Diff
Modified: trunk/Source/WebCore/PAL/ChangeLog (243828 => 243829)
--- trunk/Source/WebCore/PAL/ChangeLog 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebCore/PAL/ChangeLog 2019-04-03 22:04:57 UTC (rev 243829)
@@ -1,3 +1,13 @@
+2019-04-03 Alex Christensen <[email protected]>
+
+ Add SPI to disable legacy TLS fallback
+ https://bugs.webkit.org/show_bug.cgi?id=196549
+ <rdar://44979744>
+
+ Reviewed by Geoffrey Garen.
+
+ * pal/spi/cf/CFNetworkSPI.h:
+
2019-04-03 Myles C. Maxfield <[email protected]>
Remove support for -apple-trailing-word
Modified: trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h (243828 => 243829)
--- trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebCore/PAL/pal/spi/cf/CFNetworkSPI.h 2019-04-03 22:04:57 UTC (rev 243829)
@@ -189,6 +189,7 @@
@property (nullable, copy) NSString *_sourceApplicationBundleIdentifier;
@property (nullable, copy) NSString *_sourceApplicationSecondaryIdentifier;
@property BOOL _shouldSkipPreferredClientCertificateLookup NS_AVAILABLE(10_10, 8_0);
+@property BOOL _allowsTLSFallback;
#if PLATFORM(IOS_FAMILY)
@property (nullable, copy) NSString *_CTDataConnectionServiceType;
#endif
Modified: trunk/Source/WebKit/ChangeLog (243828 => 243829)
--- trunk/Source/WebKit/ChangeLog 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebKit/ChangeLog 2019-04-03 22:04:57 UTC (rev 243829)
@@ -1,3 +1,35 @@
+2019-04-03 Alex Christensen <[email protected]>
+
+ Add SPI to disable legacy TLS fallback
+ https://bugs.webkit.org/show_bug.cgi?id=196549
+ <rdar://44979744>
+
+ Reviewed by Geoffrey Garen.
+
+ * NetworkProcess/NetworkSessionCreationParameters.cpp:
+ (WebKit::NetworkSessionCreationParameters::privateSessionParameters):
+ (WebKit::NetworkSessionCreationParameters::encode const):
+ (WebKit::NetworkSessionCreationParameters::decode):
+ * NetworkProcess/NetworkSessionCreationParameters.h:
+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+ (WebKit::NetworkSessionCocoa::NetworkSessionCocoa):
+ * UIProcess/API/Cocoa/WKWebsiteDataStore.mm:
+ (-[WKWebsiteDataStore _setAllowsTLSFallback:]):
+ (-[WKWebsiteDataStore _allowsTLSFallback]):
+ * UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h:
+ * UIProcess/WebProcessPool.cpp:
+ (WebKit::WebProcessPool::ensureNetworkProcess):
+ * UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm:
+ (WebKit::WebsiteDataStore::parameters):
+ * UIProcess/WebsiteData/WebsiteDataStore.cpp:
+ (WebKit::WebsiteDataStore::setSourceApplicationSecondaryIdentifier):
+ (WebKit::WebsiteDataStore::setAllowsTLSFallback):
+ (WebKit::WebsiteDataStore::setSourceApplicationBundleIdentifier):
+ * UIProcess/WebsiteData/WebsiteDataStore.h:
+ (WebKit::WebsiteDataStore::allowsTLSFallback const):
+ (WebKit::WebsiteDataStore::networkingHasBegun):
+ (WebKit::WebsiteDataStore::finalizeApplicationIdentifiers): Deleted.
