Skip to content
Permalink
Browse files
Fix client certificate authentication with NSURLSession on iOS
https://bugs.webkit.org/show_bug.cgi?id=157094
<rdar://problem/25946859>

Patch by Alex Christensen <achristensen@webkit.org> on 2016-04-27
Reviewed by Darin Adler.

* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
We only want to create a non-persistent credential with the given user and password
and store the user and password in the CredentialStorage if there is a user and password.
We previously only skipped this if we were doing server trust evaluation, in which case
we will have a credential from serverTrustCredential which has no user or password.
When doing client certificate authentication on iOS, this completion handler is called with
a credential with session persistence and also no user or password, so we need to do the same thing.
The reason this was never hit on Mac was because the credential came from tryUseCertificateInfoForChallenge,
which always had persistence none.

Canonical link: https://commits.webkit.org/175201@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@200148 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
Alex Christensen authored and webkit-commit-queue committed Apr 27, 2016
1 parent 98aac65 commit 92fc924be95330560be58781c40d6eb4b8139118
Showing with 20 additions and 1 deletion.
  1. +19 −0 Source/WebKit2/ChangeLog
  2. +1 −1 Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm
@@ -1,3 +1,22 @@
2016-04-27 Alex Christensen <achristensen@webkit.org>

Fix client certificate authentication with NSURLSession on iOS
https://bugs.webkit.org/show_bug.cgi?id=157094
<rdar://problem/25946859>

Reviewed by Darin Adler.

* NetworkProcess/cocoa/NetworkSessionCocoa.mm:
(-[WKNetworkSessionDelegate URLSession:task:didReceiveChallenge:completionHandler:]):
We only want to create a non-persistent credential with the given user and password
and store the user and password in the CredentialStorage if there is a user and password.
We previously only skipped this if we were doing server trust evaluation, in which case
we will have a credential from serverTrustCredential which has no user or password.
When doing client certificate authentication on iOS, this completion handler is called with
a credential with session persistence and also no user or password, so we need to do the same thing.
The reason this was never hit on Mac was because the credential came from tryUseCertificateInfoForChallenge,
which always had persistence none.

2016-04-27 Claudio Saavedra <csaavedra@igalia.com>

[GTK][EFL] Move WK2 platform code to a common place
@@ -150,7 +150,7 @@ - (void)URLSession:(NSURLSession *)session task:(NSURLSessionTask *)task didRece
UNUSED_PARAM(sessionID);
UNUSED_PARAM(authenticationChallenge);
#else
if (credential.persistence() == WebCore::CredentialPersistenceForSession && authenticationChallenge.protectionSpace().authenticationScheme() != WebCore::ProtectionSpaceAuthenticationSchemeServerTrustEvaluationRequested) {
if (credential.persistence() == WebCore::CredentialPersistenceForSession && authenticationChallenge.protectionSpace().isPasswordBased()) {

WebCore::Credential nonPersistentCredential(credential.user(), credential.password(), WebCore::CredentialPersistenceNone);
WebCore::URL urlToStore;

0 comments on commit 92fc924

Please sign in to comment.