[webkit-changes] [271170] trunk

Tue, 05 Jan 2021 12:34:10 -0800

Title: [271170] trunk
Revision
271170
Author
hironori.fu...@sony.com
Date
2021-01-05 12:33:21 -0800 (Tue, 05 Jan 2021)

Log Message

[WinCairo][curl] Enable CURLSSLOPT_NATIVE_CA flag to use system's CA certs instead of cacert.pem
https://bugs.webkit.org/show_bug.cgi?id=220258

Reviewed by Don Olmstead.

.:

Libcurl 7.71 added a new flag CURLSSLOPT_NATIVE_CA to use the
operating system's native CA store only for Windows. Use the flag
for WinCairo port.

* Source/cmake/OptionsWinCairo.cmake: Bumped the minimum Curl version.

Source/WebCore:

* PlatformFTW.cmake: Removed the code copying pem file.
* PlatformWin.cmake: Ditto.
* platform/network/curl/CurlContext.cpp:
(WebCore::CurlHandle::enableSSLForHost):
(WebCore::CurlHandle::enableHttp): Set CURLOPT_SSL_OPTIONS with CURLSSLOPT_NATIVE_CA.
* platform/network/win/CurlSSLHandleWin.cpp:
(WebCore::CurlSSLHandle::platformInitialize):
(WebCore::getCACertPathEnv): Deleted.

Modified Paths

Diff

Modified: trunk/ChangeLog (271169 => 271170)


--- trunk/ChangeLog	2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/ChangeLog	2021-01-05 20:33:21 UTC (rev 271170)
@@ -1,3 +1,16 @@
+2021-01-05  Fujii Hironori  <hironori.fu...@sony.com>
+
+        [WinCairo][curl] Enable CURLSSLOPT_NATIVE_CA flag to use system's CA certs instead of cacert.pem
+        https://bugs.webkit.org/show_bug.cgi?id=220258
+
+        Reviewed by Don Olmstead.
+
+        Libcurl 7.71 added a new flag CURLSSLOPT_NATIVE_CA to use the
+        operating system's native CA store only for Windows. Use the flag
+        for WinCairo port.
+
+        * Source/cmake/OptionsWinCairo.cmake: Bumped the minimum Curl version.
+
 2021-01-04  Lauro Moura  <lmo...@igalia.com>
 
         [WebXR][WPE] Build fails without openxr installed

Modified: trunk/Source/WebCore/ChangeLog (271169 => 271170)


--- trunk/Source/WebCore/ChangeLog	2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/WebCore/ChangeLog	2021-01-05 20:33:21 UTC (rev 271170)
@@ -1,3 +1,19 @@
+2021-01-05  Fujii Hironori  <hironori.fu...@sony.com>
+
+        [WinCairo][curl] Enable CURLSSLOPT_NATIVE_CA flag to use system's CA certs instead of cacert.pem
+        https://bugs.webkit.org/show_bug.cgi?id=220258
+
+        Reviewed by Don Olmstead.
+
+        * PlatformFTW.cmake: Removed the code copying pem file.
+        * PlatformWin.cmake: Ditto.
+        * platform/network/curl/CurlContext.cpp:
+        (WebCore::CurlHandle::enableSSLForHost):
+        (WebCore::CurlHandle::enableHttp): Set CURLOPT_SSL_OPTIONS with CURLSSLOPT_NATIVE_CA.
+        * platform/network/win/CurlSSLHandleWin.cpp:
+        (WebCore::CurlSSLHandle::platformInitialize):
+        (WebCore::getCACertPathEnv): Deleted.
+
 2021-01-05  Ryan Haddad  <ryanhad...@apple.com>
 
         Unreviewed, reverting r271025.

Modified: trunk/Source/WebCore/PlatformFTW.cmake (271169 => 271170)


--- trunk/Source/WebCore/PlatformFTW.cmake	2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/WebCore/PlatformFTW.cmake	2021-01-05 20:33:21 UTC (rev 271170)
@@ -257,17 +257,4 @@
     ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources
 )
 
-if (EXISTS ${WEBKIT_LIBRARIES_DIR}/etc/ssl/cert.pem)
-    make_directory(${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates)
-    file(COPY
-        ${WEBKIT_LIBRARIES_DIR}/etc/ssl/cert.pem
-        DESTINATION
-        ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates
-    )
-    file(RENAME
-        ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates/cert.pem
-        ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates/cacert.pem
-    )
-endif ()
-
 set(WebCore_OUTPUT_NAME WebCore${DEBUG_SUFFIX})

