<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[174983] releases/WebKitGTK/webkit-2.6</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/174983">174983</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2014-10-21 10:02:50 -0700 (Tue, 21 Oct 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/174930">r174930</a> - Change the default TLS errors policy to WEBKIT_TLS_ERRORS_POLICY_FAIL
https://bugs.webkit.org/show_bug.cgi?id=137832
Patch by Michael Catanzaro <mcatanzaro@igalia.com> on 2014-10-20
Reviewed by Carlos Garcia Campos.
Source/WebKit2:
Too many general-purpose browsers that really need this policy
are not selecting it, so let's do so for them.
* UIProcess/API/gtk/WebKitWebContext.cpp:
(createDefaultWebContext):
Tools:
Ensure each test sets the TLS errors policy that it really needs.
Have each test except testTLSErrorsPolicy stash and restore the original
TLS errors policy. Update testTLSErrorsPolicy to account for the new
default policy.
* TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:
(testSSL):
(testInsecureContent):
(testTLSErrorsPolicy):
(testTLSErrorsRedirect):
(testTLSErrorsHTTPAuth):
(testLoadFailedWithTLSErrors):
(beforeAll):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit26SourceWebKit2ChangeLog">releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit26SourceWebKit2UIProcessAPIgtkWebKitWebContextcpp">releases/WebKitGTK/webkit-2.6/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp</a></li>
<li><a href="#releasesWebKitGTKwebkit26ToolsChangeLog">releases/WebKitGTK/webkit-2.6/Tools/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit26ToolsTestWebKitAPITestsWebKit2GtkTestSSLcpp">releases/WebKitGTK/webkit-2.6/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit26SourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog (174982 => 174983)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog 2014-10-21 17:00:51 UTC (rev 174982)
+++ releases/WebKitGTK/webkit-2.6/Source/WebKit2/ChangeLog 2014-10-21 17:02:50 UTC (rev 174983)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2014-10-20 Michael Catanzaro <mcatanzaro@igalia.com>
+
+ Change the default TLS errors policy to WEBKIT_TLS_ERRORS_POLICY_FAIL
+ https://bugs.webkit.org/show_bug.cgi?id=137832
+
+ Reviewed by Carlos Garcia Campos.
+
+ Too many general-purpose browsers that really need this policy
+ are not selecting it, so let's do so for them.
+
+ * UIProcess/API/gtk/WebKitWebContext.cpp:
+ (createDefaultWebContext):
+
</ins><span class="cx"> 2014-10-18 Michael Catanzaro <mcatanzaro@igalia.com>
</span><span class="cx">
</span><span class="cx"> [GTK] Improve documentation of webkit_web_view_get_tls_info()
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit26SourceWebKit2UIProcessAPIgtkWebKitWebContextcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.6/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp (174982 => 174983)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.6/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp 2014-10-21 17:00:51 UTC (rev 174982)
+++ releases/WebKitGTK/webkit-2.6/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp 2014-10-21 17:02:50 UTC (rev 174983)
</span><span class="lines">@@ -84,6 +84,13 @@
</span><span class="cx"> * You can use webkit_web_context_register_uri_scheme() to register
</span><span class="cx"> * custom URI schemes, and manage several other settings.
</span><span class="cx"> *
</span><ins>+ * TLS certificate validation failure is now treated as a transport
+ * error by default. To handle TLS failures differently, you can
+ * connect to #WebKitWebView::load-failed-with-tls-errors.
+ * Alternatively, you can use webkit_web_context_set_tls_errors_policy()
+ * to set the policy %WEBKIT_TLS_ERRORS_POLICY_IGNORE; however, this is
+ * not appropriate for Internet applications.
+ *
</ins><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> enum {
</span><span class="lines">@@ -264,8 +271,10 @@
</span><span class="cx">
</span><span class="cx"> priv->requestManager = webContext->priv->context->supplement<WebSoupCustomProtocolRequestManager>();
</span><span class="cx"> priv->context->setCacheModel(CacheModelPrimaryWebBrowser);
</span><del>- priv->tlsErrorsPolicy = WEBKIT_TLS_ERRORS_POLICY_IGNORE;
</del><span class="cx">
</span><ins>+ priv->tlsErrorsPolicy = WEBKIT_TLS_ERRORS_POLICY_FAIL;
+ priv->context->setIgnoreTLSErrors(false);
+
</ins><span class="cx"> attachInjectedBundleClientToContext(webContext.get());
</span><span class="cx"> attachDownloadClientToContext(webContext.get());
</span><span class="cx"> attachRequestManagerClientToContext(webContext.get());
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit26ToolsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.6/Tools/ChangeLog (174982 => 174983)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.6/Tools/ChangeLog 2014-10-21 17:00:51 UTC (rev 174982)
+++ releases/WebKitGTK/webkit-2.6/Tools/ChangeLog 2014-10-21 17:02:50 UTC (rev 174983)
</span><span class="lines">@@ -1,3 +1,24 @@
</span><ins>+2014-10-20 Michael Catanzaro <mcatanzaro@igalia.com>
+
+ Change the default TLS errors policy to WEBKIT_TLS_ERRORS_POLICY_FAIL
+ https://bugs.webkit.org/show_bug.cgi?id=137832
+
+ Reviewed by Carlos Garcia Campos.
+
+ Ensure each test sets the TLS errors policy that it really needs.
+ Have each test except testTLSErrorsPolicy stash and restore the original
+ TLS errors policy. Update testTLSErrorsPolicy to account for the new
+ default policy.
+
+ * TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp:
+ (testSSL):
+ (testInsecureContent):
+ (testTLSErrorsPolicy):
+ (testTLSErrorsRedirect):
+ (testTLSErrorsHTTPAuth):
+ (testLoadFailedWithTLSErrors):
+ (beforeAll):
+
</ins><span class="cx"> 2014-10-02 Carlos Alberto Lopez Perez <clopez@igalia.com>
</span><span class="cx">
</span><span class="cx"> [GTK] [JHBuild] Switch sourceware.org mirror to http.
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit26ToolsTestWebKitAPITestsWebKit2GtkTestSSLcpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.6/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp (174982 => 174983)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.6/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp 2014-10-21 17:00:51 UTC (rev 174982)
+++ releases/WebKitGTK/webkit-2.6/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestSSL.cpp 2014-10-21 17:02:50 UTC (rev 174983)
</span><span class="lines">@@ -67,6 +67,10 @@
</span><span class="cx">
</span><span class="cx"> static void testSSL(SSLTest* test, gconstpointer)
</span><span class="cx"> {
</span><ins>+ WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
+ WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
+ webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+
</ins><span class="cx"> test->loadURI(kHttpsServer->getURIForPath("/").data());
</span><span class="cx"> test->waitUntilLoadFinished();
</span><span class="cx"> g_assert(test->m_certificate);
</span><span class="lines">@@ -80,6 +84,8 @@
</span><span class="cx"> test->waitUntilLoadFinished();
</span><span class="cx"> g_assert(!test->m_certificate);
</span><span class="cx"> g_assert(!test->m_tlsErrors);
</span><ins>+
+ webkit_web_context_set_tls_errors_policy(context, originalPolicy);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> class InsecureContentTest: public WebViewTest {
</span><span class="lines">@@ -110,38 +116,55 @@
</span><span class="cx">
</span><span class="cx"> static void testInsecureContent(InsecureContentTest* test, gconstpointer)
</span><span class="cx"> {
</span><ins>+ WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
+ WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
+ webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+
</ins><span class="cx"> test->loadURI(kHttpsServer->getURIForPath("/insecure-content/").data());
</span><span class="cx"> test->waitUntilLoadFinished();
</span><span class="cx">
</span><span class="cx"> g_assert(test->m_insecureContentRun);
</span><span class="cx"> g_assert(test->m_insecureContentDisplayed);
</span><ins>+
+ webkit_web_context_set_tls_errors_policy(context, originalPolicy);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static void testTLSErrorsPolicy(SSLTest* test, gconstpointer)
</span><span class="cx"> {
</span><span class="cx"> WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
</span><del>- // TLS errors are ignored by default.
</del><ins>+ // TLS errors are treated as transport failures by default.
