Title: [196671] trunk/Source/WebKit2
- Revision
- 196671
- Author
- [email protected]
- Date
- 2016-02-16 16:30:39 -0800 (Tue, 16 Feb 2016)
Log Message
Use NSURLCredential from serverTrust when evaluating server trust AuthenticationChallenges with NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=154316
Reviewed by Brady Eidson.
This fixes http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html
and many other layout tests that use https because it allows https connections with servers
with self-signed certificates when TestController::canAuthenticateAgainstProtectionSpace in
WebKitTestRunner says it's OK, or when any other WKPageNavigationClient says it's ok.
* NetworkProcess/NetworkDataTask.h:
* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::serverTrustCredential):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (196670 => 196671)
--- trunk/Source/WebKit2/ChangeLog 2016-02-17 00:00:54 UTC (rev 196670)
+++ trunk/Source/WebKit2/ChangeLog 2016-02-17 00:30:39 UTC (rev 196671)
@@ -1,3 +1,21 @@
+2016-02-16 Alex Christensen <[email protected]>
+
+ Use NSURLCredential from serverTrust when evaluating server trust AuthenticationChallenges with NetworkSession
+ https://bugs.webkit.org/show_bug.cgi?id=154316
+
+ Reviewed by Brady Eidson.
+
+ This fixes http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html
+ and many other layout tests that use https because it allows https connections with servers
+ with self-signed certificates when TestController::canAuthenticateAgainstProtectionSpace in
+ WebKitTestRunner says it's OK, or when any other WKPageNavigationClient says it's ok.
+
+ * NetworkProcess/NetworkDataTask.h:
+ * NetworkProcess/NetworkLoad.cpp:
+ (WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
+ (WebKit::serverTrustCredential):
+
2016-02-16 Anders Carlsson <[email protected]>
Use pid_t everywhere, instead of PlatformProcessIdentifier
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.h (196670 => 196671)
--- trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.h 2016-02-17 00:00:54 UTC (rev 196670)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkDataTask.h 2016-02-17 00:30:39 UTC (rev 196671)
@@ -140,6 +140,10 @@
#endif
};
+#if PLATFORM(COCOA)
+WebCore::Credential serverTrustCredential(const WebCore::AuthenticationChallenge&);
+#endif
+
}
#endif
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp (196670 => 196671)
--- trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp 2016-02-17 00:00:54 UTC (rev 196670)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp 2016-02-17 00:30:39 UTC (rev 196671)
@@ -340,7 +340,7 @@
}
if (!m_challenge.protectionSpace().isPasswordBased()) {
- completionHandler(AuthenticationChallengeDisposition::PerformDefaultHandling, Credential());
+ completionHandler(AuthenticationChallengeDisposition::UseCredential, serverTrustCredential(m_challenge));
return;
}
Modified: trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm (196670 => 196671)
--- trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2016-02-17 00:00:54 UTC (rev 196670)
+++ trunk/Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm 2016-02-17 00:30:39 UTC (rev 196671)
@@ -189,6 +189,12 @@
{
return [m_task taskIdentifier];
}
+
+WebCore::Credential serverTrustCredential(const WebCore::AuthenticationChallenge& challenge)
+{
+ return WebCore::Credential([NSURLCredential credentialForTrust:challenge.nsURLAuthenticationChallenge().protectionSpace.serverTrust]);
}
+}
+
#endif
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
