121548 2013-09-18 03:36:34 -0700 [SOUP] TLSErrors do not cause page load to fail when not ignored 2014-05-07 03:12:08 -0700 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 131104 1 brian.holt brian.holt berto cdumez cgarcia commit-queue danw gustavo mario mrobinson rakuco svillar oldest_to_newest 930575 0 brian.holt 2013-09-18 03:36:34 -0700 When the m_ignoreTLSErrors in WebContext is set to false and a page like https://www.aeat.com is loaded, page loading does not fail (i.e. webkitWebViewLoadFailedWithTLSErrors is not called). Investigation into this issue revealed that the GTtlCertificateFlags in ResourceResponseSoup.cpp updateFromSoupMessage() are not persisted for more than a single update. 930576 1 211983 brian.holt 2013-09-18 03:46:19 -0700 Created attachment 211983 Patch 930578 2 cgarcia 2013-09-18 03:50:57 -0700 Is this a regression or has always happened? Could you add a unit test for this? 930579 3 brian.holt 2013-09-18 03:57:35 -0700 (In reply to comment #2) > Is this a regression or has always happened? Could you add a unit test for this? TestSSL passes without it, but I think this is because there is only one soup update, whereas https://www.aeat.com results in many updates and the error is overwritten on the second update. So I think it's always been like this, but I'm surprised you didn't encounter it in https://bugs.webkit.org/show_bug.cgi?id=90267#c12. 930580 4 svillar 2013-09-18 04:00:40 -0700 Are you sure https://www.aeat.com is showing that behaviour, it redirects to a non secure http site. Anyway... so the tls errors (if any) in the SoupMessage are set once the SSL connection is completed. When reading the description I was wondering why they would be cleared. When you say "are not persisted for more than a single update" do you mean that they are no longer there on reload? 930581 5 cgarcia 2013-09-18 04:14:34 -0700 The thing is why updateFromSoupMessage is called multiple times. Then try to reproduce that in a unit test. 930591 6 brian.holt 2013-09-18 05:47:28 -0700 (In reply to comment #4) > Are you sure https://www.aeat.com is showing that behaviour, it redirects to a non secure http site. Anyway... > Try it in Firefox/Chrome and compare to WK2, you should expect to see 3 errors: expired + bad identity + unknown CA > so the tls errors (if any) in the SoupMessage are set once the SSL connection is completed. When reading the description I was wondering why they would be cleared. When you say "are not persisted for more than a single update" do you mean that they are no longer there on reload? I mean that there are multiple calls to soup_message_get_https_status(soupMessage, &certificate, &m_tlsFlags); and its only in the first one that m_tlsFlags is set to 11. On the second and subsequent calls it is set to 0 by soup_message_get_https_status(). 930592 7 cgarcia 2013-09-18 05:51:33 -0700 (In reply to comment #6) > (In reply to comment #4) > > Are you sure https://www.aeat.com is showing that behaviour, it redirects to a non secure http site. Anyway... > > > > Try it in Firefox/Chrome and compare to WK2, you should expect to see 3 errors: expired + bad identity + unknown CA > > > so the tls errors (if any) in the SoupMessage are set once the SSL connection is completed. When reading the description I was wondering why they would be cleared. When you say "are not persisted for more than a single update" do you mean that they are no longer there on reload? > > I mean that there are multiple calls to > soup_message_get_https_status(soupMessage, &certificate, &m_tlsFlags); and its only in the first one that m_tlsFlags is set to 11. On the second and subsequent calls it is set to 0 by soup_message_get_https_status(). The patch makes sense, the question is why this is called multiple times for this page and not others, is it because of the redirection? can we emulate that in a unit test? 930593 8 brian.holt 2013-09-18 05:58:36 -0700 (In reply to comment #5) > [...] > The patch makes sense, the question is why this is called multiple times for this page and not others, is it because of the redirection? can we emulate that in a unit test? Sure, I'll try to reproduce it in the TestSSL unit test and upload a new patch. 