<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - [SOUP] Move global TLS errors handling from ResourceHandle to SoupNetworkSession"
href="https://bugs.webkit.org/show_bug.cgi?id=162910#c8">Comment # 8</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - [SOUP] Move global TLS errors handling from ResourceHandle to SoupNetworkSession"
href="https://bugs.webkit.org/show_bug.cgi?id=162910">bug 162910</a>
from <span class="vcard"><a class="email" href="mailto:cgarcia@igalia.com" title="Carlos Garcia Campos <cgarcia@igalia.com>"> <span class="fn">Carlos Garcia Campos</span></a>
</span></b>
<pre>(In reply to <a href="show_bug.cgi?id=162910#c6">comment #6</a>)
<span class="quote">> Comment on <span class=""><a href="attachment.cgi?id=290695&action=diff" name="attach_290695" title="Updated patch">attachment 290695</a> <a href="attachment.cgi?id=290695&action=edit" title="Updated patch">[details]</a></span>
> Updated patch
>
> View in context:
> <a href="https://bugs.webkit.org/attachment.cgi?id=290695&action=review">https://bugs.webkit.org/attachment.cgi?id=290695&action=review</a>
>
> Yep. Moves the code. Great. r=me</span >
Thanks!
<span class="quote">> > Source/WebCore/platform/network/soup/SoupNetworkSession.cpp:80
> > + SHA1 sha1;
>
> You should probably migrate away from SHA1, it being theoretically not
> cryptographically secure and all...</span >
I'm not security expert, but I don't see the security problem here yet, I can understand it's not safe to use SHA1 for signing something or hashing private info like a password, but here we just want to get a checksum to make comparisons.
<span class="quote">> > Source/WebKit2/NetworkProcess/soup/NetworkProcessSoup.cpp:86
> > - ResourceHandle::setIgnoreSSLErrors(ignoreTLSErrors);
> > + SoupNetworkSession::setShouldIgnoreTLSErrors(ignoreTLSErrors);
>
> It seems like we should work towards removing this, too. Very bad things
> can happen when we ignore TLS errors.</span >
This is disabled by default of course, and only enabled when explicitly set by API users. See GTK+ API for example:
<a href="https://webkitgtk.org/reference/webkit2gtk/stable/WebKitWebContext.html#WebKitTLSErrorsPolicy">https://webkitgtk.org/reference/webkit2gtk/stable/WebKitWebContext.html#WebKitTLSErrorsPolicy</a>
The default is fail, of course, and web browser applications should never change that setting.
<span class="quote">> > Source/WebKit2/NetworkProcess/soup/NetworkProcessSoup.cpp:91
> > - ResourceHandle::setClientCertificate(host, certificateInfo.certificate());
> > + SoupNetworkSession::allowSpecificHTTPSCertificateForHost(certificateInfo, host);
>
> We are also moving away from allowing specific TLS certificates. I'm going
> to do this on Cocoa by using SecTrustEvaluateAsync with a few additional
> checks in the NetworkProcess after receiving the server trust evaluation
> challenge. This will avoid IPC and allow us to quickly and asynchronously
> connect to most HTTPS servers that use modern TLS and valid certificates.
> In the case where it fails such as on badssl.com we will send IPC to the
> UIProcess which has the option of responding and saying to trust the server
> even though it's probably unsafe.</span >
I'll see if we can do something similar.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>