Title: [159692] trunk/Source/WebCore
- Revision
- 159692
- Author
- commit-qu...@webkit.org
- Date
- 2013-11-22 09:27:59 -0800 (Fri, 22 Nov 2013)
Log Message
[curl] Fix of SSL certificate chain storage
https://bugs.webkit.org/show_bug.cgi?id=124768
Patch by Robert Sipka <si...@inf.u-szeged.hu> on 2013-11-22
Reviewed by Brent Fulgham.
Change the certificates storage type into ListHashSet
from HashSet to keep the chain order in each case.
This ensures that there is no difference between the stored
and the recieved certificate chain.
* platform/network/curl/SSLHandle.cpp:
(WebCore::allowsAnyHTTPSCertificateHosts):
(WebCore::sslIgnoreHTTPSCertificate):
(WebCore::pemData):
(WebCore::certVerifyCallback):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (159691 => 159692)
--- trunk/Source/WebCore/ChangeLog 2013-11-22 17:23:21 UTC (rev 159691)
+++ trunk/Source/WebCore/ChangeLog 2013-11-22 17:27:59 UTC (rev 159692)
@@ -1,3 +1,21 @@
+2013-11-22 Robert Sipka <si...@inf.u-szeged.hu>
+
+ [curl] Fix of SSL certificate chain storage
+ https://bugs.webkit.org/show_bug.cgi?id=124768
+
+ Reviewed by Brent Fulgham.
+
+ Change the certificates storage type into ListHashSet
+ from HashSet to keep the chain order in each case.
+ This ensures that there is no difference between the stored
+ and the recieved certificate chain.
+
+ * platform/network/curl/SSLHandle.cpp:
+ (WebCore::allowsAnyHTTPSCertificateHosts):
+ (WebCore::sslIgnoreHTTPSCertificate):
+ (WebCore::pemData):
+ (WebCore::certVerifyCallback):
+
2013-11-22 Brent Fulgham <bfulg...@apple.com>
[Win] Avoid deadlock when interacting with some AVFoundationCF content
Modified: trunk/Source/WebCore/platform/network/curl/SSLHandle.cpp (159691 => 159692)
--- trunk/Source/WebCore/platform/network/curl/SSLHandle.cpp 2013-11-22 17:23:21 UTC (rev 159691)
+++ trunk/Source/WebCore/platform/network/curl/SSLHandle.cpp 2013-11-22 17:27:59 UTC (rev 159692)
@@ -32,21 +32,21 @@
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/x509_vfy.h>
-#include <wtf/HashSet.h>
+#include <wtf/ListHashSet.h>
namespace WebCore {
-static HashMap<String, HashSet<String>> allowedHosts;
+static HashMap<String, ListHashSet<String>> allowedHosts;
void allowsAnyHTTPSCertificateHosts(const String& host)
{
- HashSet<String> certificates;
+ ListHashSet<String> certificates;
allowedHosts.set(host, certificates);
}
-bool sslIgnoreHTTPSCertificate(const String& host, const HashSet<String>& certificates)
+bool sslIgnoreHTTPSCertificate(const String& host, const ListHashSet<String>& certificates)
{
- HashMap<String, HashSet<String>>::iterator it = allowedHosts.find(host);
+ HashMap<String, ListHashSet<String>>::iterator it = allowedHosts.find(host);
if (it != allowedHosts.end()) {
if ((it->value).isEmpty()) {
it->value = certificates;
@@ -54,8 +54,8 @@
}
if (certificates.size() != it->value.size())
return false;
- HashSet<String>::const_iterator certsIter = certificates.begin();
- HashSet<String>::iterator valueIter = (it->value).begin();
+ ListHashSet<String>::const_iterator certsIter = certificates.begin();
+ ListHashSet<String>::iterator valueIter = (it->value).begin();
for (; valueIter != (it->value).end(); ++valueIter, ++certsIter) {
if (*certsIter != *valueIter)
return false;
@@ -124,7 +124,7 @@
#if !PLATFORM(WIN)
// success of certificates extraction
-bool pemData(X509_STORE_CTX* ctx, HashSet<String>& certificates)
+bool pemData(X509_STORE_CTX* ctx, ListHashSet<String>& certificates)
{
bool ok = true;
STACK_OF(X509)* certs = X509_STORE_CTX_get1_chain(ctx);
@@ -173,10 +173,10 @@
d->m_sslErrors = sslCertificateFlag(err);
#if PLATFORM(WIN)
- HashMap<String, HashSet<String>>::iterator it = allowedHosts.find(host);
+ HashMap<String, ListHashSet<String>>::iterator it = allowedHosts.find(host);
ok = (it != allowedHosts.end());
#else
- HashSet<String> certificates;
+ ListHashSet<String> certificates;
if (!pemData(ctx, certificates))
return 0;
ok = sslIgnoreHTTPSCertificate(host.lower(), certificates);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
