155132 2016-03-07 13:51:47 -0800 Regression tests cannot load video over HTTPS with self-signed certificate 2020-07-16 12:05:18 -0700 1 1 1 Unclassified WebKit Tools / Tests WebKit Local Build All All RESOLVED FIXED InRadar P2 Normal --- 1 dbates webkit-unassigned ap eric.carlson hector_i_lopez jer.noble lforschler tsavell webkit-bug-importer youennf oldest_to_newest 1171731 0 dbates 2016-03-07 13:51:47 -0800 The test LayoutTests/http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html, included in the attachment #273068 (bug #154122), fails when run using run-webkit-tests on OS X 10.11.3 (15D19) with the following console output: 3/7/16 1:49:58.938 PM com.apple.WebKit.WebContent.Development[63455]: NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) 3/7/16 1:49:58.940 PM com.apple.WebKit.WebContent.Development[63455]: [13:49:58.940] HTTPRequest figHttpRequestDidFailCallback: Network error: domain=kCFErrorDomainCFNetwork, code=-1202, Error Domain=kCFErrorDomainCFNetwork Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be �127.0.0.1� which could put your confidential information at risk." UserInfo={NSErrorFailingURLStringKey=https://127.0.0.1:8443/media-resources/content/test.mp4, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, kCFStreamPropertySSLPeerCertificates=( "<SecCertificate 0x7fd872b85bc0 [0x7fff7ae80440]>" ), _kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrust 0x7fd872b87310 [0x7fff7ae80440]>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be �127.0.0.1� which could put your confidential information at risk., _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://127.0.0.1:8443/media-resources/content/test.mp4, _kCFStreamErrorCodeKey=-9813} for https://127.0.0.1:8443/media-resources/content/test.mp4 Notice that the certificate for https://127.0.0.1:8443 is a self-signed certificate. 1209070 1 youennf 2016-07-08 06:00:22 -0700 The same problem happens for some web-platform-tests tests, for instance imported/w3c/web-platform-tests/fetch/api/cors/cors-basic.html The stderr is: 2016-07-08 14:45:32.887 com.apple.WebKit.Networking.Development[83486:12370795] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) 2016-07-08 14:45:32.907 com.apple.WebKit.Networking.Development[83486:12370795] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) 2016-07-08 14:45:32.911 com.apple.WebKit.Networking.Development[83486:12370795] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813) I tried using testRunner.setAllowsAnySSLCertificate. It seems to work only for DRT, not WTR. Is this a known bug? Web-platform-tests server is now always reusing the same certificate, like httpd. Maybe there is a way to register wpt and httpd certificates to DRT and WTR? 1209150 2 ap 2016-07-08 09:42:31 -0700 > It seems to work only for DRT, not WTR. Is this a known bug? Yes. The good news is that it should work on macOS Sierra. The way it works is that in DumpRenderTree, we set a global NSURLConnection setting (via +[NSURLRequest setAllowsAnyHTTPSCertificate:forHost:]), so any loads in the process are affected by it. In WebKitTestRunner, we use a proper delegate based solution, but that means that only network loads performed by WebKit are affected. Media loads used to bypass WebKit. 