Diff
Modified: trunk/Source/WebCore/ChangeLog (258727 => 258728)
--- trunk/Source/WebCore/ChangeLog 2020-03-19 21:17:12 UTC (rev 258727)
+++ trunk/Source/WebCore/ChangeLog 2020-03-19 21:18:56 UTC (rev 258728)
@@ -1,3 +1,19 @@
+2020-03-19 Takashi Komori <takashi.kom...@sony.com>
+
+ [Curl] Add an API returns description of verification errors.
+ https://bugs.webkit.org/show_bug.cgi?id=208913
+
+ Reviewed by Fujii Hironori.
+
+ WKCertificateInfoCopyVerificationErrorDescription returns the description of SSL verification error as human readable string.
+ Browser can display more precise error information with this API.
+
+ API Test: Curl.CertificateAPI
+
+ * platform/network/curl/CertificateInfo.h:
+ * platform/network/curl/CertificateInfoCurl.cpp:
+ (WebCore::CertificateInfo::verificationErrorDescription const):
+
2020-03-19 Tim Horton <timothy_hor...@apple.com>
Implement support for cursor interactions on iPad
Modified: trunk/Source/WebCore/platform/network/curl/CertificateInfo.h (258727 => 258728)
--- trunk/Source/WebCore/platform/network/curl/CertificateInfo.h 2020-03-19 21:17:12 UTC (rev 258727)
+++ trunk/Source/WebCore/platform/network/curl/CertificateInfo.h 2020-03-19 21:18:56 UTC (rev 258728)
@@ -45,6 +45,7 @@
WEBCORE_EXPORT CertificateInfo isolatedCopy() const;
int verificationError() const { return m_verificationError; }
+ WEBCORE_EXPORT String verificationErrorDescription() const;
const Vector<Certificate>& certificateChain() const { return m_certificateChain; }
bool containsNonRootSHA1SignedCertificate() const { notImplemented(); return false; }
Modified: trunk/Source/WebCore/platform/network/curl/CertificateInfoCurl.cpp (258727 => 258728)
--- trunk/Source/WebCore/platform/network/curl/CertificateInfoCurl.cpp 2020-03-19 21:17:12 UTC (rev 258727)
+++ trunk/Source/WebCore/platform/network/curl/CertificateInfoCurl.cpp 2020-03-19 21:18:56 UTC (rev 258728)
@@ -26,11 +26,12 @@
#include "config.h"
#include "CertificateInfo.h"
+#if USE(CURL)
+
#include "OpenSSLHelper.h"
+#include <openssl/ssl.h>
#include <wtf/CrossThreadCopier.h>
-#if USE(CURL)
-
namespace WebCore {
CertificateInfo::CertificateInfo(int verificationError, CertificateChain&& certificateChain)
@@ -44,6 +45,11 @@
return { m_verificationError, crossThreadCopy(m_certificateChain) };
}
+String CertificateInfo::verificationErrorDescription() const
+{
+ return X509_verify_cert_error_string(m_verificationError);
+}
+
CertificateInfo::Certificate CertificateInfo::makeCertificate(const uint8_t* buffer, size_t size)
{
Certificate certificate;
Modified: trunk/Source/WebKit/ChangeLog (258727 => 258728)
--- trunk/Source/WebKit/ChangeLog 2020-03-19 21:17:12 UTC (rev 258727)
+++ trunk/Source/WebKit/ChangeLog 2020-03-19 21:18:56 UTC (rev 258728)
@@ -1,3 +1,19 @@
+2020-03-19 Takashi Komori <takashi.kom...@sony.com>
+
+ [Curl] Add an API returns description of verification errors.
+ https://bugs.webkit.org/show_bug.cgi?id=208913
+
+ Reviewed by Fujii Hironori.
+
+ WKCertificateInfoCopyVerificationErrorDescription returns the description of SSL verification error as human readable string.
+ Browser can display more precise error information with this API.
