Diff
Modified: trunk/LayoutTests/ChangeLog (249797 => 249798)
--- trunk/LayoutTests/ChangeLog 2019-09-12 06:04:09 UTC (rev 249797)
+++ trunk/LayoutTests/ChangeLog 2019-09-12 06:51:46 UTC (rev 249798)
@@ -1,3 +1,13 @@
+2019-09-11 Youenn Fablet <you...@apple.com>
+
+ Disable DTLS10
+ https://bugs.webkit.org/show_bug.cgi?id=201679
+
+ Reviewed by Alex Christensen.
+
+ * webrtc/datachannel/dtls10-expected.txt: Added.
+ * webrtc/datachannel/dtls10.html: Added.
+
2019-09-11 Saam Barati <sbar...@apple.com>
[WHLSL] Ensure structs/arrays with pointers as fields are disallowed
Added: trunk/LayoutTests/webrtc/datachannel/dtls10-expected.txt (0 => 249798)
--- trunk/LayoutTests/webrtc/datachannel/dtls10-expected.txt (rev 0)
+++ trunk/LayoutTests/webrtc/datachannel/dtls10-expected.txt 2019-09-12 06:51:46 UTC (rev 249798)
@@ -0,0 +1,4 @@
+
+PASS Verify regular clients can connect with each other
+PASS Verify regular clients cannot connect with DTLS1-only clients
+
Added: trunk/LayoutTests/webrtc/datachannel/dtls10.html (0 => 249798)
--- trunk/LayoutTests/webrtc/datachannel/dtls10.html (rev 0)
+++ trunk/LayoutTests/webrtc/datachannel/dtls10.html 2019-09-12 06:51:46 UTC (rev 249798)
@@ -0,0 +1,76 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Testing DTLS10 connectivity</title>
+ <script src=""
+ <script src=""
+ </head>
+ <body>
+ <script>
+ 'use strict';
+var useDTLS10ForLocalConnection = false;
+var useDTLS10ForRemoteConnection = false;
+
+async function createDTLS10andDTLS12Connections(setupLocalConnection, setupRemoteConnection) {
+ internals.setUseDTLS10(useDTLS10ForLocalConnection);
+ const localConnection = new RTCPeerConnection();
+ internals.setUseDTLS10(useDTLS10ForRemoteConnection);
+ const remoteConnection = new RTCPeerConnection();
+ internals.setUseDTLS10(false);
+
+ remoteConnection._onicecandidate_ = (event) => { localConnection.addIceCandidate(event.candidate); };
+ localConnection._onicecandidate_ = (event) => { remoteConnection.addIceCandidate(event.candidate); };
+
+ setupLocalConnection(localConnection);
+ setupRemoteConnection(localConnection);
+
+ const offer = await localConnection.createOffer();
+ await localConnection.setLocalDescription(offer);
+ await remoteConnection.setRemoteDescription(offer);
+
+ const answer = await remoteConnection.createAnswer();
+ await remoteConnection.setLocalDescription(answer);
+ await localConnection.setRemoteDescription(answer);
+
+ return [localConnection, remoteConnection];
+}
+
+promise_test(async (test) => {
+ if (!window.internals)
+ return Promise.reject("test requires internals");
+
+ useDTLS10ForLocalConnection = false;
+ useDTLS10ForRemoteConnection = false;
+
+ const [localConnection, remoteConnection] = await createDTLS10andDTLS12Connections((connection) => {
+ connection.createDataChannel('test');
+ }, (remoteConnection) => {
+ });
+
+ let counter = 0;
+ while (++counter < 20) {
+ if (localConnection.connectionState === "connected")
+ return;
+ await new Promise(resolve => setTimeout(resolve, 10));
+ }
+}, "Verify regular clients can connect with each other");
+
+promise_test(async (test) => {
+ if (!window.internals)
+ return Promise.reject("test requires internals");
+
+ useDTLS10ForLocalConnection = false;
+ useDTLS10ForRemoteConnection = true;
+
+ const [localConnection, remoteConnection] = await createDTLS10andDTLS12Connections((connection) => {
+ connection.createDataChannel('test');
+ }, (remoteConnection) => {
+ });
+
+ await new Promise(resolve => setTimeout(resolve, 200));
+ assert_not_equals(localConnection.connectionState, "connected");
+}, "Verify regular clients cannot connect with DTLS1-only clients");
+ </script>
+ </body>
+</html>
Modified: trunk/Source/ThirdParty/libwebrtc/ChangeLog (249797 => 249798)
--- trunk/Source/ThirdParty/libwebrtc/ChangeLog 2019-09-12 06:04:09 UTC (rev 249797)
+++ trunk/Source/ThirdParty/libwebrtc/ChangeLog 2019-09-12 06:51:46 UTC (rev 249798)
@@ -1,3 +1,14 @@
+2019-09-11 Youenn Fablet <you...@apple.com>
+
+ Disable DTLS1.0
+ https://bugs.webkit.org/show_bug.cgi?id=201679
+
+ Reviewed by Alex Christensen.
+
+ * Source/webrtc/rtc_base/opensslstreamadapter.cc:
+ Set minimum version to DTLS1.2 when DTLS1.2 is supported.
+ This makes sure any client will never downgrade to DTLS1.0.
+
2019-08-29 Keith Rollin <krol...@apple.com>
Update .xcconfig symbols to reflect the current set of past and future product versions.
Modified: trunk/Source/ThirdParty/libwebrtc/Source/webrtc/rtc_base/opensslstreamadapter.cc (249797 => 249798)
--- trunk/Source/ThirdParty/libwebrtc/Source/webrtc/rtc_base/opensslstreamadapter.cc 2019-09-12 06:04:09 UTC (rev 249797)
+++ trunk/Source/ThirdParty/libwebrtc/Source/webrtc/rtc_base/opensslstreamadapter.cc 2019-09-12 06:51:46 UTC (rev 249798)
@@ -1031,6 +1031,10 @@
break;
case SSL_PROTOCOL_TLS_12:
default:
+#if defined(WEBRTC_WEBKIT_BUILD)
+ SSL_CTX_set_min_proto_version(
+ ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);
+#endif
SSL_CTX_set_max_proto_version(
ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);
break;
Modified: trunk/Source/WebCore/ChangeLog (249797 => 249798)
--- trunk/Source/WebCore/ChangeLog 2019-09-12 06:04:09 UTC (rev 249797)
+++ trunk/Source/WebCore/ChangeLog 2019-09-12 06:51:46 UTC (rev 249798)
@@ -1,3 +1,24 @@
+2019-09-11 Youenn Fablet <you...@apple.com>
+
+ Disable DTLS1.0
+ https://bugs.webkit.org/show_bug.cgi?id=201679
+
+ Reviewed by Alex Christensen.
+
+ Add an option to force to use DTLS1.0 and nothing else.
+ Add internals API to enter in that mode to verify that normal configurations cannot communicate with DTLS1.0.
+
+ Test: webrtc/datachannel/dtls10.html
+
+ * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
+ (WebCore::LibWebRTCProvider::setEnableWebRTCEncryption):
+ (WebCore::LibWebRTCProvider::setUseDTLS10):
+ * platform/mediastream/libwebrtc/LibWebRTCProvider.h:
+ * testing/Internals.cpp:
+ (WebCore::Internals::setUseDTLS10):
+ * testing/Internals.h:
+ * testing/Internals.idl:
+
2019-09-11 Keith Rollin <krol...@apple.com>
Log timeoutValue passed on to CFNetwork
Modified: trunk/Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.cpp (249797 => 249798)
--- trunk/Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.cpp 2019-09-12 06:04:09 UTC (rev 249797)
+++ trunk/Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.cpp 2019-09-12 06:51:46 UTC (rev 249798)
@@ -306,9 +306,23 @@
webrtc::PeerConnectionFactoryInterface::Options options;
options.disable_encryption = !enableWebRTCEncryption;
+ options.ssl_max_version = m_useDTLS10 ? rtc::SSL_PROTOCOL_DTLS_10 : rtc::SSL_PROTOCOL_DTLS_12;
m_factory->SetOptions(options);
}
+void LibWebRTCProvider::setUseDTLS10(bool useDTLS10)
+{
+ m_useDTLS10 = useDTLS10;
+
+ auto* factory = this->factory();
+ if (!factory)
+ return;
+
+ webrtc::PeerConnectionFactoryInterface::Options options;
+ options.ssl_max_version = useDTLS10 ? rtc::SSL_PROTOCOL_DTLS_10 : rtc::SSL_PROTOCOL_DTLS_12;
+ m_factory->SetOptions(options);
+}
+
rtc::scoped_refptr<webrtc::PeerConnectionInterface> LibWebRTCProvider::createPeerConnection(webrtc::PeerConnectionObserver& observer, rtc::NetworkManager& networkManager, rtc::PacketSocketFactory& packetSocketFactory, webrtc::PeerConnectionInterface::RTCConfiguration&& configuration, std::unique_ptr<webrtc::AsyncResolverFactory>&& asyncResolveFactory)
{
auto& factoryAndThreads = getStaticFactoryAndThreads(m_useNetworkThreadWithSocketServer);
Modified: trunk/Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.h (249797 => 249798)
--- trunk/Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.h 2019-09-12 06:04:09 UTC (rev 249797)
+++ trunk/Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.h 2019-09-12 06:51:46 UTC (rev 249798)
@@ -118,6 +118,7 @@
void setEnableLogging(bool);
void setEnableWebRTCEncryption(bool);
+ void setUseDTLS10(bool);
virtual std::unique_ptr<rtc::PacketSocketFactory> createSocketFactory(PAL::SessionID, String&& /* userAgent */) { return nullptr; }
@@ -138,6 +139,7 @@
bool m_disableNonLocalhostConnections { false };
bool m_supportsVP8 { false };
bool m_enableLogging { true };
+ bool m_useDTLS10 { false };
#endif
};
Modified: trunk/Source/WebCore/testing/Internals.cpp (249797 => 249798)
--- trunk/Source/WebCore/testing/Internals.cpp 2019-09-12 06:04:09 UTC (rev 249797)
+++ trunk/Source/WebCore/testing/Internals.cpp 2019-09-12 06:51:46 UTC (rev 249798)
@@ -1512,8 +1512,19 @@
page->settings().setWebRTCEncryptionEnabled(value);
#endif
}
+
+void Internals::setUseDTLS10(bool useDTLS10)
+{
+#if USE(LIBWEBRTC)
+ auto* document = contextDocument();
+ if (!document || !document->page())
+ return;
+ document->page()->libWebRTCProvider().setUseDTLS10(useDTLS10);
#endif
+}
+#endif
+
#if ENABLE(MEDIA_STREAM)
void Internals::setShouldInterruptAudioOnPageVisibilityChange(bool shouldInterrupt)
{
Modified: trunk/Source/WebCore/testing/Internals.h (249797 => 249798)
--- trunk/Source/WebCore/testing/Internals.h 2019-09-12 06:04:09 UTC (rev 249797)
+++ trunk/Source/WebCore/testing/Internals.h 2019-09-12 06:51:46 UTC (rev 249798)
@@ -541,6 +541,7 @@
void clearPeerConnectionFactory();
void applyRotationForOutgoingVideoSources(RTCPeerConnection&);
void setEnableWebRTCEncryption(bool);
+ void setUseDTLS10(bool);
#endif
String getImageSourceURL(Element&);
Modified: trunk/Source/WebCore/testing/Internals.idl (249797 => 249798)
--- trunk/Source/WebCore/testing/Internals.idl 2019-09-12 06:04:09 UTC (rev 249797)
+++ trunk/Source/WebCore/testing/Internals.idl 2019-09-12 06:51:46 UTC (rev 249798)
@@ -618,6 +618,7 @@
[Conditional=WEB_RTC] void stopPeerConnection(RTCPeerConnection connection);
[Conditional=WEB_RTC] void clearPeerConnectionFactory();
[Conditional=WEB_RTC] void setEnableWebRTCEncryption(boolean enabled);
+ [Conditional=WEB_RTC] void setUseDTLS10(boolean use);
[Conditional=VIDEO] void simulateSystemSleep();
[Conditional=VIDEO] void simulateSystemWake();
