104356 2012-12-07 02:30:40 -0800 [SOUP] Failed to connect secure Websocket request (wss://) 2017-05-05 07:14:26 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Other Linux RESOLVED WONTFIX P2 Normal --- 0 basavaraj.ps webkit-unassigned bugs-noreply danw gustavo keunsoon.lee laszlo.gombos mcatanzaro mrobinson rakuco webkit.review.bot yutak oldest_to_newest 785762 0 basavaraj.ps 2012-12-07 02:30:40 -0800 [EFL] - Failed to connect secure Websocket request (wss://) 785767 1 178188 basavaraj.ps 2012-12-07 02:38:24 -0800 Created attachment 178188 Patch 785773 2 basavaraj.ps 2012-12-07 02:46:04 -0800 To reproduce the issue 1. Fetch http://www.websocket.org/echo.html 2. Click on "Use Secure websocket [TLS]" 3. Connect 4. Disconnect is displayed in the Log Patch is for EFL and other port which uses gnome network libraries. Cause: Fail in TLS Handshake, because "accept-certificate" callback is not registered. 785779 3 178188 gyuyoung.kim 2012-12-07 03:01:49 -0800 Comment on attachment 178188 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=178188&action=review > Source/WebCore/ChangeLog:3 > + [EFL] - Failed to connect secure Websocket request (wss://) This is not efl specific patch. Use [Soup] prefix instead of [EFL]. Beside '-' is not needed in bug title. > Source/WebCore/ChangeLog:6 > + Failed to connect secure Websocket request (wss://) in EFL Port, I think GTK port also has this problem because GTK and EFL ports use soup. Did you check it ? > Source/WebCore/platform/network/soup/SocketStreamHandleSoup.cpp:298 > + // FIXME : Currently Accepting all the certificate, handle it properly later. Add notImplemented(); > Source/WebCore/platform/network/soup/SocketStreamHandleSoup.cpp:308 > + // FIXME : We don't have a way to get root CA's certificate info here, so, "accept-certificate" will say UNKNOWN_CA for all connection. "FIXME:" is general. 785788 4 178192 basavaraj.ps 2012-12-07 03:39:30 -0800 Created attachment 178192 Patch 785789 5 basavaraj.ps 2012-12-07 03:41:20 -0800 corrected based on review comments given by Gyuyoung Kim, and Uploaded new patch 785814 6 178192 danw 2012-12-07 05:06:47 -0800 Comment on attachment 178192 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=178192&action=review > Source/WebCore/platform/network/soup/SocketStreamHandleSoup.cpp:308 > + // FIXME: We don't have a way to get root CA's certificate info here, so, "accept-certificate" will