Title: [171485] trunk/Source/WebKit2
- Revision
- 171485
- Author
- m...@apple.com
- Date
- 2014-07-23 13:18:47 -0700 (Wed, 23 Jul 2014)
Log Message
<rdar://problem/17782623> [iOS] Client-certificate authentication isn’t working with some certificates
https://bugs.webkit.org/show_bug.cgi?id=135206
Reviewed by Anders Carlsson.
* Shared/cf/ArgumentCodersCF.cpp:
(IPC::copyPersistentRef): Added this helper function. It differs from
SecKeyCopyPersistentRef in that if multiple copies of the key exist in the keychain, it
ensures that we get a reference to the copy that is in the keychain access group that the
Networking process can use.
(IPC::encode): Use copyPersistentRef.
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (171484 => 171485)
--- trunk/Source/WebKit2/ChangeLog 2014-07-23 19:49:15 UTC (rev 171484)
+++ trunk/Source/WebKit2/ChangeLog 2014-07-23 20:18:47 UTC (rev 171485)
@@ -1,3 +1,17 @@
+2014-07-23 Dan Bernstein <m...@apple.com>
+
+ <rdar://problem/17782623> [iOS] Client-certificate authentication isn’t working with some certificates
+ https://bugs.webkit.org/show_bug.cgi?id=135206
+
+ Reviewed by Anders Carlsson.
+
+ * Shared/cf/ArgumentCodersCF.cpp:
+ (IPC::copyPersistentRef): Added this helper function. It differs from
+ SecKeyCopyPersistentRef in that if multiple copies of the key exist in the keychain, it
+ ensures that we get a reference to the copy that is in the keychain access group that the
+ Networking process can use.
+ (IPC::encode): Use copyPersistentRef.
+
2014-07-23 Bem Jones-Bey <bjone...@adobe.com>
Remove CSS_EXCLUSIONS compile flag and leftover code
Modified: trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp (171484 => 171485)
--- trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp 2014-07-23 19:49:15 UTC (rev 171484)
+++ trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp 2014-07-23 20:18:47 UTC (rev 171485)
@@ -47,7 +47,6 @@
#include <Security/SecKeyPriv.h>
#endif
-extern "C" OSStatus SecKeyCopyPersistentRef(SecKeyRef key, CFDataRef* persistentRef);
extern "C" OSStatus SecKeyFindWithPersistentRef(CFDataRef persistentRef, SecKeyRef* lookedUpData);
#endif
@@ -628,6 +627,22 @@
{
secKeyRefDecodingAllowed = allowsDecodingSecKeyRef;
}
+
+static CFDataRef copyPersistentRef(SecKeyRef key)
+{
+ // This function differs from SecItemCopyPersistentRef in that it specifies an access group.
+ // This is necessary in case there are multiple copies of the key in the keychain, because we
+ // need a reference to the one that the Networking process will be able to access.
+ CFDataRef persistentRef = nullptr;
+ SecItemCopyMatching((CFDictionaryRef)@{
+ (id)kSecReturnPersistentRef: @YES,
+ (id)kSecValueRef: (id)key,
+ (id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny,
+ (id)kSecAttrAccessGroup: @"com.apple.identities",
+ }, (CFTypeRef*)&persistentRef);
+
+ return persistentRef;
+}
#endif
void encode(ArgumentEncoder& encoder, SecIdentityRef identity)
@@ -642,7 +657,7 @@
CFDataRef keyData = nullptr;
#if PLATFORM(IOS)
- SecKeyCopyPersistentRef(key, &keyData);
+ keyData = copyPersistentRef(key);
#endif
#if PLATFORM(MAC)
SecKeychainItemCreatePersistentReference((SecKeychainItemRef)key, &keyData);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes