[webkit-reviews] review denied: [Bug 187611] [Curl] Fix implementation error in handling Certificate exceptions. : [Attachment 344981] PATCH
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 13 17:54:20 PDT 2018
Fujii Hironori <Hironori.Fujii at sony.com> has denied Basuke Suzuki
<Basuke.Suzuki at sony.com>'s request for review:
Bug 187611: [Curl] Fix implementation error in handling Certificate exceptions.
https://bugs.webkit.org/show_bug.cgi?id=187611
Attachment 344981: PATCH
https://bugs.webkit.org/attachment.cgi?id=344981&action=review
--- Comment #12 from Fujii Hironori <Hironori.Fujii at sony.com> ---
Comment on attachment 344981
--> https://bugs.webkit.org/attachment.cgi?id=344981
PATCH
View in context: https://bugs.webkit.org/attachment.cgi?id=344981&action=review
> Source/WebCore/ChangeLog:3
> + [Curl] Fix implementation error in handling Certificate exceptions.
I like a more informative subject.
But, it is difficult because you are doing two thinkgs in a single patch.
1. Add allowSpecificHTTPSCertificateForHost
2. Change how isAllowedHTTPSCertificateHost is used
Please split this patch into two.
> Source/WebCore/platform/network/curl/CurlContext.cpp:304
> + if (sslHandle.canIgnoreAnyHTTPSCertificatesForHost(host) ||
sslHandle.shouldIgnoreSSLErrors()) {
What will happen in case of a redirection from http to https of different site?
This CurlHandle is reused in such case?
> Source/WebCore/platform/network/curl/CurlSSLHandle.cpp:95
> +void
CurlSSLHandle::allowSpecificHTTPSCertificateForHost(CertificateInfo::Certificat
eChain&& certificates, const String& host)
You add CurlSSLHandle::allowSpecificHTTPSCertificateForHost, but not used
anywhere in this change.
Why don't you implement NetworkProcess::allowSpecificHTTPSCertificateForHost?
> Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp:82
> + // whether the verification of the certificate in question was passed
(preverified=1) or not (preverified=0)
This comment should be moved to the below checking.
> Source/WebCore/platform/network/curl/CurlSSLVerifier.cpp:88
> + return preverified || verifier->verify();
if (preverified)
// Put a good comment here.
return 1;
return verifier->verify();
I think this looks better.
More information about the webkit-reviews
mailing list