say UNKNOWN_CA for all connection. That's not true; GTlsConnection will check against the system CA list by default. This change is only needed for connecting to wss servers using unrecognized CAs. IIRC, Safari's behavior is to use the same list of certificate exceptions as it uses for https connections, and not provide any way to override it from the wss side. (ie, you have to have already ok'ed the bad certificate on an https connection before you can use it for wss connections). I think there may be discussion about this in other open bugs here. (For the soup backend, there's currently no way to add certificate exceptions at the webkit level, although I think Epiphany and Midori both implement it for https at higher levels.) 785835 7 basavaraj.ps 2012-12-07 05:52:29 -0800 (In reply to comment #6) > (From update of attachment 178192 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=178192&action=review > > > Source/WebCore/platform/network/soup/SocketStreamHandleSoup.cpp:308 > > + // FIXME: We don't have a way to get root CA's certificate info here, so, "accept-certificate" will say UNKNOWN_CA for all connection. > > That's not true; GTlsConnection will check against the system CA list by default. This change is only needed for connecting to wss servers using unrecognized CAs. > > IIRC, Safari's behavior is to use the same list of certificate exceptions as it uses for https connections, and not provide any way to override it from the wss side. (ie, you have to have already ok'ed the bad certificate on an https connection before you can use it for wss connections). I think there may be discussion about this in other open bugs here. (For the soup backend, there's currently no way to add certificate exceptions at the webkit level, although I think Epiphany and Midori both implement it for https at higher levels.) Hi Dan You mean "accept_certificate" callaback will not get triggered or called if WSS servers using recognized CA ? We tried following thing for wss, g_tls_connection_set_database() is used, we get error UNKNOWN_CA in the callback for https when we use g_object_set(SOUP_SESSION, "tls-database",..), we get trusted certificate without any error.. However, we used same database for g_object_set() and g_tls_connection_set_database(). 