RESOLVED FIXED 185139
[Curl] Make the cipher suites, the signing algorithms and the curve lists configurable. 
https://bugs.webkit.org/show_bug.cgi?id=185139
Summary [Curl] Make the cipher suites, the signing algorithms and the curve lists con...
Basuke Suzuki
Reported 2018-04-30 11:35:49 PDT
Add configuration method to configure those security related settings.
Attachments
PATCH (10.15 KB, patch)
2018-05-03 13:59 PDT, Basuke Suzuki 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews104 for mac-sierra-wk2 (2.91 MB, application/zip)
2018-05-03 15:09 PDT, EWS Watchlist 		no flags
Details
FIX (9.85 KB, patch)
2018-05-10 15:48 PDT, Basuke Suzuki 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Basuke Suzuki
Comment 1 2018-05-03 13:59:19 PDT
Created attachment 339459 [details] PATCH
EWS Watchlist
Comment 2 2018-05-03 15:09:01 PDT
Comment on attachment 339459 [details] PATCH Attachment 339459 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/7555953 New failing tests: fast/mediastream/delayed-permission-allowed.html
EWS Watchlist
Comment 3 2018-05-03 15:09:02 PDT
Created attachment 339474 [details] Archive of layout-test-results from ews104 for mac-sierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews104 Port: mac-sierra-wk2 Platform: Mac OS X 10.12.6
Basuke Suzuki
Comment 4 2018-05-03 15:45:54 PDT
It is impossible to make Mac port broken with this patch unless they secretly use libcurl for their network stack.
youenn fablet
Comment 5 2018-05-10 13:38:22 PDT
Comment on attachment 339459 [details] PATCH View in context: https://bugs.webkit.org/attachment.cgi?id=339459&action=review > Source/WebCore/platform/network/curl/CurlRequest.cpp:209 > + if (!sslHandle.shouldIgnoreSSLErrors()) { maybe if (ssl...) would be more readable than if (!ssl...) > Source/WebCore/platform/network/curl/CurlRequest.cpp:217 > + const auto& cipherList = sslHandle.getCipherList(); Could be written if (const auto& cipherList =...) But maybe you should just check cipherList.isEmpty(). > Source/WebCore/platform/network/curl/CurlRequest.cpp:246 > + m_sslVerifier = std::make_unique<CurlSSLVerifier>(m_curlHandle.get(), m_request.url().host(), sslCtx); Is it fine if m_sslVerifier is non null and will get destroyed? > Source/WebCore/platform/network/curl/CurlSSLHandle.h:53 > + std::optional<String> getCipherList() const I would just return a String here and below. > Source/WebCore/platform/network/curl/CurlSSLHandle.h:70 > + void setCurvesList(const String& curvesList) { m_curvesList = curvesList.isolatedCopy(); } Ideally all these setters would take String&&, ditto for setCACertPath. Is there a need to do isolatedCopy of the strings? > Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp:41 > + auto ctx = static_cast<SSL_CTX*>(sslCtx); auto* maybe
Basuke Suzuki
Comment 6 2018-05-10 15:48:55 PDT
Created attachment 340139 [details] FIX
Basuke Suzuki
Comment 7 2018-05-10 15:49:33 PDT
Okay, I've fixed those points.
WebKit Commit Bot
Comment 8 2018-05-11 01:31:54 PDT
Comment on attachment 340139 [details] FIX Clearing flags on attachment: 340139 Committed r231696: <https://trac.webkit.org/changeset/231696>
WebKit Commit Bot
Comment 9 2018-05-11 01:31:55 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 10 2018-05-11 01:32:36 PDT
<rdar://problem/40157099>
Note You need to log in before you can comment on or make changes to this bug.