setIgnoreSSLErrors):
>+        (WebCore::CurlSSLHandle::getCACertInfo const):
>+        (WebCore::CurlSSLHandle::getCACertPath const): Deleted.
>+        (WebCore::CurlSSLHandle::setCACertPath): Deleted.
>+        * platform/network/curl/CurlSSLVerifier.cpp:
>+        (WebCore::CurlSSLVerifier::CurlSSLVerifier):
>+
> 2018-06-15  Zalan Bujtas  <zalan@apple.com>
> 
>         [LFC] Fix static position left/top
>diff --git a/Source/WebCore/platform/network/curl/CurlRequest.cpp b/Source/WebCore/platform/network/curl/CurlRequest.cpp
>index 5aa728c9706..91f17e42bef 100644
>--- a/Source/WebCore/platform/network/curl/CurlRequest.cpp
>+++ b/Source/WebCore/platform/network/curl/CurlRequest.cpp
>@@ -233,7 +233,8 @@ CURL* CurlRequest::setupTransfer()
>         m_curlHandle->setSslKeyPassword(sslClientCertificate->second.utf8().data());
>     }
> 
>-    m_curlHandle->setCACertPath(sslHandle.getCACertPath().utf8().data());
>+    if (auto path = WTF::get_if<String>(sslHandle.getCACertInfo()))
>+        m_curlHandle->setCACertPath(path->utf8().data());
> 
>     if (m_shouldSuspend)
>         setRequestPaused(true);
>diff --git a/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp b/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp
>index e84f776cce3..4c5c0e849f3 100644
>--- a/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp
>+++ b/Source/WebCore/platform/network/curl/CurlSSLHandle.cpp
>@@ -44,11 +44,10 @@
> namespace WebCore {
> 
> CurlSSLHandle::CurlSSLHandle()
>-    : m_caCertPath(getCACertPathEnv())
> {
>-    char* ignoreSSLErrors = getenv("WEBKIT_IGNORE_SSL_ERRORS");
>-    if (ignoreSSLErrors)
>-        m_ignoreSSLErrors = true;
>+    auto caCertPath = getCACertPathEnv();
>+    if (!caCertPath.isEmpty())
>+        setCACertPath(WTFMove(caCertPath));
> 
> #if NEED_OPENSSL_THREAD_SUPPORT
>     ThreadSupport::setup();
>@@ -67,8 +66,8 @@ String CurlSSLHandle::getCACertPathEnv()
>         RetainPtr<CFURLRef> certURLRef = adoptCF(CFBundleCopyResourceURL(webKitBundleRef, CFSTR("cacert"), CFSTR("pem"), CFSTR("certificates")));
>         if (certURLRef) {
>             char path[MAX_PATH];
>-            CFURLGetFileSystemRepresentation(certURLRef.get(), false, reinterpret_cast<UInt8*>(path), MAX_PATH);
>-            return String(path);
>+            if (CFURLGetFileSystemRepresentation(certURLRef.get(), false, reinterpret_cast<UInt8*>(path), MAX_PATH) && *path)
>+                return String(path);
>         }
>     }
> #endif
>@@ -76,6 +75,23 @@ String CurlSSLHandle::getCACertPathEnv()
>     return String();
> }
> 
>+void CurlSSLHandle::setCACertPath(String&& caCertPath)
>+{
>+    RELEASE_ASSERT(!caCertPath.isEmpty());
>+    m_caCertInfo = WTFMove(caCertPath);
>+}
>+
>+void CurlSSLHandle::setCACertData(Vector<char>&& caCertData)
>+{
>+    RELEASE_ASSERT(!caCertData.isEmpty());
>+    m_caCertInfo = WTFMove(caCertData);
>+}
>+
>+void CurlSSLHandle::clearCACertInfo()
>+{
>+    m_caCertInfo = WTF::Monostate { };
>+}
>+
> void CurlSSLHandle::setHostAllowsAnyHTTPSCertificate(const String& hostName)
> {
>     LockHolder mutex(m_mutex);
>diff --git a/Source/WebCore/platform/network/curl/CurlSSLHandle.h b/Source/WebCore/platform/network/curl/CurlSSLHandle.h
>index 1ff8457ac72..6d57f53ef0c 100644
>--- a/Source/WebCore/platform/network/curl/CurlSSLHandle.h
>+++ b/Source/WebCore/platform/network/curl/CurlSSLHandle.h
>@@ -31,6 +31,7 @@
> #include <wtf/ListHashSet.h>
> #include <wtf/NeverDestroyed.h>
> #include <wtf/Noncopyable.h>
>+#include <wtf/Variant.h>
> #include <wtf/text/StringHash.h>
> 
> // all version of LibreSSL and OpenSSL prior to 1.1.0 need thread support
>@@ -48,26 +49,31 @@ class CurlSSLHandle {
