RESOLVED FIXED 155132
Regression tests cannot load video over HTTPS with self-signed certificate 
https://bugs.webkit.org/show_bug.cgi?id=155132
Summary Regression tests cannot load video over HTTPS with self-signed certificate
Daniel Bates
Reported 2016-03-07 13:51:47 PST
The test LayoutTests/http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html, included in the attachment #273068 [details] (bug #154122), fails when run using run-webkit-tests on OS X 10.11.3 (15D19) with the following console output: 3/7/16 1:49:58.938 PM com.apple.WebKit.WebContent.Development[63455]: NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) 3/7/16 1:49:58.940 PM com.apple.WebKit.WebContent.Development[63455]: [13:49:58.940] HTTPRequest figHttpRequestDidFailCallback: Network error: domain=kCFErrorDomainCFNetwork, code=-1202, Error Domain=kCFErrorDomainCFNetwork Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be �127.0.0.1� which could put your confidential information at risk." UserInfo={NSErrorFailingURLStringKey=https://127.0.0.1:8443/media-resources/content/test.mp4, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, kCFStreamPropertySSLPeerCertificates=( "<SecCertificate 0x7fd872b85bc0 [0x7fff7ae80440]>" ), _kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x7fd872b87310 [0x7fff7ae80440]>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be �127.0.0.1� which could put your confidential information at risk., _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://127.0.0.1:8443/media-resources/content/test.mp4, _kCFStreamErrorCodeKey=-9813} for https://127.0.0.1:8443/media-resources/content/test.mp4 Notice that the certificate for https://127.0.0.1:8443 is a self-signed certificate.
Attachments
Patch (1.61 KB, patch)
2020-07-16 11:36 PDT, Hector Lopez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2016-07-08 06:00:22 PDT
The same problem happens for some web-platform-tests tests, for instance imported/w3c/web-platform-tests/fetch/api/cors/cors-basic.html The stderr is: 2016-07-08 14:45:32.887 com.apple.WebKit.Networking.Development[83486:12370795] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) 2016-07-08 14:45:32.907 com.apple.WebKit.Networking.Development[83486:12370795] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) 2016-07-08 14:45:32.911 com.apple.WebKit.Networking.Development[83486:12370795] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) I tried using testRunner.setAllowsAnySSLCertificate. It seems to work only for DRT, not WTR. Is this a known bug? Web-platform-tests server is now always reusing the same certificate, like httpd. Maybe there is a way to register wpt and httpd certificates to DRT and WTR?
Alexey Proskuryakov
Comment 2 2016-07-08 09:42:31 PDT
> It seems to work only for DRT, not WTR. Is this a known bug? Yes. The good news is that it should work on macOS Sierra. The way it works is that in DumpRenderTree, we set a global NSURLConnection setting (via +[NSURLRequest setAllowsAnyHTTPSCertificate:forHost:]), so any loads in the process are affected by it. In WebKitTestRunner, we use a proper delegate based solution, but that means that only network loads performed by WebKit are affected. Media loads used to bypass WebKit.
youenn fablet
Comment 3 2016-08-04 23:34:49 PDT
I hit this bug again as part of bug 160445.
Hector Lopez
Comment 4 2020-07-16 11:36:31 PDT
Created attachment 404471 [details] Patch
Truitt Savell
Comment 5 2020-07-16 11:45:11 PDT
This test http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html is passing on all of Mac according to history: https://results.webkit.org/?suite=layout-tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Fvideo-with-https-url-allowed-by-csp-media-src-star.html We are removing the expectations
EWS
Comment 6 2020-07-16 12:05:00 PDT
Committed r264472: <https://trac.webkit.org/changeset/264472> All reviewed patches have been landed. Closing bug and clearing flags on attachment 404471 [details].
Radar WebKit Bug Importer
Comment 7 2020-07-16 12:05:18 PDT
<rdar://problem/65681397>
Note You need to log in before you can comment on or make changes to this bug.