- Revision
- 271170
- Author
- hironori.fu...@sony.com
- Date
- 2021-01-05 12:33:21 -0800 (Tue, 05 Jan 2021)
Log Message
[WinCairo][curl] Enable CURLSSLOPT_NATIVE_CA flag to use system's CA certs instead of cacert.pem
https://bugs.webkit.org/show_bug.cgi?id=220258
Reviewed by Don Olmstead.
.:
Libcurl 7.71 added a new flag CURLSSLOPT_NATIVE_CA to use the
operating system's native CA store only for Windows. Use the flag
for WinCairo port.
* Source/cmake/OptionsWinCairo.cmake: Bumped the minimum Curl version.
Source/WebCore:
* PlatformFTW.cmake: Removed the code copying pem file.
* PlatformWin.cmake: Ditto.
* platform/network/curl/CurlContext.cpp:
(WebCore::CurlHandle::enableSSLForHost):
(WebCore::CurlHandle::enableHttp): Set CURLOPT_SSL_OPTIONS with CURLSSLOPT_NATIVE_CA.
* platform/network/win/CurlSSLHandleWin.cpp:
(WebCore::CurlSSLHandle::platformInitialize):
(WebCore::getCACertPathEnv): Deleted.
Modified Paths
Diff
Modified: trunk/ChangeLog (271169 => 271170)
--- trunk/ChangeLog 2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/ChangeLog 2021-01-05 20:33:21 UTC (rev 271170)
@@ -1,3 +1,16 @@
+2021-01-05 Fujii Hironori <hironori.fu...@sony.com>
+
+ [WinCairo][curl] Enable CURLSSLOPT_NATIVE_CA flag to use system's CA certs instead of cacert.pem
+ https://bugs.webkit.org/show_bug.cgi?id=220258
+
+ Reviewed by Don Olmstead.
+
+ Libcurl 7.71 added a new flag CURLSSLOPT_NATIVE_CA to use the
+ operating system's native CA store only for Windows. Use the flag
+ for WinCairo port.
+
+ * Source/cmake/OptionsWinCairo.cmake: Bumped the minimum Curl version.
+
2021-01-04 Lauro Moura <lmo...@igalia.com>
[WebXR][WPE] Build fails without openxr installed
Modified: trunk/Source/WebCore/ChangeLog (271169 => 271170)
--- trunk/Source/WebCore/ChangeLog 2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/WebCore/ChangeLog 2021-01-05 20:33:21 UTC (rev 271170)
@@ -1,3 +1,19 @@
+2021-01-05 Fujii Hironori <hironori.fu...@sony.com>
+
+ [WinCairo][curl] Enable CURLSSLOPT_NATIVE_CA flag to use system's CA certs instead of cacert.pem
+ https://bugs.webkit.org/show_bug.cgi?id=220258
+
+ Reviewed by Don Olmstead.
+
+ * PlatformFTW.cmake: Removed the code copying pem file.
+ * PlatformWin.cmake: Ditto.
+ * platform/network/curl/CurlContext.cpp:
+ (WebCore::CurlHandle::enableSSLForHost):
+ (WebCore::CurlHandle::enableHttp): Set CURLOPT_SSL_OPTIONS with CURLSSLOPT_NATIVE_CA.
+ * platform/network/win/CurlSSLHandleWin.cpp:
+ (WebCore::CurlSSLHandle::platformInitialize):
+ (WebCore::getCACertPathEnv): Deleted.
+
2021-01-05 Ryan Haddad <ryanhad...@apple.com>
Unreviewed, reverting r271025.
