[SOUP] Disable SSLv3
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Oct 2014 07:35:05 +0000 (07:35 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 Oct 2014 07:35:05 +0000 (07:35 +0000)
https://bugs.webkit.org/show_bug.cgi?id=137859

Patch by Michael Catanzaro <mcatanzaro@igalia.com> on 2014-10-21
Reviewed by Carlos Garcia Campos.

Set G_TLS_GNUTLS_PRIORITY if unset.

* NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
(main):
* WebProcess/EntryPoint/unix/WebProcessMain.cpp:
(main):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@174927 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit2/ChangeLog
Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp
Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp

index e98ce1bb12a7f4319fbe6083680feeca38943c75..40fc7b3f5d97e835e0b49acca340db006390bf84 100644 (file)
@@ -1,3 +1,17 @@
+2014-10-21  Michael Catanzaro  <mcatanzaro@igalia.com>
+
+        [SOUP] Disable SSLv3
+        https://bugs.webkit.org/show_bug.cgi?id=137859
+
+        Reviewed by Carlos Garcia Campos.
+
+        Set G_TLS_GNUTLS_PRIORITY if unset.
+
+        * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
+        (main):
+        * WebProcess/EntryPoint/unix/WebProcessMain.cpp:
+        (main):
+
 2014-10-20  Chris Dumez  <cdumez@apple.com>
 
         ResourceRequest deserialization unnecessarily calls partitionName() on encoded cache partition
index 8d4287b3713ee93c0db80d178089112e1589e53b..c42baa8e94e16d8e8e97ae256d9a2496f144f958 100644 (file)
 
 #include "NetworkProcessMainUnix.h"
 
+#include <cstdlib>
+
 using namespace WebKit;
 
 int main(int argc, char** argv)
 {
+    // Disable SSLv3 very early because it is practically impossible to safely
+    // use setenv() when multiple threads are running, as another thread calling
+    // getenv() could cause a crash, and many functions use getenv() internally.
+    // This workaround will stop working if glib-networking switches away from
+    // GnuTLS or simply stops parsing this variable. We intentionally do not
+    // overwrite this priority string if it's already set by the user.
+    // Keep this in sync with WebProcessMain.cpp.
+    // https://bugzilla.gnome.org/show_bug.cgi?id=738633
+    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
+
     return NetworkProcessMainUnix(argc, argv);
 }
index 6c637fd237c3d75a5332d1e190cbc9e8226cbcae..260620a766911a8162cbb10717aa137cba3a9271 100644 (file)
 
 #include "WebProcessMainUnix.h"
 
+#include <cstdlib>
+
 using namespace WebKit;
 
 int main(int argc, char** argv)
 {
+    // Disable SSLv3 very early because it is practically impossible to safely
+    // use setenv() when multiple threads are running, as another thread calling
+    // getenv() could cause a crash, and many functions use getenv() internally.
+    // This workaround will stop working if glib-networking switches away from
+    // GnuTLS or simply stops parsing this variable. We intentionally do not
+    // overwrite this priority string if it's already set by the user.
+    // Keep this in sync with NetworkProcessMain.cpp.
+    // https://bugzilla.gnome.org/show_bug.cgi?id=738633
+    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:!VERS-SSL3.0", 0);
+
     return WebProcessMainUnix(argc, argv);
 }