>     using ClientCertificate = std::pair<String, String>;
> 
> public:
>+    using CACertInfo = Variant<Monostate, String, Vector<char>>;
>+
>     CurlSSLHandle();
> 
>-    String getCipherList() const { return m_cipherList; }
>-    String getSignatureAlgorithmsList() const { return m_signatureAlgorithmsList; }
>-    String getCurvesList() const { return m_curvesList; }
>+    const String& getCipherList() const { return m_cipherList; }
>+    const String& getSignatureAlgorithmsList() const { return m_signatureAlgorithmsList; }
>+    const String& getCurvesList() const { return m_curvesList; }
> 
>-    void setCipherList(String&& cipherList) { m_cipherList = WTFMove(cipherList); }
>-    void setSignatureAlgorithmsList(String&& signatureAlgorithmsList) { m_signatureAlgorithmsList = WTFMove(signatureAlgorithmsList); }
>-    void setCurvesList(String&& curvesList) { m_curvesList = WTFMove(curvesList); }
>+    WEBCORE_EXPORT void setCipherList(String&& data) { m_cipherList = WTFMove(data); }
>+    WEBCORE_EXPORT void setSignatureAlgorithmsList(String&& data) { m_signatureAlgorithmsList = WTFMove(data); }
>+    WEBCORE_EXPORT void setCurvesList(String&& data) { m_curvesList = WTFMove(data); }
> 
>     bool shouldIgnoreSSLErrors() const { return m_ignoreSSLErrors; }
>+    WEBCORE_EXPORT void setIgnoreSSLErrors(bool flag) { m_ignoreSSLErrors = flag; }
> 
>-    String getCACertPath() const { return m_caCertPath; }
>-    void setCACertPath(String&& caCertPath) { m_caCertPath = WTFMove(caCertPath); }
>+    const CACertInfo& getCACertInfo() const { return m_caCertInfo; }
>+    WEBCORE_EXPORT void setCACertPath(String&&);
>+    WEBCORE_EXPORT void setCACertData(Vector<char>&&);
>+    WEBCORE_EXPORT void clearCACertInfo();
> 
>     WEBCORE_EXPORT void setHostAllowsAnyHTTPSCertificate(const String&);
>     bool isAllowedHTTPSCertificateHost(const String&);
>     bool canIgnoredHTTPSCertificate(const String&, const ListHashSet<String>&);
> 
>-    void setClientCertificateInfo(const String&, const String&, const String&);
>+    WEBCORE_EXPORT void setClientCertificateInfo(const String&, const String&, const String&);
>     std::optional<ClientCertificate> getSSLClientCertificate(const String&);
> 
> private:
>@@ -100,13 +106,12 @@ private:
> 
>     String getCACertPathEnv();
> 
>-    bool m_ignoreSSLErrors { false };
>-
>     String m_cipherList;
>     String m_signatureAlgorithmsList;
>     String m_curvesList;
>+    CACertInfo m_caCertInfo;
> 
>-    String m_caCertPath;
>+    bool m_ignoreSSLErrors { false };
> 
>     Lock m_mutex;
>     HashMap<String, ListHashSet<String>, ASCIICaseInsensitiveHash> m_allowedHosts;
>diff --git a/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp b/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp
>index 8475e5c77a5..3209c8b0dac 100644
>--- a/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp
>+++ b/Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp
>@@ -44,6 +44,11 @@ CurlSSLVerifier::CurlSSLVerifier(CurlHandle* curlHandle, const String& hostName,
>     SSL_CTX_set_app_data(ctx, this);
>     SSL_CTX_set_verify(ctx, SSL_CTX_get_verify_mode(ctx), certVerifyCallback);
> 
>+#if defined(LIBRESSL_VERSION_NUMBER)
>+    if (auto data = WTF::get_if<Vector<char>>(sslHandle.getCACertInfo()))
>+        SSL_CTX_load_verify_mem(ctx, static_cast<void*>(const_cast<char*>(data->data())), data->size());
>+#endif
>+
> #if (!defined(LIBRESSL_VERSION_NUMBER))
>     auto signatureAlgorithmsList = sslHandle.getSignatureAlgorithmsList();
>     if (!signatureAlgorithmsList.isEmpty())

Actions: View | Formatted Diff | Diff

Attachments on bug 185782: 340739 | 342825 | 342841 | 342842 | 342950 | 342954