930594 9 cgarcia 2013-09-18 06:01:29 -0700 (In reply to comment #8) > (In reply to comment #5) > > [...] > > The patch makes sense, the question is why this is called multiple times for this page and not others, is it because of the redirection? can we emulate that in a unit test? > > Sure, I'll try to reproduce it in the TestSSL unit test and upload a new patch. Thanks! 930611 10 svillar 2013-09-18 07:23:07 -0700 (In reply to comment #6) > (In reply to comment #4) > > Are you sure https://www.aeat.com is showing that behaviour, it redirects to a non secure http site. Anyway... > > > > Try it in Firefox/Chrome and compare to WK2, you should expect to see 3 errors: expired + bad identity + unknown CA Yeah but that's because they warn the user, probably we should do the same, but currently we just go on with the redirection. So it's normal that the errors are cleared because they belong to the original https site not to the redirected one. IMO it makes no sense to show the errors in the redirected page, we either ask the user for confirmation or just completely forget about the errors. 930614 11 brian.holt 2013-09-18 07:44:55 -0700 (In reply to comment #10) > [...] > Yeah but that's because they warn the user, probably we should do the same, but currently we just go on with the redirection. Should we fail page loading at this point with TLS errors and not allow the redirection to go ahead? Why does this not happen now and what is the best way of doing this? 930618 12 svillar 2013-09-18 07:56:15 -0700 (In reply to comment #11) > (In reply to comment #10) > > [...] > > Yeah but that's because they warn the user, probably we should do the same, but currently we just go on with the redirection. > > Should we fail page loading at this point with TLS errors and not allow the redirection to go ahead? Why does this not happen now and what is the best way of doing this? I think we definitely should, that redirection is a huge security issue because users won't notice that a compromised "secure" site (like your bank) is redirecting you to some let-me-steal-your-password pirate site. In any case I think that's a matter of the webkit embeders and not the engine itself. So in your example, epiphany should get the "decide-policy" signal which carries a WebKitNavigationPolicyDecision which has the request. I think in that case epiphany should get the request, check that there are some errors and ask the user whether they want to complete the navigation or cancel the redirection. 930621 13 cgarcia 2013-09-18 08:01:54 -0700 We don't warn because we are currently ignoring TLS errors by default, but Brian said that webkitWebViewLoadFailedWithTLSErrors is not called even when not ignoring TLS errors, if that's true, it's a bug. The plan is to shown an error page, but first we need to add support to allow the user to ignore individual TLS errors, and that's the API Brian is currently working on. 930622 14 brian.holt 2013-09-18 08:04:23 -0700 > In any case I think that's a matter of the webkit embeders and not the engine itself. So in your example, epiphany should get the "decide-policy" signal which carries a WebKitNavigationPolicyDecision which has the request. I think in that case epiphany should get the request, check that there are some errors and ask the user whether they want to complete the navigation or cancel the redirection. That's exactly what I'm aiming to support in https://bugs.webkit.org/show_bug.cgi?id=120160. The only problem is that webkitWebViewLoadFailedWithTLSErrors is not called when a site is loaded that has TLS errors... 