Bug 125006

Summary: [curl] Improve detecting and handling of SSL client certificate
Product: WebKit Reporter: sipka
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, galpeter, ossy, peavo
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 117300    
Attachments:
Description Flags
proposed patch
none
proposed patch
none
proposed patch v2
none
proposed patch none

sipka
Reported 2013-11-29 03:09:29 PST
Add client certificate handling.
Attachments
proposed patch (6.58 KB, patch)
2013-11-29 03:13 PST, sipka 		no flags
DetailsFormatted DiffDiff
proposed patch (6.57 KB, patch)
2013-12-10 06:54 PST, sipka 		no flags
DetailsFormatted DiffDiff
proposed patch v2 (6.61 KB, patch)
2013-12-12 02:40 PST, sipka 		no flags
DetailsFormatted DiffDiff
proposed patch (6.57 KB, patch)
2014-01-22 02:22 PST, sipka 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
sipka
Comment 1 2013-11-29 03:13:52 PST
Created attachment 218050 [details] proposed patch
sipka
Comment 2 2013-12-10 06:54:53 PST
Created attachment 218867 [details] proposed patch update and ping for review.
Peter Gal
Comment 3 2013-12-11 11:24:31 PST
Comment on attachment 218867 [details] proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=218867&action=review > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:129 > + addAllowedClientCertificate(host.lower(), certificate, key); We should move the .lower() call into the addAllowedClientCertificate method. > Source/WebCore/platform/network/curl/SSLHandle.cpp:60 > + HashMap<String, clientCertificate>::iterator it = allowedClientHosts.find(host); Shouldn't the host be in lowercase? When you add items into the allowedClientHosts the host is in lowercase (see setClientCertificateInfo method).
sipka
Comment 4 2013-12-12 02:40:20 PST
Created attachment 219063 [details] proposed patch v2
sipka
Comment 5 2013-12-12 02:45:00 PST
Thanks for the reply! (In reply to comment #3) > (From update of attachment 218867 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=218867&action=review > > > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:129 > > + addAllowedClientCertificate(host.lower(), certificate, key); > > We should move the .lower() call into the addAllowedClientCertificate method. > > > Source/WebCore/platform/network/curl/SSLHandle.cpp:60 > > + HashMap<String, clientCertificate>::iterator it = allowedClientHosts.find(host); > > Shouldn't the host be in lowercase? When you add items into the allowedClientHosts the host is in lowercase (see setClientCertificateInfo method). Yes, these modifications ensure the expected behavior. I fixed these in the newest patch.
Brent Fulgham
Comment 6 2014-01-21 11:23:51 PST
Comment on attachment 219063 [details] proposed patch v2 View in context: https://bugs.webkit.org/attachment.cgi?id=219063&action=review Looks good, but I had a couple of comments before we land this. > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:131 > + LOG(Network, "Invalid client certificate file: %s!\n", certificate.latin1().data()); I think this should be certificate.utf8().data(). > Source/WebCore/platform/network/curl/SSLHandle.cpp:60 > + if (it != allowedClientHosts.end()) { This should probably be an early return for clarity. If it already exists, there's nothing to do.
Brent Fulgham
Comment 7 2014-01-21 11:37:30 PST
(In reply to comment #6) Please disregard this comment: > > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:131 > > + LOG(Network, "Invalid client certificate file: %s!\n", certificate.latin1().data()); > > I think this should be certificate.utf8().data(). Looking at other code, I think latin1() is probably correct!
sipka
Comment 8 2014-01-22 02:22:32 PST
Created attachment 221843 [details] proposed patch Thanks for the review. I modified the patch according to it.
Brent Fulgham
Comment 9 2014-01-22 09:47:53 PST
Comment on attachment 221843 [details] proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=221843&action=review Thanks for revising! Looks great. > Source/WebCore/platform/network/curl/SSLHandle.cpp:59 > + HashMap<String, clientCertificate>::iterator it = allowedClientHosts.find(host.lower()); In the future, consider using auto. I think this could be a const_iterator, or even better "const auto& it = ..."
WebKit Commit Bot
Comment 10 2014-01-22 10:15:56 PST
Comment on attachment 221843 [details] proposed patch Clearing flags on attachment: 221843 Committed r162530: <http://trac.webkit.org/changeset/162530>
WebKit Commit Bot
Comment 11 2014-01-22 10:16:00 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.