Title: [220970] trunk
- Revision
- 220970
- Author
- pvol...@apple.com
- Date
- 2017-08-21 10:21:30 -0700 (Mon, 21 Aug 2017)
Log Message
[Win] DRT should only allow any https certificate for localhost.
https://bugs.webkit.org/show_bug.cgi?id=175147
Reviewed by Brent Fulgham.
Source/WebCore:
Disabling validation of certificate chains, breaks SSL on Windows. In order
for SSL tests to succeed on Windows, we should avoid disabling it.
No new tests, covered by existing tests.
* platform/network/cf/ResourceHandleCFNet.cpp:
(WebCore::ResourceHandle::createCFURLConnection):
Tools:
Add check to make sure only localhost requests allow any https certificate.
* DumpRenderTree/win/DumpRenderTree.cpp:
(runTest):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (220969 => 220970)
--- trunk/Source/WebCore/ChangeLog 2017-08-21 17:00:48 UTC (rev 220969)
+++ trunk/Source/WebCore/ChangeLog 2017-08-21 17:21:30 UTC (rev 220970)
@@ -1,3 +1,18 @@
+2017-08-21 Per Arne Vollan <pvol...@apple.com>
+
+ [Win] DRT should only allow any https certificate for localhost.
+ https://bugs.webkit.org/show_bug.cgi?id=175147
+
+ Reviewed by Brent Fulgham.
+
+ Disabling validation of certificate chains, breaks SSL on Windows. In order
+ for SSL tests to succeed on Windows, we should avoid disabling it.
+
+ No new tests, covered by existing tests.
+
+ * platform/network/cf/ResourceHandleCFNet.cpp:
+ (WebCore::ResourceHandle::createCFURLConnection):
+
2017-08-21 Zan Dobersek <zdober...@igalia.com>
[EME] HTMLMediaElement: basic implementations of 'Attempt to Decrypt', 'Attempt to Resume Playback If Necessary'
Modified: trunk/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp (220969 => 220970)
--- trunk/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp 2017-08-21 17:00:48 UTC (rev 220969)
+++ trunk/Source/WebCore/platform/network/cf/ResourceHandleCFNet.cpp 2017-08-21 17:21:30 UTC (rev 220970)
@@ -179,7 +179,9 @@
CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredRoots, kCFBooleanTrue);
CFDictionaryAddValue(sslProps.get(), kCFStreamSSLAllowsExpiredCertificates, kCFBooleanTrue);
#pragma clang diagnostic pop
+#if !PLATFORM(WIN) // <rdar://problem/33993462> - Disabling validation of certificate chain breaks SSL on Windows.
CFDictionaryAddValue(sslProps.get(), kCFStreamSSLValidatesCertificateChain, kCFBooleanFalse);
+#endif
}
auto clientCert = clientCertificates().find(firstRequest().url().host());
Modified: trunk/Tools/ChangeLog (220969 => 220970)
--- trunk/Tools/ChangeLog 2017-08-21 17:00:48 UTC (rev 220969)
+++ trunk/Tools/ChangeLog 2017-08-21 17:21:30 UTC (rev 220970)
@@ -1,3 +1,15 @@
+2017-08-21 Per Arne Vollan <pvol...@apple.com>
+
+ [Win] DRT should only allow any https certificate for localhost.
+ https://bugs.webkit.org/show_bug.cgi?id=175147
+
+ Reviewed by Brent Fulgham.
+
+ Add check to make sure only localhost requests allow any https certificate.
+
+ * DumpRenderTree/win/DumpRenderTree.cpp:
+ (runTest):
+
2017-08-21 Eric Carlson <eric.carl...@apple.com>
Add WTFLogChannel level to allow runtime log filtering
Modified: trunk/Tools/DumpRenderTree/win/DumpRenderTree.cpp (220969 => 220970)
--- trunk/Tools/DumpRenderTree/win/DumpRenderTree.cpp 2017-08-21 17:00:48 UTC (rev 220969)
+++ trunk/Tools/DumpRenderTree/win/DumpRenderTree.cpp 2017-08-21 17:21:30 UTC (rev 220970)
@@ -1125,6 +1125,8 @@
return;
}
+ String hostName = String(adoptCF(CFURLCopyHostName(url)).get());
+
String fallbackPath = findFontFallback(pathOrURL.c_str());
str = CFURLGetString(url);
@@ -1211,7 +1213,8 @@
request->initWithURL(urlBStr, WebURLRequestUseProtocolCachePolicy, 60);
request->setHTTPMethod(methodBStr);
- request->setAllowsAnyHTTPSCertificate();
+ if (hostName == "localhost" || hostName == "127.0.0.1")
+ request->setAllowsAnyHTTPSCertificate();
frame->loadRequest(request.get());
while (!done) {
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
