Support manually accepting invalid SSL certificates with NetworkSession
authorachristensen@apple.com <achristensen@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 17 Mar 2016 19:28:24 +0000 (19:28 +0000)
committerachristensen@apple.com <achristensen@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 17 Mar 2016 19:28:24 +0000 (19:28 +0000)
commit4dc56c1a66552d7d6676190632d5573e6f6207a4
treeeb0f5fde4c6b079f83a9b4cfb9c346866941540f
parent18e3002dc9d6db04dfe120bcbd357b2262d5b62a
Support manually accepting invalid SSL certificates with NetworkSession
https://bugs.webkit.org/show_bug.cgi?id=155442
<rdar://problem/24847398>

Reviewed by Darin Adler.

When we click continue after getting a warning about an invalid SSL certificate, we call
NSURLRequest setAllowsSpecificHTTPSCertificate in NetworkProcess::allowSpecificHTTPSCertificateForHost,
which stores information in CFNetwork about the specific invalid SSL certificate we want to accept.
If we see such a certificate during a server trust evaluation, we want to tell CFNetwork to accept it.
This fixes a loop when going to https://badssl.com, clicking on expired, and clicking continue.

* NetworkProcess/NetworkDataTask.h:
* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::didReceiveChallenge):
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
* NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTask::transferSandboxExtensionToDownload):
(WebKit::certificatesMatch):
(WebKit::NetworkDataTask::allowsSpecificHTTPSCertificateForHost):
(WebKit::NetworkDataTask::suggestedFilename):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@198347 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit2/ChangeLog
Source/WebKit2/NetworkProcess/NetworkDataTask.h
Source/WebKit2/NetworkProcess/NetworkLoad.cpp
Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm