Bug 164509 - [SOUP] Add support for client side certificates
Summary: [SOUP] Add support for client side certificates
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Michael Catanzaro
URL:
Keywords:
: 180957 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-11-08 02:00 PST by Sergio Villar Senin
Modified: 2019-03-04 07:39 PST (History)
9 users (show)

See Also:


Attachments
Patch (26.32 KB, patch)
2016-11-08 02:01 PST, Sergio Villar Senin
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sergio Villar Senin 2016-11-08 02:00:13 PST
[SOUP] Add support for client side certificates
Comment 1 Sergio Villar Senin 2016-11-08 02:01:21 PST
Created attachment 294149 [details]
Patch
Comment 2 Sergio Villar Senin 2016-11-08 02:09:20 PST
The status of the patch is the following. It successfully intercepts the soup requests for client side certificates and pipes those requests through the wk's general authentication mechanism (in soup ports we were only using it for HTTP authentication).

Then on the UI side it fills the authentication challenge with a fixed certificate generated for the ssl.geoffk.org testing service. These are the things that should be done on top apart from reviewing the implemented solution:

1- Emit a signal to clients to ask for the certificates
2- Pipe the client password request through the same mechanism
3- Emit a signal to clients to ask for certificate passwords
4- Cache certificates? There is a confusing clientCertificates() in ResourceHandle which in reality are server side certificates
5- Port it to the new NETWORK_SESSION work done by KaL
6- Tests
7- ...
Comment 3 Michael Catanzaro 2018-04-19 19:48:49 PDT
(In reply to Sergio Villar Senin from comment #2)
> 4- Cache certificates? There is a confusing clientCertificates() in
> ResourceHandle which in reality are server side certificates

It's in SoupNetworkSession now, but will need to be renamed, yes.
Comment 4 Adrian Perez 2018-12-01 06:34:41 PST
*** Bug 180957 has been marked as a duplicate of this bug. ***
Comment 5 Michael Catanzaro 2019-03-04 07:39:29 PST
(In reply to Michael Catanzaro from comment #3)
> It's in SoupNetworkSession now, but will need to be renamed, yes.

Done in bug #195247.