Add client certificate handling.
Created attachment 218050 [details] proposed patch
Created attachment 218867 [details] proposed patch update and ping for review.
Comment on attachment 218867 [details] proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=218867&action=review > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:129 > + addAllowedClientCertificate(host.lower(), certificate, key); We should move the .lower() call into the addAllowedClientCertificate method. > Source/WebCore/platform/network/curl/SSLHandle.cpp:60 > + HashMap<String, clientCertificate>::iterator it = allowedClientHosts.find(host); Shouldn't the host be in lowercase? When you add items into the allowedClientHosts the host is in lowercase (see setClientCertificateInfo method).
Created attachment 219063 [details] proposed patch v2
Thanks for the reply! (In reply to comment #3) > (From update of attachment 218867 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=218867&action=review > > > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:129 > > + addAllowedClientCertificate(host.lower(), certificate, key); > > We should move the .lower() call into the addAllowedClientCertificate method. > > > Source/WebCore/platform/network/curl/SSLHandle.cpp:60 > > + HashMap<String, clientCertificate>::iterator it = allowedClientHosts.find(host); > > Shouldn't the host be in lowercase? When you add items into the allowedClientHosts the host is in lowercase (see setClientCertificateInfo method). Yes, these modifications ensure the expected behavior. I fixed these in the newest patch.
Comment on attachment 219063 [details] proposed patch v2 View in context: https://bugs.webkit.org/attachment.cgi?id=219063&action=review Looks good, but I had a couple of comments before we land this. > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:131 > + LOG(Network, "Invalid client certificate file: %s!\n", certificate.latin1().data()); I think this should be certificate.utf8().data(). > Source/WebCore/platform/network/curl/SSLHandle.cpp:60 > + if (it != allowedClientHosts.end()) { This should probably be an early return for clarity. If it already exists, there's nothing to do.
(In reply to comment #6) Please disregard this comment: > > Source/WebCore/platform/network/curl/ResourceHandleCurl.cpp:131 > > + LOG(Network, "Invalid client certificate file: %s!\n", certificate.latin1().data()); > > I think this should be certificate.utf8().data(). Looking at other code, I think latin1() is probably correct!
Created attachment 221843 [details] proposed patch Thanks for the review. I modified the patch according to it.
Comment on attachment 221843 [details] proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=221843&action=review Thanks for revising! Looks great. > Source/WebCore/platform/network/curl/SSLHandle.cpp:59 > + HashMap<String, clientCertificate>::iterator it = allowedClientHosts.find(host.lower()); In the future, consider using auto. I think this could be a const_iterator, or even better "const auto& it = ..."
Comment on attachment 221843 [details] proposed patch Clearing flags on attachment: 221843 Committed r162530: <http://trac.webkit.org/changeset/162530>
All reviewed patches have been landed. Closing bug.