Modified: trunk/Source/WebCore/PlatformFTW.cmake (271169 => 271170)
--- trunk/Source/WebCore/PlatformFTW.cmake 2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/WebCore/PlatformFTW.cmake 2021-01-05 20:33:21 UTC (rev 271170)
@@ -257,17 +257,4 @@
${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources
)
-if (EXISTS ${WEBKIT_LIBRARIES_DIR}/etc/ssl/cert.pem)
- make_directory(${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates)
- file(COPY
- ${WEBKIT_LIBRARIES_DIR}/etc/ssl/cert.pem
- DESTINATION
- ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates
- )
- file(RENAME
- ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates/cert.pem
- ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates/cacert.pem
- )
-endif ()
-
set(WebCore_OUTPUT_NAME WebCore${DEBUG_SUFFIX})
Modified: trunk/Source/WebCore/PlatformWin.cmake (271169 => 271170)
--- trunk/Source/WebCore/PlatformWin.cmake 2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/WebCore/PlatformWin.cmake 2021-01-05 20:33:21 UTC (rev 271170)
@@ -216,17 +216,5 @@
DESTINATION
${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources
)
-if (WTF_PLATFORM_WIN_CAIRO AND EXISTS ${WEBKIT_LIBRARIES_DIR}/etc/ssl/cert.pem)
- make_directory(${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates)
- file(COPY
- ${WEBKIT_LIBRARIES_DIR}/etc/ssl/cert.pem
- DESTINATION
- ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates
- )
- file(RENAME
- ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates/cert.pem
- ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/WebKit.resources/certificates/cacert.pem
- )
-endif ()
set(WebCore_OUTPUT_NAME WebCore${DEBUG_SUFFIX})
Modified: trunk/Source/WebCore/platform/network/curl/CurlContext.cpp (271169 => 271170)
--- trunk/Source/WebCore/platform/network/curl/CurlContext.cpp 2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/WebCore/platform/network/curl/CurlContext.cpp 2021-01-05 20:33:21 UTC (rev 271170)
@@ -332,8 +332,10 @@
setSslCtxCallbackFunction(willSetupSslCtxCallback, this);
+#if !OS(WINDOWS)
if (auto* path = WTF::get_if<String>(sslHandle.getCACertInfo()))
setCACertPath(path->utf8().data());
+#endif
}
void CurlHandle::disableServerTrustEvaluation()
@@ -459,6 +461,9 @@
curl_easy_setopt(m_handle, CURLOPT_PIPEWAIT, 1L);
curl_easy_setopt(m_handle, CURLOPT_SSL_ENABLE_ALPN, 1L);
curl_easy_setopt(m_handle, CURLOPT_SSL_ENABLE_NPN, 0L);
+#if OS(WINDOWS)
+ curl_easy_setopt(m_handle, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA);
+#endif
} else
curl_easy_setopt(m_handle, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
}
Modified: trunk/Source/WebCore/platform/network/win/CurlSSLHandleWin.cpp (271169 => 271170)
--- trunk/Source/WebCore/platform/network/win/CurlSSLHandleWin.cpp 2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/WebCore/platform/network/win/CurlSSLHandleWin.cpp 2021-01-05 20:33:21 UTC (rev 271170)
@@ -26,42 +26,10 @@
#include "config.h"
#include "CurlSSLHandle.h"
-#if USE(CF)
-#if OS(WINDOWS)
-#include "WebCoreBundleWin.h"
-#endif
-
-#include <wtf/RetainPtr.h>
-#endif
-
namespace WebCore {
-static String getCACertPathEnv()
-{
- char* envPath = getenv("CURL_CA_BUNDLE_PATH");
- if (envPath)
- return String(envPath);
-
-#if USE(CF)
- CFBundleRef webKitBundleRef = webKitBundle();
- if (webKitBundleRef) {
- RetainPtr<CFURLRef> certURLRef = adoptCF(CFBundleCopyResourceURL(webKitBundleRef, CFSTR("cacert"), CFSTR("pem"), CFSTR("certificates")));
- if (certURLRef) {
- char path[MAX_PATH];
- if (CFURLGetFileSystemRepresentation(certURLRef.get(), false, reinterpret_cast<UInt8*>(path), MAX_PATH) && *path)
- return String(path);
- }
- }
-#endif
-
- return String();
-}
-
void CurlSSLHandle::platformInitialize()
{
- auto caCertPath = getCACertPathEnv();
- if (!caCertPath.isEmpty())
- setCACertPath(WTFMove(caCertPath));
}
}
Modified: trunk/Source/cmake/OptionsWinCairo.cmake (271169 => 271170)
--- trunk/Source/cmake/OptionsWinCairo.cmake 2021-01-05 20:24:51 UTC (rev 271169)
+++ trunk/Source/cmake/OptionsWinCairo.cmake 2021-01-05 20:33:21 UTC (rev 271170)
@@ -6,7 +6,7 @@
set(ENABLE_WEBKIT ON)
find_package(Cairo 1.15.12 REQUIRED)
-find_package(CURL 7.60.0 REQUIRED)
+find_package(CURL 7.71.0 REQUIRED)
find_package(ICU 60.2 REQUIRED COMPONENTS data i18n uc)
find_package(JPEG 1.5.2 REQUIRED)
find_package(LibXml2 2.9.7 REQUIRED)