930623 15 svillar 2013-09-18 08:08:43 -0700 (In reply to comment #13) > We don't warn because we are currently ignoring TLS errors by default, but Brian said that webkitWebViewLoadFailedWithTLSErrors is not called even when not ignoring TLS errors, if that's true, it's a bug. > The plan is to shown an error page, but first we need to add support to allow the user to ignore individual TLS errors, and that's the API Brian is currently working on. Ah OK then I didn't understand the bug correctly. In any case I think the real issue is to know why the errors are being removed something that is not clear to me. 930626 16 cgarcia 2013-09-18 08:15:10 -0700 (In reply to comment #15) > (In reply to comment #13) > > We don't warn because we are currently ignoring TLS errors by default, but Brian said that webkitWebViewLoadFailedWithTLSErrors is not called even when not ignoring TLS errors, if that's true, it's a bug. > > The plan is to shown an error page, but first we need to add support to allow the user to ignore individual TLS errors, and that's the API Brian is currently working on. > > Ah OK then I didn't understand the bug correctly. In any case I think the real issue is to know why the errors are being removed something that is not clear to me. And that's why I'm asking for a unit test :-) 935424 17 brian.holt 2013-10-02 10:03:30 -0700 Removing the dependency, as the TLS permission API patch works without this. I will investigate this soon. 1005335 18 211983 cgarcia 2014-04-30 03:11:51 -0700 Comment on attachment 211983 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=211983&action=review > Source/WebCore/ChangeLog:8 > + No new tests (OOPS!). You should remove this, commit-queue will refuse to land this patch with this line here. > Source/WebCore/platform/network/soup/ResourceResponseSoup.cpp:71 > + GTlsCertificateFlags tlsFlags = static_cast<GTlsCertificateFlags>(0); I would use tldErrors instead of tlsFlasg for consistency, making clear that this is the same as m_tlsErrors 1005375 19 230480 brian.holt 2014-04-30 09:00:28 -0700 Created attachment 230480 Patch 1005383 20 brian.holt 2014-04-30 09:05:40 -0700 I have a unit test, but I'm not convinced that it tests the issue properly. So in order to make progress with this issue I've rebased and uploaded the patch again and created a new bug for the GTK unit test (bug 132384). This fix should probably also be backported to the 2.4 (and possibly the 2.2) releases. 1005384 21 cgarcia 2014-04-30 09:14:00 -0700 (In reply to comment #20) > I have a unit test, but I'm not convinced that it tests the issue properly. why? what's the issue? You should have a failing test (maybe timing out because the expected signal is not emitted) without the patch and a passing test with the patch. > So in order to make progress with this issue I've rebased and uploaded the patch again and created a new bug for the GTK unit test (bug 132384). Well, having a unit tests reproducing the issue would help me to understand the problem, the fact that you have a unit test that you don't know if it tests the issue makes me doubt, because I don't understand the EFL test. > This fix should probably also be backported to the 2.4 (and possibly the 2.2) releases. Yes, I'll backport it. 1005701 22 brian.holt 2014-05-01 03:05:16 -0700 Carlos, if you were wondering if this really is a bug, you can follow these steps to reproduce with the problem in the MiniBrowser: 1) Modify main.c of MiniBrowser to set the TLS policy to fail (default is ignore) webkit_web_context_set_tls_errors_policy(webkit_web_context_get_default(), WEBKIT_TLS_ERRORS_POLICY_FAIL); 2) Build webkit and run $ ./bin/MiniBrowser https://www.aeat.com/ The site https://www.aeat.com/ has an invalid certificate so if it did not redirect, it would have failed. However, because it redirects to an http site http://www.ricardo-aea.com/cms/, the new site finishes the load without reporting an error. This is the bug. 3) Apply the patch attached to this bug report, rebuild and run $ ./bin/MiniBrowser https://www.aeat.com/ Observe that webkit now reports a TLS error. 