<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><span class="vcard"><a class="email" href="mailto:achristensen@apple.com" title="Alex Christensen <achristensen@apple.com>"> <span class="fn">Alex Christensen</span></a>
</span> changed
<a class="bz_bug_link
bz_status_NEW "
title="NEW - [SOUP] Move global TLS errors handling from ResourceHandle to SoupNetworkSession"
href="https://bugs.webkit.org/show_bug.cgi?id=162910">bug 162910</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">Attachment #290695 Flags</td>
<td>review?
</td>
<td>review+
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - [SOUP] Move global TLS errors handling from ResourceHandle to SoupNetworkSession"
href="https://bugs.webkit.org/show_bug.cgi?id=162910#c6">Comment # 6</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - [SOUP] Move global TLS errors handling from ResourceHandle to SoupNetworkSession"
href="https://bugs.webkit.org/show_bug.cgi?id=162910">bug 162910</a>
from <span class="vcard"><a class="email" href="mailto:achristensen@apple.com" title="Alex Christensen <achristensen@apple.com>"> <span class="fn">Alex Christensen</span></a>
</span></b>
<pre>Comment on <span class=""><a href="attachment.cgi?id=290695&action=diff" name="attach_290695" title="Updated patch">attachment 290695</a> <a href="attachment.cgi?id=290695&action=edit" title="Updated patch">[details]</a></span>
Updated patch
View in context: <a href="https://bugs.webkit.org/attachment.cgi?id=290695&action=review">https://bugs.webkit.org/attachment.cgi?id=290695&action=review</a>
Yep. Moves the code. Great. r=me
<span class="quote">> Source/WebCore/platform/network/soup/SoupNetworkSession.cpp:80
> + SHA1 sha1;</span >
You should probably migrate away from SHA1, it being theoretically not cryptographically secure and all...
<span class="quote">> Source/WebKit2/NetworkProcess/soup/NetworkProcessSoup.cpp:86
> - ResourceHandle::setIgnoreSSLErrors(ignoreTLSErrors);
> + SoupNetworkSession::setShouldIgnoreTLSErrors(ignoreTLSErrors);</span >
It seems like we should work towards removing this, too. Very bad things can happen when we ignore TLS errors.
<span class="quote">> Source/WebKit2/NetworkProcess/soup/NetworkProcessSoup.cpp:91
> - ResourceHandle::setClientCertificate(host, certificateInfo.certificate());
> + SoupNetworkSession::allowSpecificHTTPSCertificateForHost(certificateInfo, host);</span >
We are also moving away from allowing specific TLS certificates. I'm going to do this on Cocoa by using SecTrustEvaluateAsync with a few additional checks in the NetworkProcess after receiving the server trust evaluation challenge. This will avoid IPC and allow us to quickly and asynchronously connect to most HTTPS servers that use modern TLS and valid certificates. In the case where it fails such as on badssl.com we will send IPC to the UIProcess which has the option of responding and saying to trust the server even though it's probably unsafe.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>