[webkit-changes] [174983] releases/WebKitGTK/webkit-2.6

Tue, 21 Oct 2014 10:03:14 -0700

Title: [174983] releases/WebKitGTK/webkit-2.6
Revision
174983
Author
carlo...@webkit.org
Date
2014-10-21 10:02:50 -0700 (Tue, 21 Oct 2014)

Log Message

Merge r174930 - Change the default TLS errors policy to WEBKIT_TLS_ERRORS_POLICY_FAIL
https://bugs.webkit.org/show_bug.cgi?id=137832

Patch by Michael Catanzaro <mcatanz...@igalia.com> on 2014-10-20
Reviewed by Carlos Garcia Campos.

Source/WebKit2:

Too many general-purpose browsers that really need this policy
are not selecting it, so let's do so for them.

* UIProcess/API/gtk/WebKitWebContext.cpp:
(createDefaultWebContext):

Tools:

Ensure each test sets the TLS errors policy that it really needs.
Have each test except testTLSErrorsPolicy stash and restore the original
TLS errors policy. Update testTLSErrorsPolicy to account for the new
default policy.

* TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:
(testSSL):
(testInsecureContent):
(testTLSErrorsPolicy):
(testTLSErrorsRedirect):
(testTLSErrorsHTTPAuth):
(testLoadFailedWithTLSErrors):
(beforeAll):

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog (174982 => 174983)


--- releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog	2014-10-21 17:00:51 UTC (rev 174982)
+++ releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog	2014-10-21 17:02:50 UTC (rev 174983)
@@ -1,3 +1,16 @@
+2014-10-20  Michael Catanzaro  <mcatanz...@igalia.com>
+
+        Change the default TLS errors policy to WEBKIT_TLS_ERRORS_POLICY_FAIL
+        https://bugs.webkit.org/show_bug.cgi?id=137832
+
+        Reviewed by Carlos Garcia Campos.
+
+        Too many general-purpose browsers that really need this policy
+        are not selecting it, so let's do so for them.
+
+        * UIProcess/API/gtk/WebKitWebContext.cpp:
+        (createDefaultWebContext):
+
 2014-10-18  Michael Catanzaro  <mcatanz...@igalia.com>
 
         [GTK] Improve documentation of webkit_web_view_get_tls_info()

Modified: releases/WebKitGTK/webkit-2.6/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp (174982 => 174983)


--- releases/WebKitGTK/webkit-2.6/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp	2014-10-21 17:00:51 UTC (rev 174982)
+++ releases/WebKitGTK/webkit-2.6/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp	2014-10-21 17:02:50 UTC (rev 174983)
@@ -84,6 +84,13 @@
  * You can use webkit_web_context_register_uri_scheme() to register
  * custom URI schemes, and manage several other settings.
  *
+ * TLS certificate validation failure is now treated as a transport
+ * error by default. To handle TLS failures differently, you can
+ * connect to #WebKitWebView::load-failed-with-tls-errors.
+ * Alternatively, you can use webkit_web_context_set_tls_errors_policy()
+ * to set the policy %WEBKIT_TLS_ERRORS_POLICY_IGNORE; however, this is
+ * not appropriate for Internet applications.
+ *
  */
 
 enum {
@@ -264,8 +271,10 @@
 
     priv->requestManager = webContext->priv->context->supplement<WebSoupCustomProtocolRequestManager>();
     priv->context->setCacheModel(CacheModelPrimaryWebBrowser);
-    priv->tlsErrorsPolicy = WEBKIT_TLS_ERRORS_POLICY_IGNORE;
 
+    priv->tlsErrorsPolicy = WEBKIT_TLS_ERRORS_POLICY_FAIL;
+    priv->context->setIgnoreTLSErrors(false);
+
     attachInjectedBundleClientToContext(webContext.get());
     attachDownloadClientToContext(webContext.get());
     attachRequestManagerClientToContext(webContext.get());

Modified: releases/WebKitGTK/webkit-2.6/Tools/ChangeLog (174982 => 174983)


--- releases/WebKitGTK/webkit-2.6/Tools/ChangeLog	2014-10-21 17:00:51 UTC (rev 174982)
+++ releases/WebKitGTK/webkit-2.6/Tools/ChangeLog	2014-10-21 17:02:50 UTC (rev 174983)
@@ -1,3 +1,24 @@
+2014-10-20  Michael Catanzaro  <mcatanz...@igalia.com>
+
+        Change the default TLS errors policy to WEBKIT_TLS_ERRORS_POLICY_FAIL
+        https://bugs.webkit.org/show_bug.cgi?id=137832
+
+        Reviewed by Carlos Garcia Campos.
+
+        Ensure each test sets the TLS errors policy that it really needs.
+        Have each test except testTLSErrorsPolicy stash and restore the original
+        TLS errors policy. Update testTLSErrorsPolicy to account for the new
+        default policy.
+
+        * TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:
+        (testSSL):
+        (testInsecureContent):
+        (testTLSErrorsPolicy):
+        (testTLSErrorsRedirect):
+        (testTLSErrorsHTTPAuth):
+        (testLoadFailedWithTLSErrors):
+        (beforeAll):
+
 2014-10-02  Carlos Alberto Lopez Perez  <clo...@igalia.com>
 
         [GTK] [JHBuild] Switch sourceware.org mirror to http.

Modified: releases/WebKitGTK/webkit-2.6/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp (174982 => 174983)


--- releases/WebKitGTK/webkit-2.6/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp	2014-10-21 17:00:51 UTC (rev 174982)
+++ releases/WebKitGTK/webkit-2.6/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp	2014-10-21 17:02:50 UTC (rev 174983)
@@ -67,6 +67,10 @@
 
 static void testSSL(SSLTest* test, gconstpointer)
 {
+    WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
+    WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
+    webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+
     test->loadURI(kHttpsServer->getURIForPath("/").data());
     test->waitUntilLoadFinished();
     g_assert(test->m_certificate);
@@ -80,6 +84,8 @@
     test->waitUntilLoadFinished();
     g_assert(!test->m_certificate);
     g_assert(!test->m_tlsErrors);
+
+    webkit_web_context_set_tls_errors_policy(context, originalPolicy);
 }
 
 class InsecureContentTest: public WebViewTest {
@@ -110,38 +116,55 @@
 
 static void testInsecureContent(InsecureContentTest* test, gconstpointer)
 {
+    WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
+    WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
+    webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+
     test->loadURI(kHttpsServer->getURIForPath("/insecure-content/").data());
     test->waitUntilLoadFinished();
 
     g_assert(test->m_insecureContentRun);
     g_assert(test->m_insecureContentDisplayed);
+
+    webkit_web_context_set_tls_errors_policy(context, originalPolicy);
 }
 
 static void testTLSErrorsPolicy(SSLTest* test, gconstpointer)
 {
     WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
-    // TLS errors are ignored by default.
+    // TLS errors are treated as transport failures by default.
+    g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_FAIL);
+    test->loadURI(kHttpsServer->getURIForPath("/").data());
+    test->waitUntilLoadFinished();
+    g_assert(test->m_loadFailed);
+    g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
+    g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
+
+    webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
     g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+
+    test->m_loadFailed = false;
     test->loadURI(kHttpsServer->getURIForPath("/").data());
     test->waitUntilLoadFinished();
     g_assert(!test->m_loadFailed);
 
     webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
-    test->loadURI(kHttpsServer->getURIForPath("/").data());
-    test->waitUntilLoadFinished();
-    g_assert(test->m_loadFailed);
-    g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
-    g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
+    g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_FAIL);
 }
 
 static void testTLSErrorsRedirect(SSLTest* test, gconstpointer)
 {
-    webkit_web_context_set_tls_errors_policy(webkit_web_view_get_context(test->m_webView), WEBKIT_TLS_ERRORS_POLICY_FAIL);
+    WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
+    WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
+    webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
+
     test->loadURI(kHttpsServer->getURIForPath("/redirect").data());
     test->waitUntilLoadFinished();
     g_assert(test->m_loadFailed);
     g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
     g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
+
+    webkit_web_context_set_tls_errors_policy(context, originalPolicy);
 }
 
 static gboolean webViewAuthenticationCallback(WebKitWebView*, WebKitAuthenticationRequest* request)
@@ -153,13 +176,18 @@
 
 static void testTLSErrorsHTTPAuth(SSLTest* test, gconstpointer)
 {
-    webkit_web_context_set_tls_errors_policy(webkit_web_view_get_context(test->m_webView), WEBKIT_TLS_ERRORS_POLICY_FAIL);
+    WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
+    WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
+    webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
+
     g_signal_connect(test->m_webView, "authenticate", G_CALLBACK(webViewAuthenticationCallback), NULL);
     test->loadURI(kHttpsServer->getURIForPath("/auth").data());
     test->waitUntilLoadFinished();
     g_assert(test->m_loadFailed);
     g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
     g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
+
+    webkit_web_context_set_tls_errors_policy(context, originalPolicy);
 }
 
 class TLSErrorsTest: public SSLTest {
@@ -204,6 +232,7 @@
 static void testLoadFailedWithTLSErrors(TLSErrorsTest* test, gconstpointer)
 {
     WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
+    WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
     webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
 
     // The load-failed-with-tls-errors signal should be emitted when there is a TLS failure.
@@ -226,6 +255,8 @@
     g_assert_cmpint(test->m_loadEvents[1], ==, LoadTrackingTest::LoadCommitted);
     g_assert_cmpint(test->m_loadEvents[2], ==, LoadTrackingTest::LoadFinished);
     g_assert_cmpstr(webkit_web_view_get_title(test->m_webView), ==, TLSExpectedSuccessTitle);
+
+    webkit_web_context_set_tls_errors_policy(context, originalPolicy);
 }
 
 
@@ -298,9 +329,9 @@
 
     SSLTest::add("WebKitWebView", "ssl", testSSL);
     InsecureContentTest::add("WebKitWebView", "insecure-content", testInsecureContent);
-    // In this case the order of the tests does matter because tls-errors-policy tests the default policy,
-    // and expects that no exception will have been added for this certificate and host pair as is
-    // done in the tls-permission-request test.
+    // In this case the order of the tests does matter because tls-errors-policy expects
+    // that no exception will have been added for this certificate and host pair as is
+    // done in the load-failed-with-tls-errors test.
     SSLTest::add("WebKitWebView", "tls-errors-policy", testTLSErrorsPolicy);
     SSLTest::add("WebKitWebView", "tls-errors-redirect-to-http", testTLSErrorsRedirect);
     SSLTest::add("WebKitWebView", "tls-http-auth", testTLSErrorsHTTPAuth);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to