WebKit Bugzilla
Attachment 347324 Details for
Bug 188684
: Simplify server trust authentication flow
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-188684-20180816165444.patch (text/plain), 4.82 KB, created by
Alex Christensen
on 2018-08-16 16:54:45 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Alex Christensen
Created:
2018-08-16 16:54:45 PDT
Size:
4.82 KB
patch
obsolete
>Index: Source/WebKit/ChangeLog >=================================================================== >--- Source/WebKit/ChangeLog (revision 234971) >+++ Source/WebKit/ChangeLog (working copy) >@@ -1,3 +1,20 @@ >+2018-08-16 Alex Christensen <achristensen@webkit.org> >+ >+ Simplify server trust authentication flow >+ https://bugs.webkit.org/show_bug.cgi?id=188684 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ We unnecessarily had the allowsSpecificHTTPSCertificateForHost check at two different abstraction levels. >+ >+ * NetworkProcess/NetworkLoad.cpp: >+ (WebKit::NetworkLoad::didReceiveChallenge): >+ * NetworkProcess/NetworkSession.cpp: >+ (WebKit::NetworkSession::allowsSpecificHTTPSCertificateForHost): Deleted. >+ * NetworkProcess/NetworkSession.h: >+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm: >+ (-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]): >+ > 2018-08-16 Sihui Liu <sihui_liu@apple.com> > > Remove unused parentProcessName from NetworkProcessCreationParameters >Index: Source/WebKit/NetworkProcess/NetworkLoad.cpp >=================================================================== >--- Source/WebKit/NetworkProcess/NetworkLoad.cpp (revision 234941) >+++ Source/WebKit/NetworkProcess/NetworkLoad.cpp (working copy) >@@ -261,12 +261,6 @@ void NetworkLoad::didReceiveChallenge(Au > completionHandler(AuthenticationChallengeDisposition::UseCredential, { }); > return; > } >- >-#if PLATFORM(COCOA) >- if (scheme == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested >- && NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(challenge)) >- return completionHandler(AuthenticationChallengeDisposition::UseCredential, serverTrustCredential(challenge)); >-#endif > > if (auto* pendingDownload = m_task->pendingDownload()) > NetworkProcess::singleton().authenticationManager().didReceiveAuthenticationChallenge(*pendingDownload, challenge, WTFMove(completionHandler)); >Index: Source/WebKit/NetworkProcess/NetworkSession.cpp >=================================================================== >--- Source/WebKit/NetworkProcess/NetworkSession.cpp (revision 234932) >+++ Source/WebKit/NetworkProcess/NetworkSession.cpp (working copy) >@@ -81,13 +81,4 @@ void NetworkSession::invalidateAndCancel > task->invalidateAndCancel(); > } > >-bool NetworkSession::allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge& challenge) >-{ >-#if PLATFORM(COCOA) >- return NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(challenge); >-#else >- return false; >-#endif >-} >- > } // namespace WebKit >Index: Source/WebKit/NetworkProcess/NetworkSession.h >=================================================================== >--- Source/WebKit/NetworkProcess/NetworkSession.h (revision 234932) >+++ Source/WebKit/NetworkProcess/NetworkSession.h (working copy) >@@ -54,8 +54,6 @@ public: > void registerNetworkDataTask(NetworkDataTask& task) { m_dataTaskSet.add(&task); } > void unregisterNetworkDataTask(NetworkDataTask& task) { m_dataTaskSet.remove(&task); } > >- static bool allowsSpecificHTTPSCertificateForHost(const WebCore::AuthenticationChallenge&); >- > protected: > NetworkSession(PAL::SessionID); > >Index: Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm >=================================================================== >--- Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (revision 234932) >+++ Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (working copy) >@@ -330,13 +330,13 @@ - (void)URLSession:(NSURLSession *)sessi > return; > } > >- // Handle server trust evaluation at platform-level if requested, for performance reasons. >- if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust] && !NetworkProcess::singleton().canHandleHTTPSServerTrustEvaluation()) { >+ if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) { > if (NetworkSessionCocoa::allowsSpecificHTTPSCertificateForHost(challenge)) >- completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]); >- else >- completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil); >- return; >+ return completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]); >+ >+ // Handle server trust evaluation at platform-level if requested, for performance reasons and to use ATS defaults. >+ if (!NetworkProcess::singleton().canHandleHTTPSServerTrustEvaluation()) >+ return completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil); > } > > if (auto* networkDataTask = [self existingTask:task]) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=347324">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
youennf
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 188684
: 347324