786704 8 danw 2012-12-09 01:22:15 -0800 (In reply to comment #7) > You mean "accept_certificate" callaback will not get triggered or called if WSS servers using recognized CA ? Yes, that's how it should work... > for https when we use g_object_set(SOUP_SESSION, "tls-database",..), we get trusted certificate without any error.. > However, we used same database for g_object_set() and g_tls_connection_set_database(). Is the server sending a different certificate for wss than for https maybe? 787184 9 basavaraj.ps 2012-12-10 04:06:30 -0800 (In reply to comment #8) > (In reply to comment #7) > > You mean "accept_certificate" callaback will not get triggered or called if WSS servers using recognized CA ? > > Yes, that's how it should work... > > > for https when we use g_object_set(SOUP_SESSION, "tls-database",..), we get trusted certificate without any error.. > > However, we used same database for g_object_set() and g_tls_connection_set_database(). > > Is the server sending a different certificate for wss than for https maybe? Yes 791469 10 basavaraj.ps 2012-12-14 01:46:47 -0800 (In reply to comment #9) > (In reply to comment #8) > > (In reply to comment #7) > > > You mean "accept_certificate" callaback will not get triggered or called if WSS servers using recognized CA ? > > > > Yes, that's how it should work... > > > > > for https when we use g_object_set(SOUP_SESSION, "tls-database",..), we get trusted certificate without any error.. > > > However, we used same database for g_object_set() and g_tls_connection_set_database(). > > > > Is the server sending a different certificate for wss than for https maybe? > Yes Hi Dan, Dont you think, This patch is usefull, if you want show certificate warning message to the user allow (return TRUE) or deny (return FALSE) for this wss request ?. we can show certificate warning message from "accept-certificate" callback.. Because i saw in Mozilla, they support it, https://bugzilla.mozilla.org/show_bug.cgi?id=594502 Thank You 976891 11 178192 andersca 2014-02-05 11:02:46 -0800 Comment on attachment 178192 Patch Clearing review flag on patches from before 2014. If this patch is still relevant, please reset the r? flag. 1305099 12 mcatanzaro 2017-05-05 07:14:26 -0700 We should not support this. The server you're connecting to is just broken. 178188 2012-12-07 02:38:24 -0800 2012-12-07 03:39:22 -0800 Patch bug-104356-20121207161059.patch text/plain 3653 basavaraj.ps U3VidmVyc2lvbiBSZXZpc2lvbjogMTM2OTM5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMGUzZTRiOWY4MTE1OTQx M2FkY2RhNDYwZDE2MDVjYjU0MjA3MjM4Ny4uNzM1ZTdkZjJiZjc0ODIwOWNkYjA2NDA2OTk5Njg5 Y2IwMjVhYzI0ZCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDEyLTEyLTA3ICBCYXNh dmFyYWogUFMgIDxiYXNhdmFyYWoucHNAc2Ftc3VuZy5jb20+CisKKyAgICAgICAgW0VGTF0gLSBG YWlsZWQgdG8gY29ubmVjdCBzZWN1cmUgV2Vic29ja2V0IHJlcXVlc3QgKHdzczovLykKKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEwNDM1NgorCisgICAg ICAgIEZhaWxlZCB0byBjb25uZWN0IHNlY3VyZSBXZWJzb2NrZXQgcmVxdWVzdCAod3NzOi8vKSBp biBFRkwgUG9ydCwgCisgICAgICAgIGJlY2F1c2UgVExTIEhhbmRzaGFrZSBpcyBmYWlsaW5nIGR1 ZSB0byAiYWNjZXB0LWNlcnRpZmNpYXRlIiBjYWxsYmFjayAKKyAgICAgICAgaXMgbm90IHJlZ3Np dGVyZWQuCisKKyAgICAgICAgTm8gdGVzdCBjYXNlcywgYmVjYXVzZSBubyBjaGFuZ2UgaW4gdGhl IGZ1bmN0aW9uYWxpdHkuCisKKyAgICAgICAgKiBwbGF0Zm9ybS9uZXR3b3JrL3NvdXAvU29ja2V0 U3RyZWFtSGFuZGxlU291cC5jcHA6CisgICAgICAgIChXZWJDb3JlKToKKyAgICAgICAgKFdlYkNv cmU6OlNvY2tldFN0cmVhbUhhbmRsZTo6U29ja2V0U3RyZWFtSGFuZGxlKToKKyAgICAgICAgKFdl YkNvcmU6OmFjY2VwdENlcnRpZmljYXRlQ2FsbGJhY2spOgorICAgICAgICAoV2ViQ29yZTo6ZXZl bnRDYWxsYmFjayk6CisKIDIwMTItMTItMDYgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNp YUBpZ2FsaWEuY29tPgogCiAgICAgICAgIFVzZSBhbHdheXMgdGhlIG9yZGVyIGl0ZXJhdG9yIGZy b20gZGF0YSBtZW1iZXIgaW4gUmVuZGVyRmxleGlibGVCb3gKZGlmZiAtLWdpdCBhL1NvdXJjZS9X ZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9Tb2NrZXRTdHJlYW1IYW5kbGVTb3VwLmNwcCBi L1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9Tb2NrZXRTdHJlYW1IYW5kbGVT b3VwLmNwcAppbmRleCA2YzRlZWZmYzlhZmMwOTE0NzhmY2QwMjcxNzU4ZTM5ZDY1YTVhNzhkLi5l YWQwZjJkMzI1YTc4ODUyYzEwYThjM2I5YjFhZDU0NTFlNmJhYWZmIDEwMDY0NAotLS0gYS9Tb3Vy Y2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvU29ja2V0U3RyZWFtSGFuZGxlU291cC5j cHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9zb3VwL1NvY2tldFN0cmVh bUhhbmRsZVNvdXAuY3BwCkBAIC01NCw2ICs1NCw4IEBAIG5hbWVzcGFjZSBXZWJDb3JlIHsKIHN0 YXRpYyB2b2lkIGNvbm5lY3RlZENhbGxiYWNrKEdTb2NrZXRDbGllbnQqLCBHQXN5bmNSZXN1bHQq LCB2b2lkKik7CiBzdGF0aWMgdm9pZCByZWFkUmVhZHlDYWxsYmFjayhHSW5wdXRTdHJlYW0qLCBH QXN5bmNSZXN1bHQqLCB2b2lkKik7CiBzdGF0aWMgZ2Jvb2xlYW4gd3JpdGVSZWFkeUNhbGxiYWNr KEdQb2xsYWJsZU91dHB1dFN0cmVhbSosIHZvaWQqKTsKK3N0YXRpYyBnYm9vbGVhbiBhY2NlcHRD ZXJ0aWZpY2F0ZUNhbGxiYWNrKEdUbHNDb25uZWN0aW9uKiwgR1Rsc0NlcnRpZmljYXRlKiwgR1Rs c0NlcnRpZmljYXRlRmxhZ3MsIGdwb2ludGVyKTsKK3N0YXRpYyB2b2lkIGV2ZW50Q2FsbGJhY2so R1NvY2tldENsaWVudCosIEdTb2NrZXRDbGllbnRFdmVudCwgR1NvY2tldENvbm5lY3RhYmxlKiwg R0lPU3RyZWFtKiwgZ3BvaW50ZXIpOwogCiAvLyBIYXZpbmcgYSBsaXN0IG9mIGFjdGl2ZSBoYW5k