Skip to site navigation (Press enter)

[webkit-changes] [202640] trunk

commit-queue Wed, 29 Jun 2016 12:19:55 -0700

Title: [202640] trunk

Revision: 202640
Author: [email protected]
Date: 2016-06-29 12:19:24 -0700 (Wed, 29 Jun 2016)

Log Message

WKWebView should ask WKNavigationDelegate about bad ssl certificates
https://bugs.webkit.org/show_bug.cgi?id=159176
Source/WebKit2:


rdar://problem/26864882

Patch by Alex Christensen <[email protected]> on 2016-06-29
Reviewed by Sam Weinig.

This can be tested manually by visiting a site in MiniBrowser that has invalid ssl certificates, but we don't have proper ssl testing yet.
Before this change, we would just open the site as if nothing were invalid, now we call the WKNavigationDelegate's didReceiveAuthenticationChallenge
like we did before using NSURLSession, and we do not open the page, also like we did before using NSURLSession.

* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
When using NSURLConnection and responding to canAuthenticateAgainstProtectionSpace with YES,
we get an NSURLAuthenticationChallenge when a bad ssl certificate is encountered in the handshake.
When using NSURLSession, we want to call webView:didReceiveAuthenticationChallenge:completionHandler: in this case.
The default implementation of NavigationState::NavigationClient::canAuthenticateAgainstProtectionSpace returns true
if there is an implementation of webView:didReceiveAuthenticationChallenge:completionHandler: in its WKNavigationDelegate.
Internal clients can implement _webView:canAuthenticateAgainstProtectionSpace:
and Safari uses canHandleHTTPSServerTrustEvaluation, so it will be unaffected.

Tools:

Patch by Alex Christensen <[email protected]> on 2016-06-29
Reviewed by Sam Weinig.

* MiniBrowser/mac/WK2BrowserWindowController.m:
(-[WK2BrowserWindowController webView:didFinishLoadingNavigation:]):
(-[WK2BrowserWindowController webView:didReceiveAuthenticationChallenge:completionHandler:]):
(-[WK2BrowserWindowController webView:didFailNavigation:withError:]):

Modified Paths

trunk/Source/WebKit2/ChangeLog
trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp
trunk/Tools/ChangeLog
trunk/Tools/MiniBrowser/mac/WK2BrowserWindowController.m

Diff

Modified: trunk/Source/WebKit2/ChangeLog (202639 => 202640)


--- trunk/Source/WebKit2/ChangeLog	2016-06-29 18:49:17 UTC (rev 202639)
+++ trunk/Source/WebKit2/ChangeLog	2016-06-29 19:19:24 UTC (rev 202640)
@@ -1,3 +1,25 @@
+2016-06-29  Alex Christensen  <[email protected]>
+
+        WKWebView should ask WKNavigationDelegate about bad ssl certificates
+        https://bugs.webkit.org/show_bug.cgi?id=159176
+        rdar://problem/26864882
+
+        Reviewed by Sam Weinig.
+
+        This can be tested manually by visiting a site in MiniBrowser that has invalid ssl certificates, but we don't have proper ssl testing yet.
+        Before this change, we would just open the site as if nothing were invalid, now we call the WKNavigationDelegate's didReceiveAuthenticationChallenge
+        like we did before using NSURLSession, and we do not open the page, also like we did before using NSURLSession.
+
+        * NetworkProcess/NetworkLoad.cpp:
+        (WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
+        When using NSURLConnection and responding to canAuthenticateAgainstProtectionSpace with YES,
+        we get an NSURLAuthenticationChallenge when a bad ssl certificate is encountered in the handshake.
+        When using NSURLSession, we want to call webView:didReceiveAuthenticationChallenge:completionHandler: in this case.
+        The default implementation of NavigationState::NavigationClient::canAuthenticateAgainstProtectionSpace returns true
+        if there is an implementation of webView:didReceiveAuthenticationChallenge:completionHandler: in its WKNavigationDelegate.
+        Internal clients can implement _webView:canAuthenticateAgainstProtectionSpace: 
+        and Safari uses canHandleHTTPSServerTrustEvaluation, so it will be unaffected.
+
 2016-06-29  Beth Dakin  <[email protected]>
 
         Delete WKElementInfo since it's not used

Modified: trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp (202639 => 202640)


--- trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp	2016-06-29 18:49:17 UTC (rev 202639)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp	2016-06-29 19:19:24 UTC (rev 202640)
@@ -352,12 +352,7 @@
             completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, { });
         return;
     }
-    
-    if (m_challenge->protectionSpace().authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
-        completionHandler(AuthenticationChallengeDisposition::UseCredential, serverTrustCredential(*m_challenge));
-        return;
-    }
-    
+
     if (m_parameters.clientCredentialPolicy == DoNotAskClientForAnyCredentials) {
         completionHandler(AuthenticationChallengeDisposition::UseCredential, { });
         return;

Modified: trunk/Tools/ChangeLog (202639 => 202640)


--- trunk/Tools/ChangeLog	2016-06-29 18:49:17 UTC (rev 202639)
+++ trunk/Tools/ChangeLog	2016-06-29 19:19:24 UTC (rev 202640)
@@ -1,3 +1,15 @@
+2016-06-29  Alex Christensen  <[email protected]>
+
+        WKWebView should ask WKNavigationDelegate about bad ssl certificates
+        https://bugs.webkit.org/show_bug.cgi?id=159176
+
+        Reviewed by Sam Weinig.
+
+        * MiniBrowser/mac/WK2BrowserWindowController.m:
+        (-[WK2BrowserWindowController webView:didFinishLoadingNavigation:]):
+        (-[WK2BrowserWindowController webView:didReceiveAuthenticationChallenge:completionHandler:]):
+        (-[WK2BrowserWindowController webView:didFailNavigation:withError:]):
+
 2016-06-29  Carlos Alberto Lopez Perez  <[email protected]>
 
         [GTK] Add missing install dependency after r202619

Modified: trunk/Tools/MiniBrowser/mac/WK2BrowserWindowController.m (202639 => 202640)


--- trunk/Tools/MiniBrowser/mac/WK2BrowserWindowController.m	2016-06-29 18:49:17 UTC (rev 202639)
+++ trunk/Tools/MiniBrowser/mac/WK2BrowserWindowController.m	2016-06-29 19:19:24 UTC (rev 202640)
@@ -567,6 +567,12 @@
     LOG(@"didFinishLoadingNavigation: %@", navigation);
 }
 
+- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *__nullable credential))completionHandler
+{
+    LOG(@"didReceiveAuthenticationChallenge: %@", challenge);
+    completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
+}
+
 - (void)webView:(WKWebView *)webView didFailNavigation:(WKNavigation *)navigation withError:(NSError *)error
 {
     LOG(@"didFailNavigation: %@, error %@", navigation, error);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes