Bug 232971

Summary: [Curl] Security information sometimes do not appear in inspector network tab
Product: WebKit Reporter: Takashi Komori <takashi.komori>
Component: PlatformAssignee: Takashi Komori <takashi.komori>
Status: RESOLVED FIXED    
Severity: Normal CC: Basuke.Suzuki, chris.reid, don.olmstead, ews-watchlist, galpeter, Hironori.Fujii, ross.kirsling, stephan.szabo, takashi.komori, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Takashi Komori 2021-11-10 16:43:09 PST
On Curl port, security information sometimes do not appear in inspector network tab.
This is because CurlSSLVerifier could be empty when using HTTP/2 connection.

In this ticket, we will fix this issue.
Comment 1 Takashi Komori 2021-11-10 17:30:40 PST
Created attachment 443882 [details]
Patch
Comment 2 Fujii Hironori 2021-11-10 22:42:14 PST
Comment on attachment 443882 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=443882&action=review

> Source/WebCore/platform/network/curl/CurlContext.cpp:916
> +        return m_sslVerifier->certificateInfo();

Do we still need this code path? If we can get the cert info from SSL*, why do we need to get the cert info from m_sslVerifier?
Comment 3 Takashi Komori 2021-11-15 01:55:54 PST
(In reply to Fujii Hironori from comment #2)
> Comment on attachment 443882 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=443882&action=review
> 
> > Source/WebCore/platform/network/curl/CurlContext.cpp:916
> > +        return m_sslVerifier->certificateInfo();
> 
> Do we still need this code path? If we can get the cert info from SSL*, why
> do we need to get the cert info from m_sslVerifier?

We can get SSL* by calling curl_easy_getinfo with CURLINFO_TLS_SSL_PTR, but it works only while the connection is not terminated.
When curl connects a bad cert server, didCompleteTransfer is called and the connection terminates.
Therefore, we can't remove the routine gets certificate information from CurlSSLVerifier.

https://curl.se/libcurl/c/CURLINFO_TLS_SSL_PTR.html
>If the internals pointer is NULL then either the SSL backend is not supported, an SSL session has not yet been established or the connection is no longer associated with the easy handle (eg curl_easy_perform has returned).
Comment 4 EWS 2021-11-15 14:44:20 PST
Committed r285838 (244270@main): <https://commits.webkit.org/244270@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 443882 [details].
Comment 5 Radar WebKit Bug Importer 2021-11-15 14:59:35 PST
<rdar://problem/85430487>