Diff
Modified: trunk/Source/WebKit2/ChangeLog (137966 => 137967)
--- trunk/Source/WebKit2/ChangeLog 2012-12-18 01:56:28 UTC (rev 137966)
+++ trunk/Source/WebKit2/ChangeLog 2012-12-18 02:22:51 UTC (rev 137967)
@@ -1,3 +1,30 @@
+2012-12-17 Brady Eidson <[email protected]>
+
+ Can't visit sites with untrusted certs with the NetworkProcess.
+ <rdar://problem/12885641> and https://bugs.webkit.org/show_bug.cgi?id=105235
+
+ Reviewed by Sam Weinig.
+
+ For Mac the missing functionality is being able to tell the network layer in the
+ NetworkProcess to temporarily accept a certificate chain for the given host.
+
+ This patch adds some SPI supporting the way this works on Mac.
+
+ Add a message and Mac implementation for "allowSpecificHTTPSCertificateForHost":
+ * NetworkProcess/NetworkProcess.h:
+ * NetworkProcess/NetworkProcess.messages.in:
+ * NetworkProcess/mac/NetworkProcessMac.mm:
+ (WebKit::NetworkProcess::allowSpecificHTTPSCertificateForHost):
+
+ Add SPI for the embedding app"
+ * UIProcess/API/C/WKContext.cpp:
+ (WKContextAllowSpecificHTTPSCertificateForHost):
+ * UIProcess/API/C/WKContextPrivate.h:
+
+ * UIProcess/WebContext.cpp:
+ (WebKit::WebContext::allowSpecificHTTPSCertificateForHost):
+ * UIProcess/WebContext.h:
+
2012-12-17 Huang Dongsung <[email protected]>
[CoordinatedGraphics] Assertion hit in WebKit::LayerTreeRenderer::setLayerState()
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkProcess.h (137966 => 137967)
--- trunk/Source/WebKit2/NetworkProcess/NetworkProcess.h 2012-12-18 01:56:28 UTC (rev 137966)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkProcess.h 2012-12-18 02:22:51 UTC (rev 137967)
@@ -93,6 +93,8 @@
void unregisterSchemeForCustomProtocol(const String&);
#endif
+ void allowSpecificHTTPSCertificateForHost(const PlatformCertificateInfo&, const String& host);
+
// Platform Helpers
void platformSetCacheModel(CacheModel);
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkProcess.messages.in (137966 => 137967)
--- trunk/Source/WebKit2/NetworkProcess/NetworkProcess.messages.in 2012-12-18 01:56:28 UTC (rev 137966)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkProcess.messages.in 2012-12-18 02:22:51 UTC (rev 137967)
@@ -43,6 +43,8 @@
RegisterSchemeForCustomProtocol(WTF::String name)
UnregisterSchemeForCustomProtocol(WTF::String name)
#endif
+
+ AllowSpecificHTTPSCertificateForHost(WebKit::PlatformCertificateInfo certificate, WTF::String host)
}
#endif // ENABLE(NETWORK_PROCESS)
Modified: trunk/Source/WebKit2/NetworkProcess/mac/NetworkProcessMac.mm (137966 => 137967)
--- trunk/Source/WebKit2/NetworkProcess/mac/NetworkProcessMac.mm 2012-12-18 01:56:28 UTC (rev 137966)
+++ trunk/Source/WebKit2/NetworkProcess/mac/NetworkProcessMac.mm 2012-12-18 02:22:51 UTC (rev 137967)
@@ -29,7 +29,9 @@
#if ENABLE(NETWORK_PROCESS)
#import "NetworkProcessCreationParameters.h"
+#import "PlatformCertificateInfo.h"
#import "SandboxExtension.h"
+#import <Foundation/NSURLRequestPrivate.h>
#import <WebCore/LocalizedStrings.h>
#import <WebKitSystemInterface.h>
#import <mach/host_info.h>
@@ -111,6 +113,11 @@
[nsurlCache setDiskCapacity:std::max<unsigned long>(urlCacheDiskCapacity, [nsurlCache diskCapacity])]; // Don't shrink a big disk cache, since that would cause churn.
