WKWebView should ask WKNavigationDelegate about bad ssl certificates
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 29 Jun 2016 19:19:24 +0000 (19:19 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 29 Jun 2016 19:19:24 +0000 (19:19 +0000)
https://bugs.webkit.org/show_bug.cgi?id=159176
Source/WebKit2:

rdar://problem/26864882

Patch by Alex Christensen <achristensen@webkit.org> on 2016-06-29
Reviewed by Sam Weinig.

This can be tested manually by visiting a site in MiniBrowser that has invalid ssl certificates, but we don't have proper ssl testing yet.
Before this change, we would just open the site as if nothing were invalid, now we call the WKNavigationDelegate's didReceiveAuthenticationChallenge
like we did before using NSURLSession, and we do not open the page, also like we did before using NSURLSession.

* NetworkProcess/NetworkLoad.cpp:
(WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
When using NSURLConnection and responding to canAuthenticateAgainstProtectionSpace with YES,
we get an NSURLAuthenticationChallenge when a bad ssl certificate is encountered in the handshake.
When using NSURLSession, we want to call webView:didReceiveAuthenticationChallenge:completionHandler: in this case.
The default implementation of NavigationState::NavigationClient::canAuthenticateAgainstProtectionSpace returns true
if there is an implementation of webView:didReceiveAuthenticationChallenge:completionHandler: in its WKNavigationDelegate.
Internal clients can implement _webView:canAuthenticateAgainstProtectionSpace:
and Safari uses canHandleHTTPSServerTrustEvaluation, so it will be unaffected.

Tools:

Patch by Alex Christensen <achristensen@webkit.org> on 2016-06-29
Reviewed by Sam Weinig.

* MiniBrowser/mac/WK2BrowserWindowController.m:
(-[WK2BrowserWindowController webView:didFinishLoadingNavigation:]):
(-[WK2BrowserWindowController webView:didReceiveAuthenticationChallenge:completionHandler:]):
(-[WK2BrowserWindowController webView:didFailNavigation:withError:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@202640 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/NetworkProcess/NetworkLoad.cpp
Tools/ChangeLog
Tools/MiniBrowser/mac/WK2BrowserWindowController.m

index bc2c297..1cfd56c 100644 (file)
@@ -1,3 +1,25 @@
+2016-06-29  Alex Christensen  <achristensen@webkit.org>
+
+        WKWebView should ask WKNavigationDelegate about bad ssl certificates
+        https://bugs.webkit.org/show_bug.cgi?id=159176
+        rdar://problem/26864882
+
+        Reviewed by Sam Weinig.
+
+        This can be tested manually by visiting a site in MiniBrowser that has invalid ssl certificates, but we don't have proper ssl testing yet.
+        Before this change, we would just open the site as if nothing were invalid, now we call the WKNavigationDelegate's didReceiveAuthenticationChallenge
+        like we did before using NSURLSession, and we do not open the page, also like we did before using NSURLSession.
+
+        * NetworkProcess/NetworkLoad.cpp:
+        (WebKit::NetworkLoad::continueCanAuthenticateAgainstProtectionSpace):
+        When using NSURLConnection and responding to canAuthenticateAgainstProtectionSpace with YES,
+        we get an NSURLAuthenticationChallenge when a bad ssl certificate is encountered in the handshake.
+        When using NSURLSession, we want to call webView:didReceiveAuthenticationChallenge:completionHandler: in this case.
+        The default implementation of NavigationState::NavigationClient::canAuthenticateAgainstProtectionSpace returns true
+        if there is an implementation of webView:didReceiveAuthenticationChallenge:completionHandler: in its WKNavigationDelegate.
+        Internal clients can implement _webView:canAuthenticateAgainstProtectionSpace: 
+        and Safari uses canHandleHTTPSServerTrustEvaluation, so it will be unaffected.
+
 2016-06-29  Beth Dakin  <bdakin@apple.com>
 
         Delete WKElementInfo since it's not used
index c510782..dbf1869 100644 (file)
@@ -352,12 +352,7 @@ void NetworkLoad::continueCanAuthenticateAgainstProtectionSpace(bool result)
             completionHandler(AuthenticationChallengeDisposition::RejectProtectionSpace, { });
         return;
     }
-    
-    if (m_challenge->protectionSpace().authenticationScheme() == ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
-        completionHandler(AuthenticationChallengeDisposition::UseCredential, serverTrustCredential(*m_challenge));
-        return;
-    }
-    
+
     if (m_parameters.clientCredentialPolicy == DoNotAskClientForAnyCredentials) {
         completionHandler(AuthenticationChallengeDisposition::UseCredential, { });
         return;
index 0870277..59802ab 100644 (file)
@@ -1,3 +1,15 @@
+2016-06-29  Alex Christensen  <achristensen@webkit.org>
+
+        WKWebView should ask WKNavigationDelegate about bad ssl certificates
+        https://bugs.webkit.org/show_bug.cgi?id=159176
+
+        Reviewed by Sam Weinig.
+
+        * MiniBrowser/mac/WK2BrowserWindowController.m:
+        (-[WK2BrowserWindowController webView:didFinishLoadingNavigation:]):
+        (-[WK2BrowserWindowController webView:didReceiveAuthenticationChallenge:completionHandler:]):
+        (-[WK2BrowserWindowController webView:didFailNavigation:withError:]):
+
 2016-06-29  Carlos Alberto Lopez Perez  <clopez@igalia.com>
 
         [GTK] Add missing install dependency after r202619
index eeb1510..3806a34 100644 (file)
@@ -567,6 +567,12 @@ static NSSet *dataTypes()
     LOG(@"didFinishLoadingNavigation: %@", navigation);
 }
 
+- (void)webView:(WKWebView *)webView didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *__nullable credential))completionHandler
+{
+    LOG(@"didReceiveAuthenticationChallenge: %@", challenge);
+    completionHandler(NSURLSessionAuthChallengeRejectProtectionSpace, nil);
+}
+
 - (void)webView:(WKWebView *)webView didFailNavigation:(WKNavigation *)navigation withError:(NSError *)error
 {
     LOG(@"didFailNavigation: %@, error %@", navigation, error);