+ g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_FAIL);
+ test->loadURI(kHttpsServer->getURIForPath("/").data());
+ test->waitUntilLoadFinished();
+ g_assert(test->m_loadFailed);
+ g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
+ g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
+
+ webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
</ins><span class="cx"> g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_IGNORE);
</span><ins>+
+ test->m_loadFailed = false;
</ins><span class="cx"> test->loadURI(kHttpsServer->getURIForPath("/").data());
</span><span class="cx"> test->waitUntilLoadFinished();
</span><span class="cx"> g_assert(!test->m_loadFailed);
</span><span class="cx">
</span><span class="cx"> webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
</span><del>- test->loadURI(kHttpsServer->getURIForPath("/").data());
- test->waitUntilLoadFinished();
- g_assert(test->m_loadFailed);
- g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
- g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
</del><ins>+ g_assert(webkit_web_context_get_tls_errors_policy(context) == WEBKIT_TLS_ERRORS_POLICY_FAIL);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static void testTLSErrorsRedirect(SSLTest* test, gconstpointer)
</span><span class="cx"> {
</span><del>- webkit_web_context_set_tls_errors_policy(webkit_web_view_get_context(test->m_webView), WEBKIT_TLS_ERRORS_POLICY_FAIL);
</del><ins>+ WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
+ WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
+ webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
+
</ins><span class="cx"> test->loadURI(kHttpsServer->getURIForPath("/redirect").data());
</span><span class="cx"> test->waitUntilLoadFinished();
</span><span class="cx"> g_assert(test->m_loadFailed);
</span><span class="cx"> g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
</span><span class="cx"> g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
</span><ins>+
+ webkit_web_context_set_tls_errors_policy(context, originalPolicy);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static gboolean webViewAuthenticationCallback(WebKitWebView*, WebKitAuthenticationRequest* request)
</span><span class="lines">@@ -153,13 +176,18 @@
</span><span class="cx">
</span><span class="cx"> static void testTLSErrorsHTTPAuth(SSLTest* test, gconstpointer)
</span><span class="cx"> {
</span><del>- webkit_web_context_set_tls_errors_policy(webkit_web_view_get_context(test->m_webView), WEBKIT_TLS_ERRORS_POLICY_FAIL);
</del><ins>+ WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
+ WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
+ webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
+
</ins><span class="cx"> g_signal_connect(test->m_webView, "authenticate", G_CALLBACK(webViewAuthenticationCallback), NULL);
</span><span class="cx"> test->loadURI(kHttpsServer->getURIForPath("/auth").data());
</span><span class="cx"> test->waitUntilLoadFinished();
</span><span class="cx"> g_assert(test->m_loadFailed);
</span><span class="cx"> g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
</span><span class="cx"> g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadCommitted));
</span><ins>+
+ webkit_web_context_set_tls_errors_policy(context, originalPolicy);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> class TLSErrorsTest: public SSLTest {
</span><span class="lines">@@ -204,6 +232,7 @@
</span><span class="cx"> static void testLoadFailedWithTLSErrors(TLSErrorsTest* test, gconstpointer)
</span><span class="cx"> {
</span><span class="cx"> WebKitWebContext* context = webkit_web_view_get_context(test->m_webView);
</span><ins>+ WebKitTLSErrorsPolicy originalPolicy = webkit_web_context_get_tls_errors_policy(context);
</ins><span class="cx"> webkit_web_context_set_tls_errors_policy(context, WEBKIT_TLS_ERRORS_POLICY_FAIL);
</span><span class="cx">
</span><span class="cx"> // The load-failed-with-tls-errors signal should be emitted when there is a TLS failure.
</span><span class="lines">@@ -226,6 +255,8 @@
</span><span class="cx"> g_assert_cmpint(test->m_loadEvents[1], ==, LoadTrackingTest::LoadCommitted);
</span><span class="cx"> g_assert_cmpint(test->m_loadEvents[2], ==, LoadTrackingTest::LoadFinished);
</span><span class="cx"> g_assert_cmpstr(webkit_web_view_get_title(test->m_webView), ==, TLSExpectedSuccessTitle);
</span><ins>+
+ webkit_web_context_set_tls_errors_policy(context, originalPolicy);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx">
</span><span class="lines">@@ -298,9 +329,9 @@
</span><span class="cx">
</span><span class="cx"> SSLTest::add("WebKitWebView", "ssl", testSSL);
</span><span class="cx"> InsecureContentTest::add("WebKitWebView", "insecure-content", testInsecureContent);
</span><del>- // In this case the order of the tests does matter because tls-errors-policy tests the default policy,
- // and expects that no exception will have been added for this certificate and host pair as is
- // done in the tls-permission-request test.
</del><ins>+ // In this case the order of the tests does matter because tls-errors-policy expects
+ // that no exception will have been added for this certificate and host pair as is
+ // done in the load-failed-with-tls-errors test.
</ins><span class="cx"> SSLTest::add("WebKitWebView", "tls-errors-policy", testTLSErrorsPolicy);
</span><span class="cx"> SSLTest::add("WebKitWebView", "tls-errors-redirect-to-http", testTLSErrorsRedirect);
</span><span class="cx"> SSLTest::add("WebKitWebView", "tls-http-auth", testTLSErrorsHTTPAuth);
</span></span></pre>
</div>
</div>
</body>
</html>