}
+void NetworkProcess::allowSpecificHTTPSCertificateForHost(const PlatformCertificateInfo& certificateInfo, const String& host)
+{
+ [NSURLRequest setAllowsSpecificHTTPSCertificate:(NSArray *)certificateInfo.certificateChain() forHost:(NSString *)host];
+}
+
} // namespace WebKit
#endif // ENABLE(NETWORK_PROCESS)
Modified: trunk/Source/WebKit2/UIProcess/API/C/WKContext.cpp (137966 => 137967)
--- trunk/Source/WebKit2/UIProcess/API/C/WKContext.cpp 2012-12-18 01:56:28 UTC (rev 137966)
+++ trunk/Source/WebKit2/UIProcess/API/C/WKContext.cpp 2012-12-18 02:22:51 UTC (rev 137967)
@@ -267,6 +267,11 @@
toImpl(contextRef)->setIconDatabasePath(toImpl(iconDatabasePath)->string());
}
+void WKContextAllowSpecificHTTPSCertificateForHost(WKContextRef contextRef, WKCertificateInfoRef certificateRef, WKStringRef hostRef)
+{
+ toImpl(contextRef)->allowSpecificHTTPSCertificateForHost(toImpl(certificateRef), toImpl(hostRef)->string());
+}
+
void WKContextSetDatabaseDirectory(WKContextRef contextRef, WKStringRef databaseDirectory)
{
toImpl(contextRef)->setDatabaseDirectory(toImpl(databaseDirectory)->string());
Modified: trunk/Source/WebKit2/UIProcess/API/C/WKContextPrivate.h (137966 => 137967)
--- trunk/Source/WebKit2/UIProcess/API/C/WKContextPrivate.h 2012-12-18 01:56:28 UTC (rev 137966)
+++ trunk/Source/WebKit2/UIProcess/API/C/WKContextPrivate.h 2012-12-18 02:22:51 UTC (rev 137967)
@@ -56,6 +56,8 @@
WK_EXPORT void WKContextSetIconDatabasePath(WKContextRef context, WKStringRef iconDatabasePath);
+WK_EXPORT void WKContextAllowSpecificHTTPSCertificateForHost(WKContextRef context, WKCertificateInfoRef certificate, WKStringRef host);
+
// FIXME: These functions are only effective if called before the Web process is launched. But
// we should really change these settings to be on WebPreferences and changeable at runtime.
WK_EXPORT void WKContextSetDatabaseDirectory(WKContextRef context, WKStringRef databaseDirectory);
Modified: trunk/Source/WebKit2/UIProcess/WebContext.cpp (137966 => 137967)
--- trunk/Source/WebKit2/UIProcess/WebContext.cpp 2012-12-18 01:56:28 UTC (rev 137966)
+++ trunk/Source/WebKit2/UIProcess/WebContext.cpp 2012-12-18 02:22:51 UTC (rev 137967)
@@ -1043,6 +1043,18 @@
return platformDefaultCookieStorageDirectory();
}
+void WebContext::allowSpecificHTTPSCertificateForHost(const WebCertificateInfo* certificate, const String& host)
+{
+#if ENABLE(NETWORK_PROCESS)
+ if (m_usesNetworkProcess && m_networkProcess) {
+ m_networkProcess->send(Messages::NetworkProcess::AllowSpecificHTTPSCertificateForHost(certificate->platformCertificateInfo(), host), 0);
+ return;
+ }
+#endif
+ // FIXME: It's unclear whether we want this SPI to be exposed and used for clients that don't use the NetworkProcess.
+ ASSERT_NOT_REACHED();
+}
+
void WebContext::setHTTPPipeliningEnabled(bool enabled)
{
#if PLATFORM(MAC)
Modified: trunk/Source/WebKit2/UIProcess/WebContext.h (137966 => 137967)
--- trunk/Source/WebKit2/UIProcess/WebContext.h 2012-12-18 01:56:28 UTC (rev 137966)
+++ trunk/Source/WebKit2/UIProcess/WebContext.h 2012-12-18 02:22:51 UTC (rev 137967)
@@ -227,6 +227,8 @@
void setDiskCacheDirectory(const String& dir) { m_overrideDiskCacheDirectory = dir; }
void setCookieStorageDirectory(const String& dir) { m_overrideCookieStorageDirectory = dir; }
+ void allowSpecificHTTPSCertificateForHost(const WebCertificateInfo*, const String& host);
+
WebProcessProxy* ensureSharedWebProcess();
WebProcessProxy* createNewWebProcessRespectingProcessCountLimit(); // Will return an existing one if limit is met.
void warmInitialProcess();
