New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SOUP] WebSocketTask: add client authentication support #6245
[SOUP] WebSocketTask: add client authentication support #6245
Conversation
EWS run on previous version of this PR (hash cbd5bd9) |
Can you remove the signed-off-by and fix the coding style errors? |
Also I'm afraid this needs to be associated with a bugzilla report. |
cbd5bd9
to
a38e481
Compare
EWS run on previous version of this PR (hash a38e481) |
About the coding style, it was not about 'style', but about an ASSERT_NOT_REACHED
Yes, fixed that. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Huh, impressive. It's not very common that people who discover a bug manage to fix it. Good job.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it possible to modify testClientSideCertificate
in Tools/TestWebKitAPI/Tests/WebKitGLib/TestSSL.cpp to ensure this doesn't break in the future? I'm not sure how hard it would be to do that, but without a test we'll break it sooner or late.
Yes, a combination of |
Yes please. Writing tests is usually the hardest part of the change in my experience, but sounds like you have a plan.... |
a38e481
to
f142b66
Compare
EWS run on previous version of this PR (hash f142b66) |
f142b66
to
a8c301f
Compare
EWS run on previous version of this PR (hash a8c301f) |
a8c301f
to
96cbffa
Compare
EWS run on previous version of this PR (hash 96cbffa) |
I spend some time getting a test working. But I'm not able to reproduce the exact same behaviors that I was solving with this PR in the first place.
It's clear that the test is stuck in |
It's much better if we have a test. Maybe you could push your test in a WIP commit so others can take a look? Your call to |
This is what I have: 13a124ddbfe072a8c7fb73ff76941589e3ccd49a which can be found on main...ThomasDevoogdt:WebKit:feature/soup-websocket-client-cert-test-wip. |
I'm not able to find it myself. I even don't know if the libsoup3 server (WebKitTestServer) has support for WebSocket client authentication. I do test this against a propriety Kotlin server. I hope that this PR still gets a chance to be accepted without additional tests. |
96cbffa
to
a8b4c4e
Compare
EWS run on previous version of this PR (hash a8b4c4e) |
a8b4c4e
to
8450c03
Compare
EWS run on previous version of this PR (hash 8450c03) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did the test fail? the client certificate is requested during the connection and before the protocol upgrade libsoup handles the connection the same way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did the test fail? the client certificate is requested during the connection and before the protocol upgrade libsoup handles the connection the same way.
See 13a124d#r89401896. It looks pretty close to working. Pretty sure the JS is just failing to call the message handler.
If it's too hard to write a test, then I think it's OK to land without a test, on the understanding that it will inevitably break if there is no test... but you seem really close. ;)
I'll check the test to see if I understand why it's failing. |
EWS run on previous version of this PR (hash 6f948c0) |
6f948c0
to
43c205b
Compare
EWS run on previous version of this PR (hash 43c205b) |
43c205b
to
6087d3a
Compare
EWS run on previous version of this PR (hash 6087d3a) |
6087d3a
to
c10230a
Compare
EWS run on current version of this PR (hash c10230a) |
It's disappointing to see you give up on the test so quickly. ;) Let's wait for Carlos to check out what's going wrong with the JS. He might need a few days to get to it. |
Yes, I haven't forgotten it, I just need to find the time. |
Sorry, It's not that I didn't try to find it, already spend quite some time on it, but I also have to devide my time properly. I will probably come back to it, but not immediately. If besides there are still remarks related to the commit itself, let me know, will for sure adapt it until everything is fine. Anyway, also thx four your time, I do appreciate it. |
The code changes look good to me! I didn't mean to shame you for failure to complete the test, but rather to suggest that you put it back even though it doesn't work quite right yet, so that Carlos Garcia doesn't have to dig through your older commits to find it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The patch is good, I managed to make a test, I'll open a new PR for the test.
https://bugs.webkit.org/show_bug.cgi?id=247608 Reviewed by Carlos Garcia Campos. Since version WebKitGTK version 2.2, developers can register a authenticate callback to the WebView. This gives a WebKitAuthenticationRequest which gives a chance to provide certificates with webkit_authentication_request_authenticate. While developing, it turned out that the websocket implementation does not handle client certificates. The implemention in this commit is partial based on NetworkDataTaskSoup. Canonical link: https://commits.webkit.org/256780@main
c10230a
to
7d61be0
Compare
Committed 256780@main (7d61be0): https://commits.webkit.org/256780@main Reviewed commits have been landed. Closing PR #6245 and removing active labels. |
Thanks for fixing this! |
7d61be0
c10230a