1006014 23 mario 2014-05-02 04:05:56 -0700 (In reply to comment #22) > Carlos, if you were wondering if this really is a bug, you can follow these steps to reproduce with the problem in the MiniBrowser: > > 1) Modify main.c of MiniBrowser to set the TLS policy to fail (default is ignore) > > webkit_web_context_set_tls_errors_policy(webkit_web_context_get_default(), WEBKIT_TLS_ERRORS_POLICY_FAIL); > > 2) Build webkit and run $ ./bin/MiniBrowser https://www.aeat.com/ > > The site https://www.aeat.com/ has an invalid certificate so if it did not redirect, it would have failed. However, because it redirects to an http site http://www.ricardo-aea.com/cms/, the new site finishes the load without reporting an error. This is the bug. > > 3) Apply the patch attached to this bug report, rebuild and run $ ./bin/MiniBrowser https://www.aeat.com/ > > Observe that webkit now reports a TLS error. Thanks Brian for the step-by-step guide to reproduce the problem (and for the unit test attached to bug 132384). Carlos, do you think that this is enough to land the fix now, providing an unit test (EFL, GTK or both) will follow? I'll comment on bug 131104 to see if we can get the EFL unit test reviewed promptly, assuming that the real fix would be landed through this bug anyway 1006330 24 230480 cgarcia 2014-05-03 03:51:33 -0700 Comment on attachment 230480 Patch Thanks! 1006335 25 230480 cgarcia 2014-05-03 04:26:48 -0700 Comment on attachment 230480 Patch hmm, after trying the patch I've realized that this is not the right fix. This patch is setting the tls errors to the response after the redirection, which is not even a HTTPS response. I think we should fail *before* the redirection, so that we don't see the redirected URL in the browser either. 1006337 26 230752 cgarcia 2014-05-03 04:33:41 -0700 Created attachment 230752 Alternative patch Checks the TLS errors before starting a redirection. 1006902 27 brian.holt 2014-05-06 02:53:57 -0700 (In reply to comment #25) > (From update of attachment 230480 [details]) > hmm, after trying the patch I've realized that this is not the right fix. This patch is setting the tls errors to the response after the redirection, which is not even a HTTPS response. I think we should fail *before* the redirection, so that we don't see the redirected URL in the browser either. Thinking about it I agree with you that we should fail before the redirection. I wasn't sure about expected behaviour except to know that at some point the load should fail and the error should be reported. Failing earlier makes sense (and probably doesn't require it's own unit test then?). 1007256 28 230980 cgarcia 2014-05-07 02:37:31 -0700 Created attachment 230980 Updated patch including GTK unit test Before: /webkit2/WebKitWebView/tls-errors-redirect-to-http: ** ERROR:../../Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:142:void testTLSErrorsRedirect(SSLTest*, gconstpointer): assertion failed: (test->m_loadFailed) After: /webkit2/WebKitWebView/tls-errors-redirect-to-http: OK 1007261 29 230980 svillar 2014-05-07 02:50:48 -0700 Comment on attachment 230980 Updated patch including GTK unit test Nice fix! 1007270 30 cgarcia 2014-05-07 03:12:08 -0700 Committed r168417: <http://trac.webkit.org/changeset/168417> 211983 2013-09-18 03:46:19 -0700 2014-04-30 09:00:19 -0700 Patch bug-121548-20130918114715.patch text/plain 1819 brian.holt U3VidmVyc2lvbiBSZXZpc2lvbjogMTU2MDMzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMmMwMDVmM2QwMTJmMDgw MDdmOWI3ZDY2NGQ1YmMyMmYxNWJlZjZkOC4uNjU0MjA5NjBhNjliNWQyZWNmODI5ZTMwYzVkZmZi YWNhNjc4MjMyMCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE1IEBACisyMDEzLTA5LTE4ICBCcmlh biBIb2x0ICA8YnJpYW4uaG9sdEBzYW1zdW5nLmNvbT4KKworICAgICAgICBbR1RLXSBUTFNFcnJv cnMgZG8gbm90IGNhdXNlIHBhZ2UgbG9hZCB0byBmYWlsIHdoZW4gbm90IGlnbm9yZWQKKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEyMTU0OAorCisgICAg ICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIE5vIG5ldyB0ZXN0cyAo T09QUyEpLgorCisgICAgICAgICogcGxhdGZvcm0vbmV0d29yay9zb3VwL1Jlc291cmNlUmVzcG9u