RESOLVED FIXED135206
[iOS] Client-certificate authentication isn’t working with some certificates 
https://bugs.webkit.org/show_bug.cgi?id=135206
Summary [iOS] Client-certificate authentication isn’t working with some certificates
mitz
Reported 2014-07-23 12:08:02 PDT
Responding to an authentication challenge with an identity-based credential fails when more than one copy of the identity’s private key exists in the keychain.
Attachments
Specify an access group when creating a persistent reference to a key (2.95 KB, patch)
2014-07-23 12:24 PDT, mitz 		andersca: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 2014-07-23 12:11:29 PDT
<rdar://problem/17782623>
mitz
Comment 2 2014-07-23 12:24:01 PDT
Created attachment 235368 [details] Specify an access group when creating a persistent reference to a key
Anders Carlsson
Comment 3 2014-07-23 12:33:22 PDT
Comment on attachment 235368 [details] Specify an access group when creating a persistent reference to a key View in context: https://bugs.webkit.org/attachment.cgi?id=235368&action=review > Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp:637 > + RetainPtr<NSDictionary> query = @{ This doesn't need to be a RetainPtr.
Alexey Proskuryakov
Comment 4 2014-07-23 12:38:10 PDT
Comment on attachment 235368 [details] Specify an access group when creating a persistent reference to a key View in context: https://bugs.webkit.org/attachment.cgi?id=235368&action=review > Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp:632 > +static CFDataRef copyPersistentRef(SecKeyRef key) This doesn't seem to be in a PLATFORM(IOS) ifdef, and it should. > Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp:637 > + RetainPtr<NSDictionary> query = @{ I don't see how this RetainPtr can be appropriate here. > Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp:645 > + OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query.get(), &persistentRef); Do we need __bridge in WebKit code? > Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp:652 > + if (CFGetTypeID(persistentRef) != CFDataGetTypeID()) { > + CFRelease(persistentRef); > + return nullptr; > + } Can this happen? Documentation says that kSecReturnPersistentRef always provides a CFDataRef.
mitz
Comment 5 2014-07-23 13:19:19 PDT
Fixed in <http://trac.webkit.org/r171485>.
Note You need to log in before you can comment on or make changes to this bug.