+
+ API Test: Curl.CertificateAPI
+
+ * Shared/API/c/curl/WKCertificateInfoCurl.cpp:
+ (WKCertificateInfoCopyVerificationErrorDescription):
+ * Shared/API/c/curl/WKCertificateInfoCurl.h:
+
2020-03-19 Per Arne Vollan <pvol...@apple.com>
[iOS] Deny mach lookup access to power service
Modified: trunk/Source/WebKit/Shared/API/c/curl/WKCertificateInfoCurl.cpp (258727 => 258728)
--- trunk/Source/WebKit/Shared/API/c/curl/WKCertificateInfoCurl.cpp 2020-03-19 21:17:12 UTC (rev 258727)
+++ trunk/Source/WebKit/Shared/API/c/curl/WKCertificateInfoCurl.cpp 2020-03-19 21:18:56 UTC (rev 258728)
@@ -56,6 +56,11 @@
return WebKit::toImpl(certificateInfoRef)->certificateInfo().verificationError();
}
+WKStringRef WKCertificateInfoCopyVerificationErrorDescription(WKCertificateInfoRef certificateInfoRef)
+{
+ return WebKit::toCopiedAPI(WebKit::toImpl(certificateInfoRef)->certificateInfo().verificationErrorDescription());
+}
+
size_t WKCertificateInfoGetCertificateChainSize(WKCertificateInfoRef certificateInfoRef)
{
return WebKit::toImpl(certificateInfoRef)->certificateInfo().certificateChain().size();
Modified: trunk/Source/WebKit/Shared/API/c/curl/WKCertificateInfoCurl.h (258727 => 258728)
--- trunk/Source/WebKit/Shared/API/c/curl/WKCertificateInfoCurl.h 2020-03-19 21:17:12 UTC (rev 258727)
+++ trunk/Source/WebKit/Shared/API/c/curl/WKCertificateInfoCurl.h 2020-03-19 21:18:56 UTC (rev 258728)
@@ -34,6 +34,7 @@
WK_EXPORT WKCertificateInfoRef WKCertificateInfoCreateWithCertficateChain(WKArrayRef);
WK_EXPORT int WKCertificateInfoGetVerificationError(WKCertificateInfoRef);
+WK_EXPORT WKStringRef WKCertificateInfoCopyVerificationErrorDescription(WKCertificateInfoRef);
WK_EXPORT size_t WKCertificateInfoGetCertificateChainSize(WKCertificateInfoRef);
WK_EXPORT WKDataRef WKCertificateInfoCopyCertificateAtIndex(WKCertificateInfoRef, size_t);
Modified: trunk/Tools/ChangeLog (258727 => 258728)
--- trunk/Tools/ChangeLog 2020-03-19 21:17:12 UTC (rev 258727)
+++ trunk/Tools/ChangeLog 2020-03-19 21:18:56 UTC (rev 258728)
@@ -1,3 +1,24 @@
+2020-03-19 Takashi Komori <takashi.kom...@sony.com>
+
+ [Curl] Add an API returns description of verification errors.
+ https://bugs.webkit.org/show_bug.cgi?id=208913
+
+ Reviewed by Fujii Hironori.
+
+ WKCertificateInfoCopyVerificationErrorDescription returns the description of SSL verification error as human readable string.
+ Browser can display more precise error information with this API.
+
+ API Test: Curl.CertificateAPI
+
+ * MiniBrowser/win/Common.cpp:
+ (askServerTrustEvaluation):
+ * MiniBrowser/win/Common.h:
+ * MiniBrowser/win/WebKitBrowserWindow.cpp:
+ (createPEMString):
+ (WebKitBrowserWindow::canTrustServerCertificate):
+ * TestWebKitAPI/Tests/WebKit/curl/Certificates.cpp:
+ (TestWebKitAPI::Curl::TEST):
+
2020-03-19 Aakash Jain <aakash_j...@apple.com>
Update build.webkit.org link for EWS
Modified: trunk/Tools/MiniBrowser/win/Common.cpp (258727 => 258728)
--- trunk/Tools/MiniBrowser/win/Common.cpp 2020-03-19 21:17:12 UTC (rev 258727)
+++ trunk/Tools/MiniBrowser/win/Common.cpp 2020-03-19 21:18:56 UTC (rev 258728)
@@ -232,22 +232,22 @@
return WTF::nullopt;
}
-bool askServerTrustEvaluation(HWND hwnd, const std::wstring& pems)
+bool askServerTrustEvaluation(HWND hwnd, const std::wstring& text)
{
class ServerTrustEvaluationDialog : public Dialog {
public:
- ServerTrustEvaluationDialog(const std::wstring& pems)
- : m_pems { pems }
+ ServerTrustEvaluationDialog(const std::wstring& text)
+ : m_text { text }
{
SendMessage(GetDlgItem(this->hDlg(), IDC_SERVER_TRUST_TEXT), WM_SETFONT, (WPARAM)GetStockObject(ANSI_FIXED_FONT), TRUE);
}
protected:
- std::wstring m_pems;
+ std::wstring m_text;
void setup()
{
- setText(IDC_SERVER_TRUST_TEXT, m_pems);