+
2019-04-03 Myles C. Maxfield <[email protected]>
Remove support for -apple-trailing-word
Modified: trunk/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp (243828 => 243829)
--- trunk/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp 2019-04-03 22:04:57 UTC (rev 243829)
@@ -42,7 +42,7 @@
{
return { sessionID, { }, AllowsCellularAccess::Yes
#if PLATFORM(COCOA)
- , { }, { }, { }, false, { }, { }, { }
+ , { }, { }, { }, AllowsTLSFallback::Yes, false, { }, { }, { }
#endif
#if USE(SOUP)
, { }, SoupCookiePersistentStorageType::Text
@@ -63,6 +63,7 @@
IPC::encode(encoder, proxyConfiguration.get());
encoder << sourceApplicationBundleIdentifier;
encoder << sourceApplicationSecondaryIdentifier;
+ encoder << allowsTLSFallback;
encoder << shouldLogCookieInformation;
encoder << loadThrottleLatency;
encoder << httpProxy;
@@ -114,7 +115,12 @@
decoder >> sourceApplicationSecondaryIdentifier;
if (!sourceApplicationSecondaryIdentifier)
return WTF::nullopt;
-
+
+ Optional<AllowsTLSFallback> allowsTLSFallback;
+ decoder >> allowsTLSFallback;
+ if (!allowsTLSFallback)
+ return WTF::nullopt;
+
Optional<bool> shouldLogCookieInformation;
decoder >> shouldLogCookieInformation;
if (!shouldLogCookieInformation)
@@ -198,6 +204,7 @@
, WTFMove(proxyConfiguration)
, WTFMove(*sourceApplicationBundleIdentifier)
, WTFMove(*sourceApplicationSecondaryIdentifier)
+ , WTFMove(*allowsTLSFallback)
, WTFMove(*shouldLogCookieInformation)
, WTFMove(*loadThrottleLatency)
, WTFMove(*httpProxy)
Modified: trunk/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h (243828 => 243829)
--- trunk/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h 2019-04-03 22:04:57 UTC (rev 243829)
@@ -53,6 +53,7 @@
namespace WebKit {
enum class AllowsCellularAccess : bool { No, Yes };
+enum class AllowsTLSFallback : bool { No, Yes };
struct NetworkSessionCreationParameters {
void encode(IPC::Encoder&) const;
@@ -66,6 +67,7 @@
RetainPtr<CFDictionaryRef> proxyConfiguration;
String sourceApplicationBundleIdentifier;
String sourceApplicationSecondaryIdentifier;
+ AllowsTLSFallback allowsTLSFallback { AllowsTLSFallback::Yes };
bool shouldLogCookieInformation { false };
Seconds loadThrottleLatency;
URL httpProxy;
Modified: trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (243828 => 243829)
--- trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm 2019-04-03 22:04:57 UTC (rev 243829)
@@ -946,6 +946,9 @@
configuration._companionProxyPreference = NSURLSessionCompanionProxyPreferencePreferDirectToCloud;
#endif
+ if (parameters.allowsTLSFallback == AllowsTLSFallback::No && [configuration respondsToSelector:@selector(_allowsTLSFallback)])
+ configuration._allowsTLSFallback = NO;
+
auto* storageSession = networkProcess.storageSession(parameters.sessionID);
RELEASE_ASSERT(storageSession);
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm (243828 => 243829)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm 2019-04-03 22:04:57 UTC (rev 243829)
@@ -383,6 +383,17 @@
[NSException raise:NSGenericException format:@"_setSourceApplicationSecondaryIdentifier cannot be called after networking has begun"];
}
+- (void)_setAllowsTLSFallback:(BOOL)allows
+{
+ if (!_websiteDataStore->websiteDataStore().setAllowsTLSFallback(allows))
+ [NSException raise:NSGenericException format:@"_setAllowsTLSFallback cannot be called after networking has begun"];
+}
+
+- (BOOL)_allowsTLSFallback
+{
+ return _websiteDataStore->websiteDataStore().allowsTLSFallback();
+}
+
- (NSDictionary *)_proxyConfiguration
{
return (__bridge NSDictionary *)_websiteDataStore->websiteDataStore().proxyConfiguration();
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h (243828 => 243829)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStorePrivate.h 2019-04-03 22:04:57 UTC (rev 243829)
@@ -57,6 +57,7 @@
@property (nonatomic, setter=_setProxyConfiguration:) NSDictionary *_proxyConfiguration WK_API_AVAILABLE(macos(10.14), ios(12.0));
@property (nonatomic, copy, setter=_setSourceApplicationBundleIdentifier:) NSString *_sourceApplicationBundleIdentifier WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