bGVzIG1lYW5zIHRoYXQgd2UgZG8gbm90IGhhdmUgdG8gd29ycnkgYWJvdXQgV2ViQ29yZQogLy8g cmVmZXJlbmNlIGNvdW50aW5nIGluIEdMaWIgY2FsbGJhY2tzLiBPbmNlIHRoZSBoYW5kbGUgaXMg b2ZmIHRoZSBhY3RpdmUgaGFuZGxlcyBsaXN0CkBAIC05MCw4ICs5MiwxMCBAQCBTb2NrZXRTdHJl YW1IYW5kbGU6OlNvY2tldFN0cmVhbUhhbmRsZShjb25zdCBLVVJMJiB1cmwsIFNvY2tldFN0cmVh bUhhbmRsZUNsaWVudAogCiAgICAgbV9pZCA9IGFjdGl2YXRlSGFuZGxlKHRoaXMpOwogICAgIEdS ZWZQdHI8R1NvY2tldENsaWVudD4gc29ja2V0Q2xpZW50ID0gYWRvcHRHUmVmKGdfc29ja2V0X2Ns aWVudF9uZXcoKSk7Ci0gICAgaWYgKHVybC5wcm90b2NvbElzKCJ3c3MiKSkKKyAgICBpZiAodXJs LnByb3RvY29sSXMoIndzcyIpKSB7CiAgICAgICAgIGdfc29ja2V0X2NsaWVudF9zZXRfdGxzKHNv Y2tldENsaWVudC5nZXQoKSwgVFJVRSk7CisgICAgICAgIGdfc2lnbmFsX2Nvbm5lY3QoR19PQkpF Q1Qoc29ja2V0Q2xpZW50LmdldCgpKSwgImV2ZW50IiwgR19DQUxMQkFDSyhldmVudENhbGxiYWNr KSwgbV9pZCk7CisgICAgfQogICAgIGdfc29ja2V0X2NsaWVudF9jb25uZWN0X3RvX2hvc3RfYXN5 bmMoc29ja2V0Q2xpZW50LmdldCgpLCB1cmwuaG9zdCgpLnV0ZjgoKS5kYXRhKCksIHBvcnQsIDAs CiAgICAgICAgIHJlaW50ZXJwcmV0X2Nhc3Q8R0FzeW5jUmVhZHlDYWxsYmFjaz4oY29ubmVjdGVk Q2FsbGJhY2spLCBtX2lkKTsKIH0KQEAgLTI4OSw0ICsyOTMsMjEgQEAgc3RhdGljIGdib29sZWFu IHdyaXRlUmVhZHlDYWxsYmFjayhHUG9sbGFibGVPdXRwdXRTdHJlYW0qLCB2b2lkKiBpZCkKICAg ICByZXR1cm4gVFJVRTsKIH0KIAorc3RhdGljIGdib29sZWFuIGFjY2VwdENlcnRpZmljYXRlQ2Fs bGJhY2soR1Rsc0Nvbm5lY3Rpb24qIHRsc0Nvbm5lY3Rpb24sIEdUbHNDZXJ0aWZpY2F0ZSogdGxz Q2VydGlmaWNhdGUsIEdUbHNDZXJ0aWZpY2F0ZUZsYWdzIGVycm9ycywgZ3BvaW50ZXIgdXNlckRh dGEpCit7CisgICAgLy8gRklYTUUgOiBDdXJyZW50bHkgQWNjZXB0aW5nIGFsbCB0aGUgY2VydGlm aWNhdGUsIGhhbmRsZSBpdCBwcm9wZXJseSBsYXRlci4KKyAgICByZXR1cm4gVFJVRTsKK30KKwor c3RhdGljIHZvaWQgZXZlbnRDYWxsYmFjayhHU29ja2V0Q2xpZW50KiBzb2NrZXRDbGllbnQsIEdT b2NrZXRDbGllbnRFdmVudCBldmVudCwgR1NvY2tldENvbm5lY3RhYmxlKiBjb25uZWN0YWJsZSwg R0lPU3RyZWFtKiBjb25uLCBncG9pbnRlciBpZCkKK3sKKyAgICBTb2NrZXRTdHJlYW1IYW5kbGUq IGhhbmRsZSA9IGdldEhhbmRsZUZyb21JZChpZCk7CisgICAgaWYgKCFoYW5kbGUpCisgICAgICAg IHJldHVybjsKKworICAgIC8vIEZJWE1FIDogV2UgZG9uJ3QgaGF2ZSBhIHdheSB0byBnZXQgcm9v dCBDQSdzIGNlcnRpZmljYXRlIGluZm8gaGVyZSwgc28sICJhY2NlcHQtY2VydGlmaWNhdGUiIHdp bGwgc2F5IFVOS05PV05fQ0EgZm9yIGFsbCBjb25uZWN0aW9uLgorICAgIGlmIChldmVudCA9PSBH X1NPQ0tFVF9DTElFTlRfVExTX0hBTkRTSEFLSU5HKQorICAgICAgICBnX3NpZ25hbF9jb25uZWN0 KEdfVExTX0NPTk5FQ1RJT04oY29ubiksICJhY2NlcHQtY2VydGlmaWNhdGUiLCBHX0NBTExCQUNL KGFjY2VwdENlcnRpZmljYXRlQ2FsbGJhY2spLCAwKTsKK30KKwogfSAvLyBuYW1lc3BhY2UgV2Vi Q29yZQo= 178192 2012-12-07 03:39:30 -0800 2014-02-05 11:02:45 -0800 Patch bug-104356-20121207171206.patch text/plain 3620 basavaraj.ps U3VidmVyc2lvbiBSZXZpc2lvbjogMTM2OTM5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMGUzZTRiOWY4MTE1OTQx M2FkY2RhNDYwZDE2MDVjYjU0MjA3MjM4Ny4uNjZiM2JmMzcwZmRkODUyNWVkYzQyZjE0YWQ3ZGFj YmMzMTFkZDNhYSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDEyLTEyLTA3ICBCYXNh dmFyYWogUFMgIDxiYXNhdmFyYWoucHNAc2Ftc3VuZy5jb20+CisKKyAgICAgICAgW1NPVVBdIEZh aWxlZCB0byBjb25uZWN0IHNlY3VyZSBXZWJzb2NrZXQgcmVxdWVzdCAod3NzOi8vKQorICAgICAg ICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTA0MzU2CisKKyAgICAg ICAgRmFpbGVkIHRvIGNvbm5lY3Qgc2VjdXJlIFdlYnNvY2tldCByZXF1ZXN0ICh3c3M6Ly8pIGlu IEVGTCBhbmQgb3RoZXIgUG9ydCB3aGljaCB1c2VzIGxpYnNvdXAsIAorICAgICAgICBiZWNhdXNl IFRMUyBIYW5kc2hha2UgaXMgZmFpbGluZyBkdWUgdG8gImFjY2VwdC1jZXJ0aWZjaWF0ZSIgY2Fs bGJhY2sgCisgICAgICAgIGlzIG5vdCByZWdzaXRlcmVkLgorCisgICAgICAgIE5vIHRlc3QgY2Fz ZXMsIGJlY2F1c2Ugbm8gY2hhbmdlIGluIHRoZSBmdW5jdGlvbmFsaXR5LgorCisgICAgICAgICog cGxhdGZvcm0vbmV0d29yay9zb3VwL1NvY2tldFN0cmVhbUhhbmRsZVNvdXAuY3BwOgorICAgICAg ICAoV2ViQ29yZSk6CisgICAgICAgIChXZWJDb3JlOjpTb2NrZXRTdHJlYW1IYW5kbGU6OlNvY2tl dFN0cmVhbUhhbmRsZSk6CisgICAgICAgIChXZWJDb3JlOjphY2NlcHRDZXJ0aWZpY2F0ZUNhbGxi YWNrKToKKyAgICAgICAgKFdlYkNvcmU6OmV2ZW50Q2FsbGJhY2spOgorCiAyMDEyLTEyLTA2ICBD YXJsb3MgR2FyY2lhIENhbXBvcyAgPGNnYXJjaWFAaWdhbGlhLmNvbT4KIAogICAgICAgICBVc2Ug YWx3YXlzIHRoZSBvcmRlciBpdGVyYXRvciBmcm9tIGRhdGEgbWVtYmVyIGluIFJlbmRlckZsZXhp YmxlQm94CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAv U29ja2V0U3RyZWFtSGFuZGxlU291cC5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3 b3JrL3NvdXAvU29ja2V0U3RyZWFtSGFuZGxlU291cC5jcHAKaW5kZXggNmM0ZWVmZmM5YWZjMDkx NDc4ZmNkMDI3MTc1OGUzOWQ2NWE1YTc4ZC4uNmJhYWJiMDgwMDgzZDkzZjJjOWFmNTllYTRjMmZh NWE4NjJiOGQ0YiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9z b3VwL1NvY2tldFN0cmVhbUhhbmRsZVNvdXAuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRm b3JtL25ldHdvcmsvc291cC9Tb2NrZXRTdHJlYW1IYW5kbGVTb3VwLmNwcApAQCAtNTQsNiArNTQs OCBAQCBuYW1lc3BhY2UgV2ViQ29yZSB7CiBzdGF0aWMgdm9pZCBjb25uZWN0ZWRDYWxsYmFjayhH U29ja2V0Q2xpZW50KiwgR0FzeW5jUmVzdWx0Kiwgdm9pZCopOwogc3RhdGljIHZvaWQgcmVhZFJl YWR5Q2FsbGJhY2soR0lucHV0U3RyZWFtKiwgR0FzeW5jUmVzdWx0Kiwgdm9pZCopOwogc3RhdGlj IGdib29sZWFuIHdyaXRlUmVhZHlDYWxsYmFjayhHUG9sbGFibGVPdXRwdXRTdHJlYW0qLCB2b2lk Kik7CitzdGF0aWMgZ2Jvb2xlYW4gYWNjZXB0Q2VydGlmaWNhdGVDYWxsYmFjayhHVGxzQ29ubmVj dGlvbiosIEdUbHNDZXJ0aWZpY2F0ZSosIEdUbHNDZXJ0aWZpY2F0ZUZsYWdzLCBncG9pbnRlcik7 