Bug 164234 - [MediaStream] restrict media capture secure connections
Summary: [MediaStream] restrict media capture secure connections
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Media (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Eric Carlson
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2016-10-31 12:16 PDT by Eric Carlson
Modified: 2017-01-12 09:23 PST (History)
7 users (show)

See Also:


Attachments
Proposed patch. (32.47 KB, patch)
2016-10-31 13:03 PDT, Eric Carlson
buildbot: commit-queue-
Details | Formatted Diff | Diff
Archive of layout-test-results from ews103 for mac-yosemite (931.65 KB, application/zip)
2016-10-31 14:08 PDT, Build Bot
no flags Details
Archive of layout-test-results from ews107 for mac-yosemite-wk2 (1.46 MB, application/zip)
2016-10-31 14:12 PDT, Build Bot
no flags Details
Archive of layout-test-results from ews121 for ios-simulator-wk2 (19.15 MB, application/zip)
2016-10-31 16:01 PDT, Build Bot
no flags Details
Archive of layout-test-results from ews113 for mac-yosemite (2.00 MB, application/zip)
2016-10-31 19:10 PDT, Build Bot
no flags Details
Updated patch. (32.46 KB, patch)
2016-11-01 07:52 PDT, Eric Carlson
achristensen: review+
buildbot: commit-queue-
Details | Formatted Diff | Diff
Archive of layout-test-results from ews116 for mac-yosemite (1.73 MB, application/zip)
2016-11-01 11:42 PDT, Build Bot
no flags Details
Archive of layout-test-results from ews101 for mac-yosemite (1.14 MB, application/zip)
2016-11-01 11:56 PDT, Build Bot
no flags Details
Patch for landing. (32.96 KB, patch)
2016-11-01 13:42 PDT, Eric Carlson
no flags Details | Formatted Diff | Diff
Patch for landing. (32.97 KB, patch)
2016-11-01 14:36 PDT, Eric Carlson
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Eric Carlson 2016-10-31 12:16:32 PDT
Restrict media capture to secure connections.
Comment 1 Eric Carlson 2016-10-31 12:35:04 PDT
<rdar://problem/28944906>
Comment 2 Eric Carlson 2016-10-31 13:03:07 PDT
Created attachment 293455 [details]
Proposed patch.
Comment 3 Build Bot 2016-10-31 14:08:46 PDT
Comment on attachment 293455 [details]
Proposed patch.

Attachment 293455 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/2413730

New failing tests:
http/tests/ssl/media-stream/get-user-media-secure-connection.html
http/tests/ssl/media-stream/get-user-media-nested.html
http/tests/ssl/media-stream/get-user-media-different-host.html
Comment 4 Build Bot 2016-10-31 14:08:49 PDT
Created attachment 293463 [details]
Archive of layout-test-results from ews103 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews103  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 5 Build Bot 2016-10-31 14:12:11 PDT
Comment on attachment 293455 [details]
Proposed patch.

Attachment 293455 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.webkit.org/results/2413760

New failing tests:
svg/wicd/test-rightsizing-b.xhtml
http/tests/ssl/media-stream/get-user-media-nested.html
Comment 6 Build Bot 2016-10-31 14:12:15 PDT
Created attachment 293465 [details]
Archive of layout-test-results from ews107 for mac-yosemite-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews107  Port: mac-yosemite-wk2  Platform: Mac OS X 10.10.5
Comment 7 Build Bot 2016-10-31 16:01:39 PDT
Comment on attachment 293455 [details]
Proposed patch.

Attachment 293455 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: http://webkit-queues.webkit.org/results/2414975

New failing tests:
http/tests/ssl/media-stream/get-user-media-nested.html
Comment 8 Build Bot 2016-10-31 16:01:43 PDT
Created attachment 293480 [details]
Archive of layout-test-results from ews121 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews121  Port: ios-simulator-wk2  Platform: Mac OS X 10.11.6
Comment 9 Build Bot 2016-10-31 19:10:46 PDT
Comment on attachment 293455 [details]
Proposed patch.

Attachment 293455 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/2417973

New failing tests:
http/tests/ssl/media-stream/get-user-media-secure-connection.html
http/tests/ssl/media-stream/get-user-media-nested.html
http/tests/ssl/media-stream/get-user-media-different-host.html
Comment 10 Build Bot 2016-10-31 19:10:51 PDT
Created attachment 293514 [details]
Archive of layout-test-results from ews113 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews113  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 11 Eric Carlson 2016-11-01 07:52:16 PDT
Created attachment 293552 [details]
Updated patch.
Comment 12 Alex Christensen 2016-11-01 10:53:01 PDT
Comment on attachment 293552 [details]
Updated patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=293552&action=review

> Source/WebCore/Modules/mediastream/UserMediaRequest.cpp:109
> +    if (!documentLoader.response().certificateInfo() || documentLoader.response().certificateInfo()->containsNonRootSHA1SignedCertificate())

I find a few other places where we do this check.  We ought to give this check a better name.  Also, I wonder why a root SHA1 signed certificate is ok, but not a non-root.
Comment 13 Build Bot 2016-11-01 11:42:15 PDT
Comment on attachment 293552 [details]
Updated patch.

Attachment 293552 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/2444868

New failing tests:
http/tests/ssl/media-stream/get-user-media-secure-connection.html
http/tests/ssl/media-stream/get-user-media-nested.html
http/tests/ssl/media-stream/get-user-media-different-host.html
Comment 14 Build Bot 2016-11-01 11:42:18 PDT
Created attachment 293559 [details]
Archive of layout-test-results from ews116 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews116  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 15 Build Bot 2016-11-01 11:56:14 PDT
Comment on attachment 293552 [details]
Updated patch.

Attachment 293552 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/2444963

New failing tests:
http/tests/ssl/media-stream/get-user-media-secure-connection.html
http/tests/ssl/media-stream/get-user-media-nested.html
http/tests/ssl/media-stream/get-user-media-different-host.html
Comment 16 Build Bot 2016-11-01 11:56:18 PDT
Created attachment 293562 [details]
Archive of layout-test-results from ews101 for mac-yosemite

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews101  Port: mac-yosemite  Platform: Mac OS X 10.10.5
Comment 17 Eric Carlson 2016-11-01 13:42:10 PDT
Created attachment 293584 [details]
Patch for landing.
Comment 18 Eric Carlson 2016-11-01 14:36:59 PDT
Created attachment 293597 [details]
Patch for landing.
Comment 19 WebKit Commit Bot 2016-11-01 15:03:20 PDT
Comment on attachment 293597 [details]
Patch for landing.

Clearing flags on attachment: 293597

Committed r208249: <http://trac.webkit.org/changeset/208249>