RESOLVED FIXED 193355
Adopt new SPI to evaluate server certificate trust 
https://bugs.webkit.org/show_bug.cgi?id=193355
Summary Adopt new SPI to evaluate server certificate trust
youenn fablet
Reported 2019-01-11 11:36:56 PST
Adopt new SPI to evaluate server certificate trust
Attachments
Patch (13.03 KB, patch)
2019-01-11 11:39 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (25.54 KB, patch)
2019-01-28 15:23 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (26.39 KB, patch)
2019-01-29 11:14 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (26.62 KB, patch)
2019-01-29 13:56 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (26.45 KB, patch)
2019-01-29 14:54 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2019-01-11 11:39:38 PST
Created attachment 358919 [details] Patch
youenn fablet
Comment 2 2019-01-11 11:48:05 PST
<rdar://problem/30641705>
Alex Christensen
Comment 3 2019-01-14 10:50:25 PST
Comment on attachment 358919 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=358919&action=review > Source/WebKit/ChangeLog:9 > + If ssuccessful, let loading proceed as usual. successful > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:557 > + if (!canNSURLSessionTrustEvaluate()) > + return completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil); On platforms that don't have the SPI we will need to keep existing behavior. > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:585 > + auto completionHandlerCopy = Block_copy(completionHandler); Let's use BlockPtr instead of Block_copy/Block_release > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:1028 > +void NetworkSessionCocoa::continueDidReceiveChallenge(const WebCore::AuthenticationChallenge& challenge, NetworkDataTaskCocoa::TaskIdentifier taskIdentifier, NetworkDataTaskCocoa* networkDataTask, WTF::CompletionHandler<void(WebKit::AuthenticationChallengeDisposition, const WebCore::Credential&)>&& completionHandler) WTF:: is unnecessary.
youenn fablet
Comment 4 2019-01-28 15:23:07 PST
Created attachment 360386 [details] Patch
EWS Watchlist
Comment 5 2019-01-28 15:25:41 PST
Attachment 360386 [details] did not pass style-queue: ERROR: Tools/WebKitTestRunner/InjectedBundle/TestRunner.h:484: The parameter name "canHandle" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 1 in 14 files If any of these errors are false positives, please file a bug against check-webkit-style.
Alex Christensen
Comment 6 2019-01-28 17:22:33 PST
Comment on attachment 360386 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360386&action=review > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:56 > +@interface NSURLSession () This should be in CFNetworkSPI.h. We should add a HAVE_STRICT_TRUST_EVALUATE in Platform.h with proper OS version checks. > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:554 > + if (canNSURLSessionTrustEvaluate()) { This needs an else which does the exact same thing as the current existing behavior. That should also be used on OSes where _strictTrustEvaluate is not available. > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:564 > + _session->continueDidReceiveChallenge(challenge, taskIdentifier, networkDataTask.get(), [completionHandler = WTFMove(completionHandler), secTrust = WTFMove(secTrust)] (WebKit::AuthenticationChallengeDisposition disposition, const WebCore::Credential& credential) mutable { This is a lot of code. It should be put in a subroutine which takes a completion handler with a BOOL-like result (whether it was determined to be a good server or not).
youenn fablet
Comment 7 2019-01-28 18:17:40 PST
Comment on attachment 360386 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360386&action=review >> Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:56 >> +@interface NSURLSession () > > This should be in CFNetworkSPI.h. We should add a HAVE_STRICT_TRUST_EVALUATE in Platform.h with proper OS version checks. Ok >> Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:554 >> + if (canNSURLSessionTrustEvaluate()) { > > This needs an else which does the exact same thing as the current existing behavior. That should also be used on OSes where _strictTrustEvaluate is not available. There is no need for else since we return at the end of the if. Behavior if strictEvaluate is not there should be preserved.
youenn fablet
Comment 8 2019-01-29 11:14:20 PST
Created attachment 360478 [details] Patch
EWS Watchlist
Comment 9 2019-01-29 11:15:54 PST
Attachment 360478 [details] did not pass style-queue: ERROR: Tools/WebKitTestRunner/InjectedBundle/TestRunner.h:484: The parameter name "canHandle" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 1 in 16 files If any of these errors are false positives, please file a bug against check-webkit-style.
Alex Christensen
Comment 10 2019-01-29 13:17:49 PST
Comment on attachment 360478 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360478&action=review > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:571 > + if (canNSURLSessionTrustEvaluate()) { This needs to be inside the !canHandleHTTPSServerTrustEvaluation case. Otherwise we break API compatibility. > LayoutTests/http/tests/ssl/certificate-validation.html:33 > + const iframe = await with_iframe("https://localhost:8443"); I'm not sure this is a good test. Often we will have a cached connection to localhost:8443
youenn fablet
Comment 11 2019-01-29 13:56:30 PST
Created attachment 360497 [details] Patch
EWS Watchlist
Comment 12 2019-01-29 13:59:32 PST
Attachment 360497 [details] did not pass style-queue: ERROR: Tools/WebKitTestRunner/InjectedBundle/TestRunner.h:484: The parameter name "canHandle" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 1 in 16 files If any of these errors are false positives, please file a bug against check-webkit-style.
Alex Christensen
Comment 13 2019-01-29 14:21:45 PST
Comment on attachment 360497 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360497&action=review > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:532 > + if (trustResult == noErr || networkDataTask->state() == NetworkDataTask::State::Canceling || networkDataTask->state() == NetworkDataTask::State::Completed) { We need to null check networkDataTask here before using it. I'm also not sure we should check these two states. > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:537 > + RetainPtr<SecTrustRef> secTrust = challenge.protectionSpace.serverTrust; This could be declared inside the lambda capture: secTrust = retainPtr(challenge.protectionSpace.serverTrust) > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:1044 > + extra space
youenn fablet
Comment 14 2019-01-29 14:54:26 PST
Created attachment 360503 [details] Patch for landing
EWS Watchlist
Comment 15 2019-01-29 14:55:53 PST
Attachment 360503 [details] did not pass style-queue: ERROR: Tools/WebKitTestRunner/InjectedBundle/TestRunner.h:484: The parameter name "canHandle" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 1 in 16 files If any of these errors are false positives, please file a bug against check-webkit-style.
WebKit Commit Bot
Comment 16 2019-01-29 16:16:44 PST
Comment on attachment 360503 [details] Patch for landing Clearing flags on attachment: 360503 Committed r240689: <https://trac.webkit.org/changeset/240689>
WebKit Commit Bot
Comment 17 2019-01-29 16:16:46 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.