+ setText(IDC_SERVER_TRUST_TEXT, m_text);
}
void ok() final
@@ -256,7 +256,7 @@
}
};
- ServerTrustEvaluationDialog dialog { pems };
+ ServerTrustEvaluationDialog dialog { text };
return dialog.run(hInst, hwnd, IDD_SERVER_TRUST);
}
Modified: trunk/Tools/MiniBrowser/win/Common.h (258727 => 258728)
--- trunk/Tools/MiniBrowser/win/Common.h 2020-03-19 21:17:12 UTC (rev 258727)
+++ trunk/Tools/MiniBrowser/win/Common.h 2020-03-19 21:18:56 UTC (rev 258728)
@@ -68,7 +68,7 @@
Optional<Credential> askCredential(HWND, const std::wstring& realm);
bool askProxySettings(HWND, ProxySettings&);
-bool askServerTrustEvaluation(HWND, const std::wstring& pems);
+bool askServerTrustEvaluation(HWND, const std::wstring& text);
std::wstring replaceString(std::wstring src, const std::wstring& oldValue, const std::wstring& newValue);
extern HINSTANCE hInst;
Modified: trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp (258727 => 258728)
--- trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp 2020-03-19 21:17:12 UTC (rev 258727)
+++ trunk/Tools/MiniBrowser/win/WebKitBrowserWindow.cpp 2020-03-19 21:18:56 UTC (rev 258728)
@@ -64,9 +64,8 @@
return { buffer.data(), actualLength };
}
-std::wstring createPEMString(WKProtectionSpaceRef protectionSpace)
+std::wstring createPEMString(WKCertificateInfoRef certificateInfo)
{
- auto certificateInfo = WKProtectionSpaceCopyCertificateInfo(protectionSpace);
auto chainSize = WKCertificateInfoGetCertificateChainSize(certificateInfo);
std::wstring pems;
@@ -367,13 +366,21 @@
bool WebKitBrowserWindow::canTrustServerCertificate(WKProtectionSpaceRef protectionSpace)
{
auto host = createString(adoptWK(WKProtectionSpaceCopyHost(protectionSpace)).get());
- auto pem = createPEMString(protectionSpace);
+ auto certificateInfo = adoptWK(WKProtectionSpaceCopyCertificateInfo(protectionSpace));
+ auto verificationError = WKCertificateInfoGetVerificationError(certificateInfo.get());
+ auto description = createString(adoptWK(WKCertificateInfoCopyVerificationErrorDescription(certificateInfo.get())).get());
+ auto pem = createPEMString(certificateInfo.get());
auto it = m_acceptedServerTrustCerts.find(host);
if (it != m_acceptedServerTrustCerts.end() && it->second == pem)
return true;
- if (askServerTrustEvaluation(hwnd(), pem)) {
+ std::wstring textString = L"[HOST] " + host + L"\r\n";
+ textString.append(L"[ERROR] " + std::to_wstring(verificationError) + L"\r\n");
+ textString.append(L"[DESCRIPTION] " + description + L"\r\n");
+ textString.append(pem);
+
+ if (askServerTrustEvaluation(hwnd(), textString)) {
m_acceptedServerTrustCerts.emplace(host, pem);
return true;
}
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKit/curl/Certificates.cpp (258727 => 258728)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit/curl/Certificates.cpp 2020-03-19 21:17:12 UTC (rev 258727)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit/curl/Certificates.cpp 2020-03-19 21:18:56 UTC (rev 258728)
@@ -89,8 +89,10 @@
auto size = WKCertificateInfoGetCertificateChainSize(certificateInfo.get());
ASSERT_EQ(size, 2);
- ASSERT_TRUE(isSamePEM(WKCertificateInfoCopyCertificateAtIndex(certificateInfo.get(), 0), PEM1));
- ASSERT_TRUE(isSamePEM(WKCertificateInfoCopyCertificateAtIndex(certificateInfo.get(), 1), PEM2));
+ ASSERT_EQ(WKCertificateInfoGetVerificationError(certificateInfo.get()), 0);
+ ASSERT_TRUE(WKStringIsEqualToUTF8CString(adoptWK(WKCertificateInfoCopyVerificationErrorDescription(certificateInfo.get())).get(), "ok"));
+ ASSERT_TRUE(isSamePEM(adoptWK(WKCertificateInfoCopyCertificateAtIndex(certificateInfo.get(), 0)).get(), PEM1));
+ ASSERT_TRUE(isSamePEM(adoptWK(WKCertificateInfoCopyCertificateAtIndex(certificateInfo.get(), 1)).get(), PEM2));
}
}