c2VTb3VwLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlJlc291cmNlUmVzcG9uc2U6OnVwZGF0ZUZy b21Tb3VwTWVzc2FnZSk6CisKIDIwMTMtMDktMTggIE1hcmlvIFNhbmNoZXogUHJhZGEgIDxtYXJp by5wcmFkYUBzYW1zdW5nLmNvbT4KIAogICAgICAgICBbQVRLXSBFeHBvc2UgYXJpYS1oYXNwb3B1 cCBhbmQgYXJpYS1zb3J0IHdpdGhvdXQgdGhlICdhcmlhLScgcHJlZml4CmRpZmYgLS1naXQgYS9T b3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VSZXNwb25zZVNvdXAu Y3BwIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9zb3VwL1Jlc291cmNlUmVzcG9u c2VTb3VwLmNwcAppbmRleCA5YzNiMGVkYmQ5ZmQzY2I2NzA4YTBmOTlmZTQyZDdiMjQ1NWQyNmYw Li4wMzhmMjQ3MmNiMDFmZDE2NzkwYmY2ODBhNjRkMjZkOWEyYTlkMTFjIDEwMDY0NAotLS0gYS9T b3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VSZXNwb25zZVNvdXAu Y3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9SZXNvdXJjZVJl c3BvbnNlU291cC5jcHAKQEAgLTY4LDcgKzY4LDEwIEBAIHZvaWQgUmVzb3VyY2VSZXNwb25zZTo6 dXBkYXRlRnJvbVNvdXBNZXNzYWdlKFNvdXBNZXNzYWdlKiBzb3VwTWVzc2FnZSkKICAgICBtX3Nv dXBGbGFncyA9IHNvdXBfbWVzc2FnZV9nZXRfZmxhZ3Moc291cE1lc3NhZ2UpOwogCiAgICAgR1Rs c0NlcnRpZmljYXRlKiBjZXJ0aWZpY2F0ZSA9IDA7Ci0gICAgc291cF9tZXNzYWdlX2dldF9odHRw c19zdGF0dXMoc291cE1lc3NhZ2UsICZjZXJ0aWZpY2F0ZSwgJm1fdGxzRXJyb3JzKTsKKyAgICBH VGxzQ2VydGlmaWNhdGVGbGFncyB0bHNGbGFncyA9IHN0YXRpY19jYXN0PEdUbHNDZXJ0aWZpY2F0 ZUZsYWdzPigwKTsKKyAgICBzb3VwX21lc3NhZ2VfZ2V0X2h0dHBzX3N0YXR1cyhzb3VwTWVzc2Fn ZSwgJmNlcnRpZmljYXRlLCAmdGxzRmxhZ3MpOworICAgIC8vIFBlcnNpc3QgdGxzIGVycm9ycyBm b3IgdGhpcyBzZXNzaW9uLCBub3QganVzdCBhIHNpbmdsZSB1cGRhdGUuCisgICAgbV90bHNFcnJv cnMgPSBzdGF0aWNfY2FzdDxHVGxzQ2VydGlmaWNhdGVGbGFncz4obV90bHNFcnJvcnMgfCB0bHNG bGFncyk7CiAgICAgbV9jZXJ0aWZpY2F0ZSA9IGNlcnRpZmljYXRlOwogCiAgICAgdXBkYXRlRnJv bVNvdXBNZXNzYWdlSGVhZGVycyhzb3VwTWVzc2FnZS0+cmVzcG9uc2VfaGVhZGVycyk7Cg== 230480 2014-04-30 09:00:28 -0700 2014-05-07 02:37:31 -0700 Patch bug-121548-20140430165946.patch text/plain 2069 brian.holt U3VidmVyc2lvbiBSZXZpc2lvbjogMTY3OTkzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMzJiZDA1OWFlYTZlNDRi NTc4OGUzMjFmNGJiOTQwZTY2ODNjZjdjZC4uMjIxMzUyMzk3YmMyZTAyYjUwN2MwMzM5YWI5MTli NWU0N2Q4ZGVjZiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDE0LTA0LTMwICBCcmlh biBIb2x0ICA8YnJpYW4uaG9sdEBzYW1zdW5nLmNvbT4KKworICAgICAgICBbU09VUF0gVExTRXJy b3JzIGRvIG5vdCBjYXVzZSBwYWdlIGxvYWQgdG8gZmFpbCB3aGVuIG5vdCBpZ25vcmVkCisgICAg ICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMjE1NDgKKworICAg ICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBXaGVuIGxvYWRpbmcg YSBwYWdlIHdpdGggYW4gaW52YWxpZCBjZXJ0aWZpY2F0ZSwgdGhlIGxvYWQKKyAgICAgICAgc2hv dWxkIGZhaWwgd2hlbiBUTFMgZXJyb3JzIGFyZSBub3QgaWdub3JlZCByZWdhcmRsZXNzIG9mIHdo ZXRoZXIKKyAgICAgICAgdGhlIG5ldyBwYWdlIGlzIGEgcmVkaXJlY3Rpb24uIFRoaXMgc2VjdXJp dHkgaXNzdWUgaXMgcmVzb2x2ZWQgYnkKKyAgICAgICAgcGVyc2lzdGluZyBUTFMgZXJyb3JzIHRo cm91Z2ggc3Vic2VxdWVudCBsb2FkcyB1bnRpbCB0aGUgbG9hZCBmaW5pc2hlcy4KKworICAgICAg ICAqIHBsYXRmb3JtL25ldHdvcmsvc291cC9SZXNvdXJjZVJlc3BvbnNlU291cC5jcHA6CisgICAg ICAgIChXZWJDb3JlOjpSZXNvdXJjZVJlc3BvbnNlOjp1cGRhdGVGcm9tU291cE1lc3NhZ2UpOgor CiAyMDE0LTA0LTMwICBNYW51ZWwgUmVnbyBDYXNhc25vdmFzICA8cmVnb0BpZ2FsaWEuY29tPgog CiAgICAgICAgIFtDU1MgR3JpZCBMYXlvdXRdIEVuYWJsZSBydW50aW1lIGZlYXR1cmUgYnkgZGVm YXVsdApkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9zb3VwL1Jl c291cmNlUmVzcG9uc2VTb3VwLmNwcCBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsv c291cC9SZXNvdXJjZVJlc3BvbnNlU291cC5jcHAKaW5kZXggNTU3ZDRkYjdiN2JkYzkyNDA5MjJm NTk4NTk2MjFhZThmOWNhZjRjZS4uNTZhOTY0N2ZjMzYzODkxMWFiYWZmOWQzNzI1N2NjYTczN2Iz Mjc0YiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9zb3VwL1Jl c291cmNlUmVzcG9uc2VTb3VwLmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3 b3JrL3NvdXAvUmVzb3VyY2VSZXNwb25zZVNvdXAuY3BwCkBAIC02Nyw3ICs2NywxMCBAQCB2b2lk IFJlc291cmNlUmVzcG9uc2U6OnVwZGF0ZUZyb21Tb3VwTWVzc2FnZShTb3VwTWVzc2FnZSogc291 cE1lc3NhZ2UpCiAgICAgbV9zb3VwRmxhZ3MgPSBzb3VwX21lc3NhZ2VfZ2V0X2ZsYWdzKHNvdXBN ZXNzYWdlKTsKIAogICAgIEdUbHNDZXJ0aWZpY2F0ZSogY2VydGlmaWNhdGUgPSAwOwotICAgIHNv dXBfbWVzc2FnZV9nZXRfaHR0cHNfc3RhdHVzKHNvdXBNZXNzYWdlLCAmY2VydGlmaWNhdGUsICZt X3Rsc0Vycm9ycyk7CisgICAgR1Rsc0NlcnRpZmljYXRlRmxhZ3MgdGxzRXJyb3JzID0gc3RhdGlj X2Nhc3Q8R1Rsc0NlcnRpZmljYXRlRmxhZ3M+KDApOworICAgIHNvdXBfbWVzc2FnZV9nZXRfaHR0 cHNfc3RhdHVzKHNvdXBNZXNzYWdlLCAmY2VydGlmaWNhdGUsICZ0bHNFcnJvcnMpOworICAgIC8v IFBlcnNpc3QgdGxzIGVycm9ycyBmb3IgdGhpcyBzZXNzaW9uLCBub3QganVzdCBhIHNpbmdsZSB1 cGRhdGUuCisgICAgbV90bHNFcnJvcnMgPSBzdGF0aWNfY2FzdDxHVGxzQ2VydGlmaWNhdGVGbGFn cz4obV90bHNFcnJvcnMgfCB0bHNFcnJvcnMpOwogICAgIG1fY2VydGlmaWNhdGUgPSBjZXJ0aWZp Y2F0ZTsKIAogICAgIHVwZGF0ZUZyb21Tb3VwTWVzc2FnZUhlYWRlcnMoc291cE1lc3NhZ2UtPnJl c3BvbnNlX2hlYWRlcnMpOwo= 230752 2014-05-03 04:33:41 -0700 2014-05-07 02:37:31 -0700 Alternative patch wk-soup-tls-redirect.diff text/plain 2693 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCA3ZGY3NDEzLi5kYmNjZTAzIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29y ZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDUgKzEsMjEg QEAKIDIwMTQtMDUtMDMgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBpZ2FsaWEuY29t PgogCisgICAgICAgIFtTT1VQXSBUTFNFcnJvcnMgZG8gbm90IGNhdXNlIHBhZ2UgbG9hZCB0byBm YWlsIHdoZW4gbm90IGlnbm9yZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTEyMTU0OAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEp LgorCisgICAgICAgIFRoaXMgb25seSBoYXBwZW5zIGluIGNhc2Ugb2YgcmVkaXJlY3Rpb24sIHdo ZW4gdGhlIGluaXRpYWwgVVJMIGlzCisgICAgICAgIGFuIEhUVFBTIHNpdGUgd2l0aCBhbiBpbnZh bGlkIGNlcnRpZmljYXRlLCB0aGF0IHJlZGlyZWN0cyB0bworICAgICAgICBhbm90aGVyIGxvY2F0 aW9uLiBXZSBhcmUgc3RhcnRpbmcgdGhlIHJlZGlyZWN0aW9uIHdpdGhvdXQgY2hlY2tpbmcKKyAg ICAgICAgdGhlIFRMUyBlcnJvcnMuCisKKyAgICAgICAgKiBwbGF0Zm9ybS9uZXR3b3JrL3NvdXAv UmVzb3VyY2VIYW5kbGVTb3VwLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OnNlbmRSZXF1ZXN0Q2Fs bGJhY2spOiBDaGVjayBUTFMgZXJyb3JzIGJlZm9yZSBzdGFydGluZyBhCisgICAgICAgIHBvc3Np YmxlIHJlZGlyZWN0aW9uLgorCisyMDE0LTA1LTAzICBDYXJsb3MgR2FyY2lhIENhbXBvcyAgPGNn YXJjaWFAaWdhbGlhLmNvbT4KKwogICAgICAgICBVbnJldmlld2VkLiBGaXggR1RLKyBidWlsZCBh ZnRlciByMTY4MjA5LgogCiAgICAgICAgICogcGxhdGZvcm0vbGV2ZWxkYi9MZXZlbERCRGF0YWJh c2UuY3BwOgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9zb3Vw L1Jlc291cmNlSGFuZGxlU291cC5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3Jr L3NvdXAvUmVzb3VyY2VIYW5kbGVTb3VwLmNwcAppbmRleCBlZmRmZmVhLi5lMzU1ZDk3IDEwMDY0 NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5k bGVTb3VwLmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVz b3VyY2VIYW5kbGVTb3VwLmNwcApAQCAtNjgxLDEzICs2ODEsNiBAQCBzdGF0aWMgdm9pZCBzZW5k UmVxdWVzdENhbGxiYWNrKEdPYmplY3QqLCBHQXN5bmNSZXN1bHQqIHJlc3VsdCwgZ3BvaW50ZXIg ZGF0YSkKICAgICB9CiAKICAgICBpZiAoc291cE1lc3NhZ2UpIHsKLSAgICAgICAgaWYgKFNPVVBf U1RBVFVTX0lTX1JFRElSRUNUSU9OKHNvdXBNZXNzYWdlLT5zdGF0dXNfY29kZSkgJiYgc2hvdWxk UmVkaXJlY3QoaGFuZGxlLmdldCgpKSkgewotICAgICAgICAgICAgZC0+bV9pbnB1dFN0cmVhbSA9 IGlucHV0U3RyZWFtOwotICAgICAgICAgICAgZ19pbnB1dF9zdHJlYW1fc2tpcF9hc3luYyhkLT5t X2lucHV0U3RyZWFtLmdldCgpLCBnRGVmYXVsdFJlYWRCdWZmZXJTaXplLCBHX1BSSU9SSVRZX0RF RkFVTFQsCi0gICAgICAgICAgICAgICAgZC0+bV9jYW5jZWxsYWJsZS5nZXQoKSwgcmVkaXJlY3RT a2lwQ2FsbGJhY2ssIGhhbmRsZS5nZXQoKSk7Ci0gICAgICAgICAgICByZXR1cm47Ci0gICAgICAg IH0KLQogICAgICAgICBpZiAoaGFuZGxlLT5zaG91bGRDb250ZW50U25pZmYoKSAmJiBzb3VwTWVz c2FnZS0+c3RhdHVzX2NvZGUgIT0gU09VUF9TVEFUVVNfTk9UX01PRElGSUVEKSB7CiAgICAgICAg ICAgICBjb25zdCBjaGFyKiBzbmlmZmVkVHlwZSA9IHNvdXBfcmVxdWVzdF9nZXRfY29udGVudF90 eXBlKGQtPm1fc291cFJlcXVlc3QuZ2V0KCkpOwogICAgICAgICAgICAgZC0+bV9yZXNwb25zZS5z ZXRTbmlmZmVkQ29udGVudFR5cGUoc25pZmZlZFR5cGUpOwpAQCAtNjk5LDYgKzY5MiwxMiBAQCBz dGF0aWMgdm9pZCBzZW5kUmVxdWVzdENhbGxiYWNrKEdPYmplY3QqLCBHQXN5bmNSZXN1bHQqIHJl c3VsdCwgZ3BvaW50ZXIgZGF0YSkKICAgICAgICAgICAgIHJldHVybjsKICAgICAgICAgfQogCisg ICAgICAgIGlmIChTT1VQX1NUQVRVU19JU19SRURJUkVDVElPTihzb3VwTWVzc2FnZS0+c3RhdHVz X2NvZGUpICYmIHNob3VsZFJlZGlyZWN0KGhhbmRsZS5nZXQoKSkpIHsKKyAgICAgICAgICAgIGQt Pm1faW5wdXRTdHJlYW0gPSBpbnB1dFN0cmVhbTsKKyAgICAgICAgICAgIGdfaW5wdXRfc3RyZWFt X3NraXBfYXN5bmMoZC0+bV9pbnB1dFN0cmVhbS5nZXQoKSwgZ0RlZmF1bHRSZWFkQnVmZmVyU2l6 ZSwgR19QUklPUklUWV9ERUZBVUxULAorICAgICAgICAgICAgICAgIGQtPm1fY2FuY2VsbGFibGUu Z2V0KCksIHJlZGlyZWN0U2tpcENhbGxiYWNrLCBoYW5kbGUuZ2V0KCkpOworICAgICAgICAgICAg cmV0dXJuOworICAgICAgICB9CiAgICAgfSBlbHNlIHsKICAgICAgICAgZC0+bV9yZXNwb25zZS5z ZXRVUkwoaGFuZGxlLT5maXJzdFJlcXVlc3QoKS51cmwoKSk7CiAgICAgICAgIGNvbnN0IGdjaGFy KiBjb250ZW50VHlwZSA9IHNvdXBfcmVxdWVzdF9nZXRfY29udGVudF90eXBlKGQtPm1fc291cFJl cXVlc3QuZ2V0KCkpOwo= 230980 2014-05-07 02:37:31 -0700 2014-05-07 02:50:48 -0700 Updated patch including GTK unit test wk-tls-redirection.diff text/plain 5546 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCA3YjUxNjQyLi5mNGE0MDkzIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29y ZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTkg QEAKKzIwMTQtMDUtMDcgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBpZ2FsaWEuY29t PgorCisgICAgICAgIFtTT1VQXSBUTFNFcnJvcnMgZG8gbm90IGNhdXNlIHBhZ2UgbG9hZCB0byBm YWlsIHdoZW4gbm90IGlnbm9yZWQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTEyMTU0OAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEp LgorCisgICAgICAgIFRoaXMgb25seSBoYXBwZW5zIGluIGNhc2Ugb2YgcmVkaXJlY3Rpb24sIHdo ZW4gdGhlIGluaXRpYWwgVVJMIGlzCisgICAgICAgIGFuIEhUVFBTIHNpdGUgd2l0aCBhbiBpbnZh bGlkIGNlcnRpZmljYXRlLCB0aGF0IHJlZGlyZWN0cyB0bworICAgICAgICBhbm90aGVyIGxvY2F0 aW9uLiBXZSBhcmUgc3RhcnRpbmcgdGhlIHJlZGlyZWN0aW9uIHdpdGhvdXQgY2hlY2tpbmcKKyAg ICAgICAgdGhlIFRMUyBlcnJvcnMuCisKKyAgICAgICAgKiBwbGF0Zm9ybS9uZXR3b3JrL3NvdXAv UmVzb3VyY2VIYW5kbGVTb3VwLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OnNlbmRSZXF1ZXN0Q2Fs bGJhY2spOiBDaGVjayBUTFMgZXJyb3JzIGJlZm9yZSBzdGFydGluZyBhCisgICAgICAgIHBvc3Np YmxlIHJlZGlyZWN0aW9uLgorCiAyMDE0LTA1LTA3ICBQcmF2ZWVuIFIgSmFkaGF2ICA8cHJhdmVl bi5qQHNhbXN1bmcuY29tPgogCiAgICAgICAgIEZpeCBidWlsZCBlcnJvcnMgZm9yIEJsb2JEYXRh SXRlbSBhZnRlciByMTY4MzkxLgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0v bmV0d29yay9zb3VwL1Jlc291cmNlSGFuZGxlU291cC5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0 Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3VwLmNwcAppbmRleCAzMjQwN2UxLi45 MTQxYjcyIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAv UmVzb3VyY2VIYW5kbGVTb3VwLmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3 b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3VwLmNwcApAQCAtNjgwLDEzICs2ODAsNiBAQCBzdGF0 aWMgdm9pZCBzZW5kUmVxdWVzdENhbGxiYWNrKEdPYmplY3QqLCBHQXN5bmNSZXN1bHQqIHJlc3Vs dCwgZ3BvaW50ZXIgZGF0YSkKICAgICB9CiAKICAgICBpZiAoc291cE1lc3NhZ2UpIHsKLSAgICAg ICAgaWYgKFNPVVBfU1RBVFVTX0lTX1JFRElSRUNUSU9OKHNvdXBNZXNzYWdlLT5zdGF0dXNfY29k ZSkgJiYgc2hvdWxkUmVkaXJlY3QoaGFuZGxlLmdldCgpKSkgewotICAgICAgICAgICAgZC0+bV9p bnB1dFN0cmVhbSA9IGlucHV0U3RyZWFtOwotICAgICAgICAgICAgZ19pbnB1dF9zdHJlYW1fc2tp cF9hc3luYyhkLT5tX2lucHV0U3RyZWFtLmdldCgpLCBnRGVmYXVsdFJlYWRCdWZmZXJTaXplLCBH X1BSSU9SSVRZX0RFRkFVTFQsCi0gICAgICAgICAgICAgICAgZC0+bV9jYW5jZWxsYWJsZS5nZXQo KSwgcmVkaXJlY3RTa2lwQ2FsbGJhY2ssIGhhbmRsZS5nZXQoKSk7Ci0gICAgICAgICAgICByZXR1 cm47Ci0gICAgICAgIH0KLQogICAgICAgICBpZiAoaGFuZGxlLT5zaG91bGRDb250ZW50U25pZmYo KSAmJiBzb3VwTWVzc2FnZS0+c3RhdHVzX2NvZGUgIT0gU09VUF9TVEFUVVNfTk9UX01PRElGSUVE KSB7CiAgICAgICAgICAgICBjb25zdCBjaGFyKiBzbmlmZmVkVHlwZSA9IHNvdXBfcmVxdWVzdF9n ZXRfY29udGVudF90eXBlKGQtPm1fc291cFJlcXVlc3QuZ2V0KCkpOwogICAgICAgICAgICAgZC0+ bV9yZXNwb25zZS5zZXRTbmlmZmVkQ29udGVudFR5cGUoc25pZmZlZFR5cGUpOwpAQCAtNjk4LDYg KzY5MSwxMiBAQCBzdGF0aWMgdm9pZCBzZW5kUmVxdWVzdENhbGxiYWNrKEdPYmplY3QqLCBHQXN5 bmNSZXN1bHQqIHJlc3VsdCwgZ3BvaW50ZXIgZGF0YSkKICAgICAgICAgICAgIHJldHVybjsKICAg ICAgICAgfQogCisgICAgICAgIGlmIChTT1VQX1NUQVRVU19JU19SRURJUkVDVElPTihzb3VwTWVz c2FnZS0+c3RhdHVzX2NvZGUpICYmIHNob3VsZFJlZGlyZWN0KGhhbmRsZS5nZXQoKSkpIHsKKyAg ICAgICAgICAgIGQtPm1faW5wdXRTdHJlYW0gPSBpbnB1dFN0cmVhbTsKKyAgICAgICAgICAgIGdf aW5wdXRfc3RyZWFtX3NraXBfYXN5bmMoZC0+bV9pbnB1dFN0cmVhbS5nZXQoKSwgZ0RlZmF1bHRS ZWFkQnVmZmVyU2l6ZSwgR19QUklPUklUWV9ERUZBVUxULAorICAgICAgICAgICAgICAgIGQtPm1f Y2FuY2VsbGFibGUuZ2V0KCksIHJlZGlyZWN0U2tpcENhbGxiYWNrLCBoYW5kbGUuZ2V0KCkpOwor ICAgICAgICAgICAgcmV0dXJuOworICAgICAgICB9CiAgICAgfSBlbHNlIHsKICAgICAgICAgZC0+ bV9yZXNwb25zZS5zZXRVUkwoaGFuZGxlLT5maXJzdFJlcXVlc3QoKS51cmwoKSk7CiAgICAgICAg IGNvbnN0IGdjaGFyKiBjb250ZW50VHlwZSA9IHNvdXBfcmVxdWVzdF9nZXRfY29udGVudF90eXBl