@property (nonatomic, copy, setter=_setSourceApplicationSecondaryIdentifier:) NSString *_sourceApplicationSecondaryIdentifier WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+@property (nonatomic, setter=_setAllowsTLSFallback:) BOOL _allowsTLSFallback WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
@property (nonatomic, readonly) NSURL *_indexedDBDatabaseDirectory;
Modified: trunk/Source/WebKit/UIProcess/WebProcessPool.cpp (243828 => 243829)
--- trunk/Source/WebKit/UIProcess/WebProcessPool.cpp 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebKit/UIProcess/WebProcessPool.cpp 2019-04-03 22:04:57 UTC (rev 243829)
@@ -496,8 +496,9 @@
#if PLATFORM(COCOA)
parameters.defaultDataStoreParameters.networkSessionParameters.sourceApplicationBundleIdentifier = m_websiteDataStore->websiteDataStore().sourceApplicationBundleIdentifier();
parameters.defaultDataStoreParameters.networkSessionParameters.sourceApplicationSecondaryIdentifier = m_websiteDataStore->websiteDataStore().sourceApplicationSecondaryIdentifier();
+ parameters.defaultDataStoreParameters.networkSessionParameters.allowsTLSFallback = m_websiteDataStore->websiteDataStore().allowsTLSFallback() ? AllowsTLSFallback::Yes : AllowsTLSFallback::No;
#endif
- m_websiteDataStore->websiteDataStore().finalizeApplicationIdentifiers();
+ m_websiteDataStore->websiteDataStore().networkingHasBegun();
}
parameters.cacheModel = cacheModel();
Modified: trunk/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm (243828 => 243829)
--- trunk/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm 2019-04-03 22:04:57 UTC (rev 243829)
@@ -116,6 +116,7 @@
m_proxyConfiguration,
m_sourceApplicationBundleIdentifier,
m_sourceApplicationSecondaryIdentifier,
+ m_allowsTLSFallback ? AllowsTLSFallback::Yes : AllowsTLSFallback::No,
shouldLogCookieInformation,
Seconds { [defaults integerForKey:WebKitNetworkLoadThrottleLatencyMillisecondsDefaultsKey] / 1000. },
WTFMove(httpProxy),
@@ -127,7 +128,7 @@
enableResourceLoadStatisticsDebugMode,
WTFMove(resourceLoadStatisticsManualPrevalentResource)
};
- finalizeApplicationIdentifiers();
+ networkingHasBegun();
auto cookieFile = resolvedCookieStorageFile();
Modified: trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp (243828 => 243829)
--- trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp 2019-04-03 22:04:57 UTC (rev 243829)
@@ -2160,15 +2160,23 @@
bool WebsiteDataStore::setSourceApplicationSecondaryIdentifier(String&& identifier)
{
- if (!m_allowedToSetApplicationIdentifiers)
+ if (m_networkingHasBegun)
return false;
m_sourceApplicationSecondaryIdentifier = WTFMove(identifier);
return true;
}
+bool WebsiteDataStore::setAllowsTLSFallback(bool allows)
+{
+ if (m_networkingHasBegun)
+ return false;
+ m_allowsTLSFallback = allows;
+ return true;
+}
+
bool WebsiteDataStore::setSourceApplicationBundleIdentifier(String&& identifier)
{
- if (!m_allowedToSetApplicationIdentifiers)
+ if (m_networkingHasBegun)
return false;
m_sourceApplicationBundleIdentifier = WTFMove(identifier);
return true;
Modified: trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h (243828 => 243829)
--- trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h 2019-04-03 21:46:55 UTC (rev 243828)
+++ trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h 2019-04-03 22:04:57 UTC (rev 243829)
@@ -212,9 +212,12 @@
const String& sourceApplicationSecondaryIdentifier() const { return m_sourceApplicationSecondaryIdentifier; }
bool setSourceApplicationSecondaryIdentifier(String&&);
+
+ bool allowsTLSFallback() const { return m_allowsTLSFallback; }
+ bool setAllowsTLSFallback(bool);
+
+ void networkingHasBegun() { m_networkingHasBegun = true; }
- void finalizeApplicationIdentifiers() { m_allowedToSetApplicationIdentifiers = false; }
-
void setAllowsCellularAccess(AllowsCellularAccess allows) { m_allowsCellularAccess = allows; }
AllowsCellularAccess allowsCellularAccess() { return m_allowsCellularAccess; }
@@ -320,7 +323,8 @@
AllowsCellularAccess m_allowsCellularAccess { AllowsCellularAccess::Yes };
String m_sourceApplicationBundleIdentifier;
String m_sourceApplicationSecondaryIdentifier;
- bool m_allowedToSetApplicationIdentifiers { true };
+ bool m_allowsTLSFallback { true };
+ bool m_networkingHasBegun { false };
#if HAVE(SEC_KEY_PROXY)
Vector<Ref<SecKeyProxyStore>> m_secKeyProxyStores;