Modified: trunk/Source/WebCore/PlatformWin.cmake (271169 => 271170)


--- trunk/Source/WebCore/PlatformWin.cmake	2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/WebCore/PlatformWin.cmake	2021-01-05 20:33:21 UTC (rev 271170)
@@ -216,17 +216,5 @@
     DESTINATION
     ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources
 )
-if (WTF_PLATFORM_WIN_CAIRO AND EXISTS ${WEBKIT_LIBRARIES_DIR}/etc/ssl/cert.pem)
-    make_directory(${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates)
-    file(COPY
-        ${WEBKIT_LIBRARIES_DIR}/etc/ssl/cert.pem
-        DESTINATION
-        ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates
-    )
-    file(RENAME
-        ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates/cert.pem
-        ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates/cacert.pem
-    )
-endif ()
 
 set(WebCore_OUTPUT_NAME WebCore${DEBUG_SUFFIX})

Modified: trunk/Source/WebCore/platform/network/curl/CurlContext.cpp (271169 => 271170)


--- trunk/Source/WebCore/platform/network/curl/CurlContext.cpp	2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/WebCore/platform/network/curl/CurlContext.cpp	2021-01-05 20:33:21 UTC (rev 271170)
@@ -332,8 +332,10 @@
 
     setSslCtxCallbackFunction(willSetupSslCtxCallback, this);
 
+#if !OS(WINDOWS)
     if (auto* path = WTF::get_if<String>(sslHandle.getCACertInfo()))
         setCACertPath(path->utf8().data());
+#endif
 }
 
 void CurlHandle::disableServerTrustEvaluation()
@@ -459,6 +461,9 @@
         curl_easy_setopt(m_handle, CURLOPT_PIPEWAIT, 1L);
         curl_easy_setopt(m_handle, CURLOPT_SSL_ENABLE_ALPN, 1L);
         curl_easy_setopt(m_handle, CURLOPT_SSL_ENABLE_NPN, 0L);
+#if OS(WINDOWS)
+        curl_easy_setopt(m_handle, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA);
+#endif
     } else
         curl_easy_setopt(m_handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
 }

Modified: trunk/Source/WebCore/platform/network/win/CurlSSLHandleWin.cpp (271169 => 271170)


--- trunk/Source/WebCore/platform/network/win/CurlSSLHandleWin.cpp	2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/WebCore/platform/network/win/CurlSSLHandleWin.cpp	2021-01-05 20:33:21 UTC (rev 271170)
@@ -26,42 +26,10 @@
 #include "config.h"
 #include "CurlSSLHandle.h"
 
-#if USE(CF)
-#if OS(WINDOWS)
-#include "WebCoreBundleWin.h"
-#endif
-
-#include <wtf/RetainPtr.h>
-#endif
-
 namespace WebCore {
 
-static String getCACertPathEnv()
-{
-    char* envPath = getenv("CURL_CA_BUNDLE_PATH");
-    if (envPath)
-        return String(envPath);
-
-#if USE(CF)
-    CFBundleRef webKitBundleRef = webKitBundle();
-    if (webKitBundleRef) {
-        RetainPtr<CFURLRef> certURLRef = adoptCF(CFBundleCopyResourceURL(webKitBundleRef, CFSTR("cacert"), CFSTR("pem"), CFSTR("certificates")));
-        if (certURLRef) {
-            char path[MAX_PATH];
-            if (CFURLGetFileSystemRepresentation(certURLRef.get(), false, reinterpret_cast<UInt8*>(path), MAX_PATH) && *path)
-                return String(path);
-        }
-    }
-#endif
-
-    return String();
-}
-
 void CurlSSLHandle::platformInitialize()
 {
-    auto caCertPath = getCACertPathEnv();
-    if (!caCertPath.isEmpty())
-        setCACertPath(WTFMove(caCertPath));
 }
 
 }

Modified: trunk/Source/cmake/OptionsWinCairo.cmake (271169 => 271170)


--- trunk/Source/cmake/OptionsWinCairo.cmake	2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/cmake/OptionsWinCairo.cmake	2021-01-05 20:33:21 UTC (rev 271170)
@@ -6,7 +6,7 @@
 set(ENABLE_WEBKIT ON)
 
 find_package(Cairo 1.15.12 REQUIRED)
-find_package(CURL 7.60.0 REQUIRED)
+find_package(CURL 7.71.0 REQUIRED)
 find_package(ICU 60.2 REQUIRED COMPONENTS data i18n uc)
 find_package(JPEG 1.5.2 REQUIRED)
 find_package(LibXml2 2.9.7 REQUIRED)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to