[webkit-reviews] review denied: [Bug 187611] [Curl] Fix implementation error in handling Certificate exceptions. : [Attachment 344981] PATCH

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jul 13 17:54:20 PDT 2018 

Fujii Hironori <Hironori.Fujii at sony.com> has denied Basuke Suzuki
<Basuke.Suzuki at sony.com>'s request for review:
Bug 187611: [Curl] Fix implementation error in handling Certificate exceptions.
https://bugs.webkit.org/show_bug.cgi?id=187611

Attachment 344981: PATCH

https://bugs.webkit.org/attachment.cgi?id=344981&action=review




--- Comment #12 from Fujii Hironori <Hironori.Fujii at sony.com> ---
Comment on attachment 344981
  --> https://bugs.webkit.org/attachment.cgi?id=344981
PATCH

View in context: https://bugs.webkit.org/attachment.cgi?id=344981&action=review

> Source/WebCore/ChangeLog:3
> +	   [Curl] Fix implementation error in handling Certificate exceptions.

I like a more informative subject.
But, it is difficult because you are doing two thinkgs in a single patch.
1. Add allowSpecificHTTPSCertificateForHost
2. Change how isAllowedHTTPSCertificateHost is used
Please split this patch into two.

> Source/WebCore/platform/network/curl/CurlContext.cpp:304
> +    if (sslHandle.canIgnoreAnyHTTPSCertificatesForHost(host) ||
sslHandle.shouldIgnoreSSLErrors()) {

What will happen in case of a redirection from http to https of different site?
This CurlHandle is reused in such case?

> Source/WebCore/platform/network/curl/CurlSSLHandle.cpp:95
> +void
CurlSSLHandle::allowSpecificHTTPSCertificateForHost(CertificateInfo::Certificat
eChain&& certificates, const String& host)

You add CurlSSLHandle::allowSpecificHTTPSCertificateForHost, but not used
anywhere in this change.

Why don't you implement NetworkProcess::allowSpecificHTTPSCertificateForHost?

> Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp:82
> +    // whether the verification of the certificate in question was passed
(preverified=1) or not (preverified=0)

This comment should be moved to the below checking.

> Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp:88
> +    return preverified || verifier->verify();

if (preverified)
    // Put a good comment here.
    return 1;
return verifier->verify();

I think this looks better.

More information about the webkit-reviews mailing list