Diff
Modified: trunk/Source/WebCore/ChangeLog (285837 => 285838)
--- trunk/Source/WebCore/ChangeLog 2021-11-15 22:41:10 UTC (rev 285837)
+++ trunk/Source/WebCore/ChangeLog 2021-11-15 22:44:13 UTC (rev 285838)
@@ -1,3 +1,27 @@
+2021-11-15 Takashi Komori <takashi.kom...@sony.com>
+
+ [Curl] Security information sometimes do not appear in inspector network tab
+ https://bugs.webkit.org/show_bug.cgi?id=232971
+
+ Reviewed by Fujii Hironori.
+
+ Get certificate information from SSL context when CurlSSLVerifier is empty.
+
+ No tests yet.
+
+ * platform/network/curl/CertificateInfo.h:
+ * platform/network/curl/CurlContext.cpp:
+ (WebCore:: const):
+ (WebCore::CurlHandle::addExtraNetworkLoadMetrics):
+ (WebCore::CurlHandle::certificateInfo const):
+ * platform/network/curl/CurlContext.h:
+ * platform/network/curl/OpenSSLHelper.cpp:
+ (OpenSSL::StackOfX509::StackOfX509):
+ (OpenSSL::StackOfX509::~StackOfX509):
+ (OpenSSL::pemDataFromCtx):
+ (OpenSSL::createCertificateInfo):
+ * platform/network/curl/OpenSSLHelper.h:
+
2021-11-15 Kiet Ho <th...@apple.com>
Add helper to add CSS property with implicit default
Modified: trunk/Source/WebCore/platform/network/curl/CertificateInfo.h (285837 => 285838)
--- trunk/Source/WebCore/platform/network/curl/CertificateInfo.h 2021-11-15 22:41:10 UTC (rev 285837)
+++ trunk/Source/WebCore/platform/network/curl/CertificateInfo.h 2021-11-15 22:44:13 UTC (rev 285838)
@@ -35,6 +35,7 @@
namespace WebCore {
class CertificateInfo {
+ WTF_MAKE_FAST_ALLOCATED;
public:
using Certificate = Vector<uint8_t>;
using CertificateChain = Vector<Certificate>;
Modified: trunk/Source/WebCore/platform/network/curl/CurlContext.cpp (285837 => 285838)
--- trunk/Source/WebCore/platform/network/curl/CurlContext.cpp 2021-11-15 22:41:10 UTC (rev 285837)
+++ trunk/Source/WebCore/platform/network/curl/CurlContext.cpp 2021-11-15 22:44:13 UTC (rev 285838)
@@ -776,6 +776,20 @@
return version;
}
+std::optional<SSL*> CurlHandle::sslConnection() const
+{
+ curl_tlssessioninfo* info = nullptr;
+
+ auto errorCode = curl_easy_getinfo(m_handle, CURLINFO_TLS_SSL_PTR, &info);
+ if (errorCode != CURLE_OK)
+ return std::nullopt;
+
+ if (!info || info->backend != CURLSSLBACKEND_OPENSSL || !info->internals)
+ return std::nullopt;
+
+ return static_cast<SSL*>(info->internals);
+}
+
std::optional<NetworkLoadMetrics> CurlHandle::getNetworkLoadMetrics(MonotonicTime startTime)
{
double nameLookup = 0.0;
@@ -871,18 +885,10 @@
auto additionalMetrics = AdditionalNetworkLoadMetricsForWebInspector::create();
if (!m_tlsConnectionInfo) {
- curl_tlssessioninfo* info = nullptr;
-
- errorCode = curl_easy_getinfo(m_handle, CURLINFO_TLS_SSL_PTR, &info);
- if (errorCode != CURLE_OK)
- return;
-
- if (info && info->backend == CURLSSLBACKEND_OPENSSL && info->internals) {
- auto ssl = static_cast<SSL*>(info->internals);
-
+ if (auto ssl = sslConnection()) {
m_tlsConnectionInfo = makeUnique<TLSConnectionInfo>();
- m_tlsConnectionInfo->protocol = OpenSSL::tlsVersion(ssl);
- m_tlsConnectionInfo->cipher = OpenSSL::tlsCipherName(ssl);
+ m_tlsConnectionInfo->protocol = OpenSSL::tlsVersion(*ssl);
+ m_tlsConnectionInfo->cipher = OpenSSL::tlsCipherName(*ssl);
}
}
@@ -906,10 +912,21 @@
std::optional<CertificateInfo> CurlHandle::certificateInfo() const
{
- if (!m_sslVerifier)
- return std::nullopt;
+ if (m_sslVerifier && !m_sslVerifier->certificateInfo().isEmpty())
+ return m_sslVerifier->certificateInfo();
- return m_sslVerifier->certificateInfo();
+ // If you use an existing HTTP/2 connection, SSLVerifier does not exist.
+ if (m_certificateInfo)
+ return *m_certificateInfo;
+
+ if (auto ssl = sslConnection()) {
+ if (auto certificateInfo = OpenSSL::createCertificateInfo(*ssl)) {
+ m_certificateInfo = WTFMove(certificateInfo);
+ return *m_certificateInfo;
+ }
+ }
+
+ return std::nullopt;
}
long long CurlHandle::maxCurlOffT()
Modified: trunk/Source/WebCore/platform/network/curl/CurlContext.h (285837 => 285838)
--- trunk/Source/WebCore/platform/network/curl/CurlContext.h 2021-11-15 22:41:10 UTC (rev 285837)
+++ trunk/Source/WebCore/platform/network/curl/CurlContext.h 2021-11-15 22:44:13 UTC (rev 285838)
@@ -26,6 +26,7 @@
#pragma once
+#include "CertificateInfo.h"
#include "CurlProxySettings.h"
#include "CurlSSLHandle.h"
@@ -330,6 +331,8 @@
static CURLcode willSetupSslCtxCallback(CURL*, void* sslCtx, void* userData);
CURLcode willSetupSslCtx(void* sslCtx);
+ std::optional<SSL*> sslConnection() const;
+
CURL* m_handle { nullptr };
char m_errorBuffer[CURL_ERROR_SIZE] { };
@@ -338,6 +341,7 @@
std::unique_ptr<CurlSSLVerifier> m_sslVerifier;
std::unique_ptr<TLSConnectionInfo> m_tlsConnectionInfo;
+ mutable std::unique_ptr<CertificateInfo> m_certificateInfo;
};
} // namespace WebCore
Modified: trunk/Source/WebCore/platform/network/curl/OpenSSLHelper.cpp (285837 => 285838)
--- trunk/Source/WebCore/platform/network/curl/OpenSSLHelper.cpp 2021-11-15 22:41:10 UTC (rev 285837)
+++ trunk/Source/WebCore/platform/network/curl/OpenSSLHelper.cpp 2021-11-15 22:44:13 UTC (rev 285838)
@@ -67,14 +67,21 @@
class StackOfX509 {
public:
+ StackOfX509(STACK_OF(X509)* certs)
+ : m_certs { certs }
+ , m_owner { false }
+ {
+ }
+
StackOfX509(X509_STORE_CTX* ctx)
: m_certs { X509_STORE_CTX_get1_chain(ctx) }
+ , m_owner { true }
{
}
~StackOfX509()
{
- if (m_certs)
+ if (m_certs && m_owner)
sk_X509_pop_free(m_certs, X509_free);
}
@@ -82,7 +89,8 @@
X509* item(int i) { return sk_X509_value(m_certs, i); }
private:
- STACK_OF(X509)* m_certs { nullptr };
+ STACK_OF(X509)* m_certs;
+ bool m_owner;
};
class BIO {
@@ -141,10 +149,9 @@
};
-static Vector<WebCore::CertificateInfo::Certificate> pemDataFromCtx(X509_STORE_CTX* ctx)
+static Vector<WebCore::CertificateInfo::Certificate> pemDataFromCtx(StackOfX509&& certs)
{
Vector<WebCore::CertificateInfo::Certificate> result;
- StackOfX509 certs { ctx };
for (int i = 0; i < certs.count(); i++) {
BIO bio(certs.item(i));
@@ -158,12 +165,22 @@
return result;
}
+std::unique_ptr<WebCore::CertificateInfo> createCertificateInfo(SSL* ssl)
+{
+ if (!ssl)
+ return nullptr;
+
+ auto certChain = SSL_get_peer_cert_chain(ssl);
+
+ return makeUnique<WebCore::CertificateInfo>(X509_V_OK, pemDataFromCtx(StackOfX509(certChain)));
+}
+
std::optional<WebCore::CertificateInfo> createCertificateInfo(X509_STORE_CTX* ctx)
{
if (!ctx)
return std::nullopt;
- return WebCore::CertificateInfo(X509_STORE_CTX_get_error(ctx), pemDataFromCtx(ctx));
+ return WebCore::CertificateInfo(X509_STORE_CTX_get_error(ctx), pemDataFromCtx(StackOfX509(ctx)));
}
static String toString(const ASN1_STRING* name)
Modified: trunk/Source/WebCore/platform/network/curl/OpenSSLHelper.h (285837 => 285838)
--- trunk/Source/WebCore/platform/network/curl/OpenSSLHelper.h 2021-11-15 22:41:10 UTC (rev 285837)
+++ trunk/Source/WebCore/platform/network/curl/OpenSSLHelper.h 2021-11-15 22:44:13 UTC (rev 285838)
@@ -31,6 +31,7 @@
namespace OpenSSL {
+std::unique_ptr<WebCore::CertificateInfo> createCertificateInfo(SSL*);
std::optional<WebCore::CertificateInfo> createCertificateInfo(X509_STORE_CTX*);
std::optional<WebCore::CertificateSummary> createSummaryInfo(const Vector<uint8_t>& pem);