KGQtPm1fc291cFJlcXVlc3QuZ2V0KCkpOwpkaWZmIC0tZ2l0IGEvVG9vbHMvQ2hhbmdlTG9nIGIv VG9vbHMvQ2hhbmdlTG9nCmluZGV4IDU3YTI5YWEuLmMyODhmMjYgMTAwNjQ0Ci0tLSBhL1Rvb2xz L0NoYW5nZUxvZworKysgYi9Ub29scy9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxOCBAQAorMjAxNC0w NS0wNyAgQ2FybG9zIEdhcmNpYSBDYW1wb3MgIDxjZ2FyY2lhQGlnYWxpYS5jb20+CisKKyAgICAg ICAgW1NPVVBdIFRMU0Vycm9ycyBkbyBub3QgY2F1c2UgcGFnZSBsb2FkIHRvIGZhaWwgd2hlbiBu b3QgaWdub3JlZAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/ aWQ9MTIxNTQ4CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAg ICAgQWRkIHVuaXQgdGVzdHMgdG8gY2hlY2sgdGhhdCB0aGUgbG9hZCBmYWlscyB3aXRoIFRMUyBl cnJvcnMgaW4KKyAgICAgICAgY2FzZSBvZiBhIHJlZGlyZWN0aW9uLgorCisgICAgICAgICogVGVz dFdlYktpdEFQSS9UZXN0cy9XZWJLaXQyR3RrL1Rlc3RTU0wuY3BwOgorICAgICAgICAodGVzdFRM U0Vycm9yc1JlZGlyZWN0KToKKyAgICAgICAgKGh0dHBzU2VydmVyQ2FsbGJhY2spOgorICAgICAg ICAoYmVmb3JlQWxsKToKKwogMjAxNC0wNS0wNiAgRGF2aWQgS2lsemVyICA8ZGRraWx6ZXJAYXBw bGUuY29tPgogCiAgICAgICAgIEFkZCBNYWtlZmlsZSB0YXJnZXRzIGZvciBjb3B5aW5nIHN0YXRp YyBsaWJyYXJpZXMgKExMVk0gYW5kIFdLU0kpCmRpZmYgLS1naXQgYS9Ub29scy9UZXN0V2ViS2l0 QVBJL1Rlc3RzL1dlYktpdDJHdGsvVGVzdFNTTC5jcHAgYi9Ub29scy9UZXN0V2ViS2l0QVBJL1Rl c3RzL1dlYktpdDJHdGsvVGVzdFNTTC5jcHAKaW5kZXggYzdiYmI3NS4uODI0NmY2MyAxMDA2NDQK LS0tIGEvVG9vbHMvVGVzdFdlYktpdEFQSS9UZXN0cy9XZWJLaXQyR3RrL1Rlc3RTU0wuY3BwCisr KyBiL1Rvb2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMvV2ViS2l0Mkd0ay9UZXN0U1NMLmNwcApAQCAt MTM0LDYgKzEzNCwxNiBAQCBzdGF0aWMgdm9pZCB0ZXN0VExTRXJyb3JzUG9saWN5KFNTTFRlc3Qq IHRlc3QsIGdjb25zdHBvaW50ZXIpCiAgICAgZ19hc3NlcnQoIXRlc3QtPm1fbG9hZEV2ZW50cy5j b250YWlucyhMb2FkVHJhY2tpbmdUZXN0OjpMb2FkQ29tbWl0dGVkKSk7CiB9CiAKK3N0YXRpYyB2 b2lkIHRlc3RUTFNFcnJvcnNSZWRpcmVjdChTU0xUZXN0KiB0ZXN0LCBnY29uc3Rwb2ludGVyKQor eworICAgIHdlYmtpdF93ZWJfY29udGV4dF9zZXRfdGxzX2Vycm9yc19wb2xpY3kod2Via2l0X3dl Yl92aWV3X2dldF9jb250ZXh0KHRlc3QtPm1fd2ViVmlldyksIFdFQktJVF9UTFNfRVJST1JTX1BP TElDWV9GQUlMKTsKKyAgICB0ZXN0LT5sb2FkVVJJKGtIdHRwc1NlcnZlci0+Z2V0VVJJRm9yUGF0 aCgiL3JlZGlyZWN0IikuZGF0YSgpKTsKKyAgICB0ZXN0LT53YWl0VW50aWxMb2FkRmluaXNoZWQo KTsKKyAgICBnX2Fzc2VydCh0ZXN0LT5tX2xvYWRGYWlsZWQpOworICAgIGdfYXNzZXJ0KHRlc3Qt Pm1fbG9hZEV2ZW50cy5jb250YWlucyhMb2FkVHJhY2tpbmdUZXN0OjpQcm92aXNpb25hbExvYWRG YWlsZWQpKTsKKyAgICBnX2Fzc2VydCghdGVzdC0+bV9sb2FkRXZlbnRzLmNvbnRhaW5zKExvYWRU cmFja2luZ1Rlc3Q6OkxvYWRDb21taXR0ZWQpKTsKK30KKwogY2xhc3MgVExTRXJyb3JzVGVzdDog cHVibGljIFNTTFRlc3QgewogcHVibGljOgogICAgIE1BS0VfR0xJQl9URVNUX0ZJWFRVUkUoVExT RXJyb3JzVGVzdCk7CkBAIC0yMzMsNiArMjQzLDkgQEAgc3RhdGljIHZvaWQgaHR0cHNTZXJ2ZXJD YWxsYmFjayhTb3VwU2VydmVyKiBzZXJ2ZXIsIFNvdXBNZXNzYWdlKiBtZXNzYWdlLCBjb25zdAog ICAgICAgICBzb3VwX21lc3NhZ2Vfc2V0X3N0YXR1cyhtZXNzYWdlLCBTT1VQX1NUQVRVU19PSyk7 CiAgICAgICAgIHNvdXBfbWVzc2FnZV9ib2R5X2FwcGVuZChtZXNzYWdlLT5yZXNwb25zZV9ib2R5 LCBTT1VQX01FTU9SWV9TVEFUSUMsIFRMU1N1Y2Nlc3NIVE1MU3RyaW5nLCBzdHJsZW4oVExTU3Vj Y2Vzc0hUTUxTdHJpbmcpKTsKICAgICAgICAgc291cF9tZXNzYWdlX2JvZHlfY29tcGxldGUobWVz c2FnZS0+cmVzcG9uc2VfYm9keSk7CisgICAgfSBlbHNlIGlmIChnX3N0cl9lcXVhbChwYXRoLCAi L3JlZGlyZWN0IikpIHsKKyAgICAgICAgc291cF9tZXNzYWdlX3NldF9zdGF0dXMobWVzc2FnZSwg U09VUF9TVEFUVVNfTU9WRURfUEVSTUFORU5UTFkpOworICAgICAgICBzb3VwX21lc3NhZ2VfaGVh ZGVyc19hcHBlbmQobWVzc2FnZS0+cmVzcG9uc2VfaGVhZGVycywgIkxvY2F0aW9uIiwga0h0dHBT ZXJ2ZXItPmdldFVSSUZvclBhdGgoIi90ZXN0LWltYWdlIikuZGF0YSgpKTsKICAgICB9IGVsc2UK ICAgICAgICAgc291cF9tZXNzYWdlX3NldF9zdGF0dXMobWVzc2FnZSwgU09VUF9TVEFUVVNfTk9U X0ZPVU5EKTsKIH0KQEAgLTI4MCw2ICsyOTMsNyBAQCB2b2lkIGJlZm9yZUFsbCgpCiAgICAgLy8g YW5kIGV4cGVjdHMgdGhhdCBubyBleGNlcHRpb24gd2lsbCBoYXZlIGJlZW4gYWRkZWQgZm9yIHRo aXMgY2VydGlmaWNhdGUgYW5kIGhvc3QgcGFpciBhcyBpcwogICAgIC8vIGRvbmUgaW4gdGhlIHRs cy1wZXJtaXNzaW9uLXJlcXVlc3QgdGVzdC4KICAgICBTU0xUZXN0OjphZGQoIldlYktpdFdlYlZp ZXciLCAidGxzLWVycm9ycy1wb2xpY3kiLCB0ZXN0VExTRXJyb3JzUG9saWN5KTsKKyAgICBTU0xU ZXN0OjphZGQoIldlYktpdFdlYlZpZXciLCAidGxzLWVycm9ycy1yZWRpcmVjdC10by1odHRwIiwg dGVzdFRMU0Vycm9yc1JlZGlyZWN0KTsKICAgICBUTFNFcnJvcnNUZXN0OjphZGQoIldlYktpdFdl YlZpZXciLCAibG9hZC1mYWlsZWQtd2l0aC10bHMtZXJyb3JzIiwgdGVzdExvYWRGYWlsZWRXaXRo VExTRXJyb3JzKTsKIH0KIAo=