CitzdGF0aWMgdm9pZCBldmVudENhbGxiYWNrKEdTb2NrZXRDbGllbnQqLCBHU29ja2V0Q2xpZW50 RXZlbnQsIEdTb2NrZXRDb25uZWN0YWJsZSosIEdJT1N0cmVhbSosIGdwb2ludGVyKTsKIAogLy8g SGF2aW5nIGEgbGlzdCBvZiBhY3RpdmUgaGFuZGxlcyBtZWFucyB0aGF0IHdlIGRvIG5vdCBoYXZl IHRvIHdvcnJ5IGFib3V0IFdlYkNvcmUKIC8vIHJlZmVyZW5jZSBjb3VudGluZyBpbiBHTGliIGNh bGxiYWNrcy4gT25jZSB0aGUgaGFuZGxlIGlzIG9mZiB0aGUgYWN0aXZlIGhhbmRsZXMgbGlzdApA QCAtOTAsOCArOTIsMTAgQEAgU29ja2V0U3RyZWFtSGFuZGxlOjpTb2NrZXRTdHJlYW1IYW5kbGUo Y29uc3QgS1VSTCYgdXJsLCBTb2NrZXRTdHJlYW1IYW5kbGVDbGllbnQKIAogICAgIG1faWQgPSBh Y3RpdmF0ZUhhbmRsZSh0aGlzKTsKICAgICBHUmVmUHRyPEdTb2NrZXRDbGllbnQ+IHNvY2tldENs aWVudCA9IGFkb3B0R1JlZihnX3NvY2tldF9jbGllbnRfbmV3KCkpOwotICAgIGlmICh1cmwucHJv dG9jb2xJcygid3NzIikpCisgICAgaWYgKHVybC5wcm90b2NvbElzKCJ3c3MiKSkgewogICAgICAg ICBnX3NvY2tldF9jbGllbnRfc2V0X3Rscyhzb2NrZXRDbGllbnQuZ2V0KCksIFRSVUUpOworICAg ICAgICBnX3NpZ25hbF9jb25uZWN0KEdfT0JKRUNUKHNvY2tldENsaWVudC5nZXQoKSksICJldmVu dCIsIEdfQ0FMTEJBQ0soZXZlbnRDYWxsYmFjayksIG1faWQpOworICAgIH0KICAgICBnX3NvY2tl dF9jbGllbnRfY29ubmVjdF90b19ob3N0X2FzeW5jKHNvY2tldENsaWVudC5nZXQoKSwgdXJsLmhv c3QoKS51dGY4KCkuZGF0YSgpLCBwb3J0LCAwLAogICAgICAgICByZWludGVycHJldF9jYXN0PEdB c3luY1JlYWR5Q2FsbGJhY2s+KGNvbm5lY3RlZENhbGxiYWNrKSwgbV9pZCk7CiB9CkBAIC0yODks NCArMjkzLDIxIEBAIHN0YXRpYyBnYm9vbGVhbiB3cml0ZVJlYWR5Q2FsbGJhY2soR1BvbGxhYmxl T3V0cHV0U3RyZWFtKiwgdm9pZCogaWQpCiAgICAgcmV0dXJuIFRSVUU7CiB9CiAKK3N0YXRpYyBn Ym9vbGVhbiBhY2NlcHRDZXJ0aWZpY2F0ZUNhbGxiYWNrKEdUbHNDb25uZWN0aW9uKiB0bHNDb25u ZWN0aW9uLCBHVGxzQ2VydGlmaWNhdGUqIHRsc0NlcnRpZmljYXRlLCBHVGxzQ2VydGlmaWNhdGVG bGFncyBlcnJvcnMsIGdwb2ludGVyIHVzZXJEYXRhKQoreworICAgIG5vdEltcGxlbWVudGVkKCk7 CisgICAgcmV0dXJuIFRSVUU7Cit9CisKK3N0YXRpYyB2b2lkIGV2ZW50Q2FsbGJhY2soR1NvY2tl dENsaWVudCogc29ja2V0Q2xpZW50LCBHU29ja2V0Q2xpZW50RXZlbnQgZXZlbnQsIEdTb2NrZXRD b25uZWN0YWJsZSogY29ubmVjdGFibGUsIEdJT1N0cmVhbSogY29ubiwgZ3BvaW50ZXIgaWQpCit7 CisgICAgU29ja2V0U3RyZWFtSGFuZGxlKiBoYW5kbGUgPSBnZXRIYW5kbGVGcm9tSWQoaWQpOwor ICAgIGlmICghaGFuZGxlKQorICAgICAgICByZXR1cm47CisKKyAgICAvLyBGSVhNRTogV2UgZG9u J3QgaGF2ZSBhIHdheSB0byBnZXQgcm9vdCBDQSdzIGNlcnRpZmljYXRlIGluZm8gaGVyZSwgc28s ICJhY2NlcHQtY2VydGlmaWNhdGUiIHdpbGwgc2F5IFVOS05PV05fQ0EgZm9yIGFsbCBjb25uZWN0 aW9uLgorICAgIGlmIChldmVudCA9PSBHX1NPQ0tFVF9DTElFTlRfVExTX0hBTkRTSEFLSU5HKQor ICAgICAgICBnX3NpZ25hbF9jb25uZWN0KEdfVExTX0NPTk5FQ1RJT04oY29ubiksICJhY2NlcHQt Y2VydGlmaWNhdGUiLCBHX0NBTExCQUNLKGFjY2VwdENlcnRpZmljYXRlQ2FsbGJhY2spLCAwKTsK K30KKwogfSAvLyBuYW1lc3BhY2UgV2ViQ29yZQo=