Bug 162962

Summary:

[SOUP] Ensure NetworkProcess is ready before whitelisting TLS certificates

Product:

WebKit

Reporter:

Emanuele Aina <emanuele.aina>

Component:

WebKit2

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, andersca, cgarcia, fpizlo, ggaren, mcatanzaro, sam, simon.fraser

Priority:

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	achristensen: review+, mcatanzaro: commit-queue-

Emanuele Aina

Reported 2016-10-05 02:09:23 PDT

If the API user tries to whitelist TLS certificates before any web view has been created, the action will be ignored because the NetworkProcess hasn't been fired up yet. For example, the snippet below using the GTK+ API does not work, unless the whitelisting is moved after the web view creation: webkit_web_context_allow_tls_certificate_for_host(webkit_web_context_get_default(), crt, host); webView = webkit_web_view_new();

Attachments
Patch (2.27 KB, patch) 2016-10-05 02:11 PDT, Emanuele Aina	achristensen: review+ mcatanzaro: commit-queue-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Emanuele Aina

Comment 1 2016-10-05 02:11:28 PDT

Created attachment 290698 [details] Patch

Alex Christensen

Comment 2 2016-10-05 08:42:51 PDT

I'm not opposed to this change, but long-term we're hoping to get rid of it. See discussion in https://bugs.webkit.org/show_bug.cgi?id=162910 Is it still wanted?

Emanuele Aina

Comment 3 2016-10-05 15:59:45 PDT

I just stumbled on this unexpected behaviour where the whitelisting silently failed, I'll leave any other consideration to Michael and Carlos. :)

Alex Christensen

Comment 4 2016-10-05 16:01:05 PDT

Comment on attachment 290698 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=290698&action=review r=me, but hopefully we'll remove this whole feature soon. You can decide if you want to land it. > w/Source/WebKit2/UIProcess/WebProcessPool.cpp:1149 > + ASSERT(m_networkProcess); not necessary

Michael Catanzaro

Comment 5 2016-10-05 16:38:39 PDT

We can't remove the feature, it's part of our API and we intend to support it indefinitely. What we can do is reimplement the feature at the GTK API layer using whatever UI process callbacks get added, then it can be removed from the cross-platform WebKit2 code.

Michael Catanzaro

Comment 6 2016-10-05 16:46:36 PDT

Comment on attachment 290698 [details] Patch Indeed, the ASSERT is not helpful here. This looks easy to test, so if you don't want to risk it breaking in the next refactoring, it would be nice if you could try to add a test for it in TestSSL.cpp. The only trick is that you can't use the nice SSLTest class since that doesn't give you the ability to use the WebKitWebContext before the WebKitWebView is created; you'd have to roll your own that inherits from Test rather than LoadTrackingTest/WebViewTest.

Michael Catanzaro

Comment 7 2016-11-19 17:07:15 PST

Emanuele, I think you should commit this (without the ASSERT) even if you don't have time to write a test.

Michael Catanzaro

Comment 8 2016-12-23 09:11:26 PST

Did this get forgotten?

Michael Catanzaro

Comment 9 2016-12-27 09:57:50 PST

Let's land this.

Michael Catanzaro

Comment 10 2016-12-27 09:58:08 PST

Committed r210180: <http://trac.webkit.org/changeset/210180>

Emanuele Aina

Comment 11 2017-02-02 03:30:25 PST

I tried to come up with a test, but then I failed to find the time to finish it. Thank you for taking care of the patch!

Note You need to log in before you can comment on or make changes to this bug.