Summary: | [curl] Improve detecting and handling of SSL client certificate | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | sipka | ||||||||||
Component: | WebKit Misc. | Assignee: | Nobody <webkit-unassigned> | ||||||||||
Status: | RESOLVED FIXED | ||||||||||||
Severity: | Normal | CC: | bfulgham, commit-queue, galpeter, ossy, peavo | ||||||||||
Priority: | P2 | ||||||||||||
Version: | 528+ (Nightly build) | ||||||||||||
Hardware: | Unspecified | ||||||||||||
OS: | Unspecified | ||||||||||||
Bug Depends on: | |||||||||||||
Bug Blocks: | 117300 | ||||||||||||
Attachments: |
|
Description
sipka
2013-11-29 03:09:29 PST
Created attachment 218050 [details]
proposed patch
Created attachment 218867 [details]
proposed patch
update and ping for review.
Comment on attachment 218867 [details] proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=218867&action=review > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:129 > + addAllowedClientCertificate(host.lower(), certificate, key); We should move the .lower() call into the addAllowedClientCertificate method. > Source/WebCore/platform/network/curl/SSLHandle.cpp:60 > + HashMap<String, clientCertificate>::iterator it = allowedClientHosts.find(host); Shouldn't the host be in lowercase? When you add items into the allowedClientHosts the host is in lowercase (see setClientCertificateInfo method). Created attachment 219063 [details]
proposed patch v2
Thanks for the reply! (In reply to comment #3) > (From update of attachment 218867 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=218867&action=review > > > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:129 > > + addAllowedClientCertificate(host.lower(), certificate, key); > > We should move the .lower() call into the addAllowedClientCertificate method. > > > Source/WebCore/platform/network/curl/SSLHandle.cpp:60 > > + HashMap<String, clientCertificate>::iterator it = allowedClientHosts.find(host); > > Shouldn't the host be in lowercase? When you add items into the allowedClientHosts the host is in lowercase (see setClientCertificateInfo method). Yes, these modifications ensure the expected behavior. I fixed these in the newest patch. Comment on attachment 219063 [details] proposed patch v2 View in context: https://bugs.webkit.org/attachment.cgi?id=219063&action=review Looks good, but I had a couple of comments before we land this. > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:131 > + LOG(Network, "Invalid client certificate file: %s!\n", certificate.latin1().data()); I think this should be certificate.utf8().data(). > Source/WebCore/platform/network/curl/SSLHandle.cpp:60 > + if (it != allowedClientHosts.end()) { This should probably be an early return for clarity. If it already exists, there's nothing to do. (In reply to comment #6) Please disregard this comment: > > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:131 > > + LOG(Network, "Invalid client certificate file: %s!\n", certificate.latin1().data()); > > I think this should be certificate.utf8().data(). Looking at other code, I think latin1() is probably correct! Created attachment 221843 [details]
proposed patch
Thanks for the review. I modified the patch according to it.
Comment on attachment 221843 [details] proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=221843&action=review Thanks for revising! Looks great. > Source/WebCore/platform/network/curl/SSLHandle.cpp:59 > + HashMap<String, clientCertificate>::iterator it = allowedClientHosts.find(host.lower()); In the future, consider using auto. I think this could be a const_iterator, or even better "const auto& it = ..." Comment on attachment 221843 [details] proposed patch Clearing flags on attachment: 221843 Committed r162530: <http://trac.webkit.org/changeset/162530> All reviewed patches have been landed. Closing bug. |