Bug 232971

Summary: [Curl] Security information sometimes do not appear in inspector network tab
Product: WebKit Reporter: Takashi Komori <takashi.komori>
Component: PlatformAssignee: Takashi Komori <takashi.komori>
Status: RESOLVED FIXED    
Severity: Normal CC: basuke, chris.reid, don.olmstead, ews-watchlist, galpeter, Hironori.Fujii, ross.kirsling, stephan.szabo, takashi.komori, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Takashi Komori
Reported 2021-11-10 16:43:09 PST
On Curl port, security information sometimes do not appear in inspector network tab. This is because CurlSSLVerifier could be empty when using HTTP/2 connection. In this ticket, we will fix this issue.
Attachments
Patch (8.30 KB, patch)
2021-11-10 17:30 PST, Takashi Komori 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Takashi Komori
Comment 1 2021-11-10 17:30:40 PST
Created attachment 443882 [details] Patch
Fujii Hironori
Comment 2 2021-11-10 22:42:14 PST
Comment on attachment 443882 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=443882&action=review > Source/WebCore/platform/network/curl/CurlContext.cpp:916 > + return m_sslVerifier->certificateInfo(); Do we still need this code path? If we can get the cert info from SSL*, why do we need to get the cert info from m_sslVerifier?
Takashi Komori
Comment 3 2021-11-15 01:55:54 PST
(In reply to Fujii Hironori from comment #2) > Comment on attachment 443882 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=443882&action=review > > > Source/WebCore/platform/network/curl/CurlContext.cpp:916 > > + return m_sslVerifier->certificateInfo(); > > Do we still need this code path? If we can get the cert info from SSL*, why > do we need to get the cert info from m_sslVerifier? We can get SSL* by calling curl_easy_getinfo with CURLINFO_TLS_SSL_PTR, but it works only while the connection is not terminated. When curl connects a bad cert server, didCompleteTransfer is called and the connection terminates. Therefore, we can't remove the routine gets certificate information from CurlSSLVerifier. https://curl.se/libcurl/c/CURLINFO_TLS_SSL_PTR.html >If the internals pointer is NULL then either the SSL backend is not supported, an SSL session has not yet been established or the connection is no longer associated with the easy handle (eg curl_easy_perform has returned).
EWS
Comment 4 2021-11-15 14:44:20 PST
Committed r285838 (244270@main): <https://commits.webkit.org/244270@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 443882 [details].
Radar WebKit Bug Importer
Comment 5 2021-11-15 14:59:35 PST
<rdar://problem/85430487>
Note You need to log in before you can comment on or make changes to this bug.