1217817 3 youennf 2016-08-04 23:34:49 -0700 I hit this bug again as part of bug 160445. 1672199 4 404471 hector_i_lopez 2020-07-16 11:36:31 -0700 Created attachment 404471 Patch 1672200 5 tsavell 2020-07-16 11:45:11 -0700 This test http/tests/security/contentSecurityPolicy/video-with-https-url-allowed-by-csp-media-src-star.html is passing on all of Mac according to history: https://results.webkit.org/?suite=layout-tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Fvideo-with-https-url-allowed-by-csp-media-src-star.html We are removing the expectations 1672201 6 ews-feeder 2020-07-16 12:05:00 -0700 Committed r264472: <https://trac.webkit.org/changeset/264472> All reviewed patches have been landed. Closing bug and clearing flags on attachment 404471. 1672202 7 webkit-bug-importer 2020-07-16 12:05:18 -0700 <rdar://problem/65681397> 404471 2020-07-16 11:36:31 -0700 2020-07-16 12:05:01 -0700 Patch bug-155132-20200716113631.patch text/plain 1647 hector_i_lopez U3VidmVyc2lvbiBSZXZpc2lvbjogMjY0NDcxCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9DaGFu Z2VMb2cgYi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKaW5kZXggOWQ4YzM3Zjc5Y2FhZWUzYThlYzA3 M2Y2M2I3ZWM0NmM4MjJiNTM2MC4uNTAzMmMzY2NiMTI3ZGRlYWQwNGU3ODQxYzIxNjEyYThjOGRj MWE1ZiAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCisrKyBiL0xheW91dFRlc3Rz L0NoYW5nZUxvZwpAQCAtMSwzICsxLDEyIEBACisyMDIwLTA3LTE2ICBIZWN0b3IgTG9wZXogIDxo ZWN0b3JfaV9sb3BlekBhcHBsZS5jb20+CisKKyAgICAgICAgUmVncmVzc2lvbiB0ZXN0cyBjYW5u b3QgbG9hZCB2aWRlbyBvdmVyIEhUVFBTIHdpdGggc2VsZi1zaWduZWQgY2VydGlmaWNhdGUKKyAg ICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE1NTEzMgorCisg ICAgICAgIFVucmV2aWV3ZWQgdGVzdCBnYXJkZW5pbmcuCisKKyAgICAgICAgKiBUZXN0RXhwZWN0 YXRpb25zOgorCiAyMDIwLTA3LTE2ICBDYXJsb3MgQWxiZXJ0byBMb3BleiBQZXJleiAgPGNsb3Bl ekBpZ2FsaWEuY29tPgogCiAgICAgICAgIFVwZGF0ZSBXUFQgdGVzdHMgZm9yIGNzcy13cml0aW5n LW1vZGVzIChmb2xsb3ctdXAgZml4KQpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvVGVzdEV4cGVj dGF0aW9ucyBiL0xheW91dFRlc3RzL1Rlc3RFeHBlY3RhdGlvbnMKaW5kZXggNzdlNzcxZTZmYWJi MWExNzhlMWIxZGQ3ZDUxYTc0MThjNTQ2MGVmOS4uOWE5YjJlYmMzYjE4M2YzNGE3ODI0ZmVkMzNm NzMyYWI0ZDdjN2E0NyAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvVGVzdEV4cGVjdGF0aW9ucwor KysgYi9MYXlvdXRUZXN0cy9UZXN0RXhwZWN0YXRpb25zCkBAIC0yMDkxLDcgKzIwOTEsNiBAQCB3 ZWJraXQub3JnL2IvMTUzMTYyIGh0dHAvdGVzdHMvc2VjdXJpdHkvY29udGVudFNlY3VyaXR5UG9s aWN5L3JlcG9ydC1tdWx0aXBsZS12aQogd2Via2l0Lm9yZy9iLzE1MzE2MiBodHRwL3Rlc3RzL3Nl Y3VyaXR5L2NvbnRlbnRTZWN1cml0eVBvbGljeS9yZXBvcnQtbXVsdGlwbGUtdmlvbGF0aW9ucy0w Mi5waHAgWyBGYWlsdXJlIF0KIHdlYmtpdC5vcmcvYi8xNTQyMDMgaHR0cC90ZXN0cy9zZWN1cml0 eS9jb250ZW50U2VjdXJpdHlQb2xpY3kvMS4xL2ZyYW1lLWFuY2VzdG9ycy9mcmFtZS1hbmNlc3Rv cnMtb3ZlcnJpZGVzLXhmby5odG1sCiB3ZWJraXQub3JnL2IvMTU0NTIyIGh0dHAvdGVzdHMvc2Vj dXJpdHkvY29udGVudFNlY3VyaXR5UG9saWN5LzEuMS9zZWN1cml0eXBvbGljeXZpb2xhdGlvbi1i YXNlLXVyaS1kZW55Lmh0bWwKLXdlYmtpdC5vcmcvYi8xNTUxMzIgaHR0cC90ZXN0cy9zZWN1cml0 eS9jb250ZW50U2VjdXJpdHlQb2xpY3kvdmlkZW8td2l0aC1odHRwcy11cmwtYWxsb3dlZC1ieS1j c3AtbWVkaWEtc3JjLXN0YXIuaHRtbCBbIEZhaWx1cmUgXQogd2Via2l0Lm9yZy9iLzE1ODQ4MCBo dHRwL3Rlc3RzL3dlYnNvY2tldC90ZXN0cy9oeWJpL3VwZ3JhZGUtc2ltcGxlLXdzLmh0bWwgWyBT a2lwIF0KIAogIyBUaGVzZSBzdGF0ZSBvYmplY3QgdGVzdHMgcHVycG9zZWZ1bGx5IHN0cmVzcyBh IHJlc291cmNlIGxpbWl0LCBhbmQgdGFrZSBtdWx0aXBsZSBzZWNvbmRzIHRvIHJ1bi4K