Bug 232971 - [Curl] Security information sometimes do not appear in inspector network tab
Summary: [Curl] Security information sometimes do not appear in inspector network tab
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Platform (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Takashi Komori
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-11-10 16:43 PST by Takashi Komori
Modified: 2021-11-15 14:59 PST (History)
10 users (show)

See Also:


Attachments
Patch (8.30 KB, patch)
2021-11-10 17:30 PST, Takashi Komori
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Takashi Komori 2021-11-10 16:43:09 PST
On Curl port, security information sometimes do not appear in inspector network tab.
This is because CurlSSLVerifier could be empty when using HTTP/2 connection.

In this ticket, we will fix this issue.
Comment 1 Takashi Komori 2021-11-10 17:30:40 PST
Created attachment 443882 [details]
Patch
Comment 2 Fujii Hironori 2021-11-10 22:42:14 PST
Comment on attachment 443882 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=443882&action=review

> Source/WebCore/platform/network/curl/CurlContext.cpp:916
> +        return m_sslVerifier->certificateInfo();

Do we still need this code path? If we can get the cert info from SSL*, why do we need to get the cert info from m_sslVerifier?
Comment 3 Takashi Komori 2021-11-15 01:55:54 PST
(In reply to Fujii Hironori from comment #2)
> Comment on attachment 443882 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=443882&action=review
> 
> > Source/WebCore/platform/network/curl/CurlContext.cpp:916
> > +        return m_sslVerifier->certificateInfo();
> 
> Do we still need this code path? If we can get the cert info from SSL*, why
> do we need to get the cert info from m_sslVerifier?

We can get SSL* by calling curl_easy_getinfo with CURLINFO_TLS_SSL_PTR, but it works only while the connection is not terminated.
When curl connects a bad cert server, didCompleteTransfer is called and the connection terminates.
Therefore, we can't remove the routine gets certificate information from CurlSSLVerifier.

https://curl.se/libcurl/c/CURLINFO_TLS_SSL_PTR.html
>If the internals pointer is NULL then either the SSL backend is not supported, an SSL session has not yet been established or the connection is no longer associated with the easy handle (eg curl_easy_perform has returned).
Comment 4 EWS 2021-11-15 14:44:20 PST
Committed r285838 (244270@main): <https://commits.webkit.org/244270@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 443882 [details].
Comment 5 Radar WebKit Bug Importer 2021-11-15 14:59:35 PST
<rdar://problem/85430487>