[Webkit-unassigned] [Bug 187611] New: [Curl] Fix implementation error in handling Certificate exceptions.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 12 11:57:20 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=187611

            Bug ID: 187611
           Summary: [Curl] Fix implementation error in handling
                    Certificate exceptions.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Platform
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Basuke.Suzuki at sony.com

Current interface for TLS certificate validation for Curl port are as follows:

    WEBCORE_EXPORT void setHostAllowsAnyHTTPSCertificate(const String&);
    bool isAllowedHTTPSCertificateHost(const String&);
    bool canIgnoredHTTPSCertificate(const String&, const Vector<CertificateInfo::Certificate>&);

First one registers a host to be ignored for any certificate check. Once it is registered, no further certificate validation check is executed.
Second one checks the host is registered in the list above.
Third one is weird. The method signature implies it checks the certificate for the host and detect whether we can ignore this certificate for the host, but actually it  just check only the host and register the certificate into the vector. Then in the next request for the host, the certificate will be checked with the previously stored certificate.

It's hard to understand, but in short, 
- We can register a host as an exception for TLS certificate validation.
- But only certificate arrived first is ignored, not all certificates for the host (which is rare, but possible for mis configured web cluster).

This behavior is incomplete and more over it is very different from other ports.

This should be changed following other ports:
- allowSpecificHTTPSCertificateForHost(const CertificateInfo& certificateInfo, const String& host)
- canIgnoreSpecificHTTPSCertificateForHost(const CertificateInfo& certificateInfo, const String& host)
    (actually check its certificates against registered certificates for the host)

This will be used for standard SSL error interface such as: "Do you allow this certificates for host?" checkbox in the SSL error dialog.

Also for the original purpose to ignore ALL certificates of the host:
- allowAllHTTPSCertificatesForHost(const String& host)
- canIgnoreAllHTTPSCertificatesForHost(const String& host)

This is required to access to the host which has different SNI name in the certificates in our platform.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180712/b46540d4/attachment.html>

More information about the webkit-unassigned mailing list