Bug 159176 (CVE-2016-4763) - WKWebView should ask WKNavigationDelegate about bad ssl certificates
Summary: WKWebView should ask WKNavigationDelegate about bad ssl certificates
Status: RESOLVED FIXED
Alias: CVE-2016-4763
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alex Christensen
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-27 15:44 PDT by Alex Christensen
Modified: 2017-10-11 10:28 PDT (History)
2 users (show)

See Also:

Attachments
Patch (4.68 KB, patch)
2016-06-27 17:17 PDT, Alex Christensen 		no flags Details | Formatted Diff | Diff
Patch (4.58 KB, patch)
2016-06-27 23:36 PDT, Alex Christensen 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Christensen 2016-06-27 15:44:13 PDT 
WKWebView should ask WKNavigationDelegate about bad ssl certificates
Comment 1 Alex Christensen 2016-06-27 17:17:11 PDT 
Created attachment 282189 [details]
Patch
Comment 2 Alex Christensen 2016-06-27 23:36:33 PDT 
Created attachment 282215 [details]
Patch
Comment 3 Brady Eidson 2016-06-28 12:02:14 PDT 
Comment on attachment 282215 [details]
Patch

We should explore why internal clients do something different, and really understand why/if there needs to be a difference at all.
Comment 4 Alex Christensen 2016-06-28 13:13:35 PDT 
MobileSafari and Mac Safari both use _setCanHandleHTTPSServerTrustEvaluation, which means they do not use didReceiveChallenge for server trust authentication.  We should definitely get rid of that SPI, but not right now.
Comment 5 Alex Christensen 2016-06-28 16:11:25 PDT 
Comment on attachment 282215 [details]
Patch

Re-asking for review, even though Brady r-ed the original patch, because of additional information about Safari and MobileSafari.
Comment 6 WebKit Commit Bot 2016-06-29 12:19:47 PDT 
Comment on attachment 282215 [details]
Patch

Clearing flags on attachment: 282215

Committed r202640: <http://trac.webkit.org/changeset/202640>
Comment 7 WebKit Commit Bot 2016-06-29 12:19:50 PDT 
All reviewed patches have been landed.  Closing bug.