Summary: | Regression tests cannot load video over HTTPS with self-signed certificate | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Daniel Bates <dbates> | ||||
Component: | Tools / Tests | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | ap, eric.carlson, hector_i_lopez, jer.noble, lforschler, tsavell, webkit-bug-importer, youennf | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | WebKit Local Build | ||||||
Hardware: | All | ||||||
OS: | All | ||||||
Attachments: |
|
Description
Daniel Bates
2016-03-07 13:51:47 PST
The same problem happens for some web-platform-tests tests, for instance imported/w3c/web-platform-tests/fetch/api/cors/cors-basic.html The stderr is: 2016-07-08 14:45:32.887 com.apple.WebKit.Networking.Development[83486:12370795] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) 2016-07-08 14:45:32.907 com.apple.WebKit.Networking.Development[83486:12370795] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) 2016-07-08 14:45:32.911 com.apple.WebKit.Networking.Development[83486:12370795] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) I tried using testRunner.setAllowsAnySSLCertificate. It seems to work only for DRT, not WTR. Is this a known bug? Web-platform-tests server is now always reusing the same certificate, like httpd. Maybe there is a way to register wpt and httpd certificates to DRT and WTR? > It seems to work only for DRT, not WTR. Is this a known bug?
Yes. The good news is that it should work on macOS Sierra.
The way it works is that in DumpRenderTree, we set a global NSURLConnection setting (via +[NSURLRequest setAllowsAnyHTTPSCertificate:forHost:]), so any loads in the process are affected by it. In WebKitTestRunner, we use a proper delegate based solution, but that means that only network loads performed by WebKit are affected. Media loads used to bypass WebKit.
I hit this bug again as part of bug 160445. Created attachment 404471 [details]
Patch
This test http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html is passing on all of Mac according to history: https://results.webkit.org/?suite=layout-tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Fvideo-with-https-url-allowed-by-csp-media-src-star.html We are removing the expectations Committed r264472: <https://trac.webkit.org/changeset/264472> All reviewed patches have been landed. Closing bug and clearing flags on attachment 404471 [details]. |