Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SOUP] WebSocketTask: add client authentication support #6245

Merged
merged 1 commit into from Nov 17, 2022
Merged

[SOUP] WebSocketTask: add client authentication support #6245

merged 1 commit into from Nov 17, 2022

Conversation

ThomasDevoogdt
Copy link
Contributor

@ThomasDevoogdt ThomasDevoogdt commented Nov 8, 2022
edited by webkit-early-warning-system

7d61be0

[SOUP] WebSocketTask: add client authentication support

https://bugs.webkit.org/show_bug.cgi?id=247608

Reviewed by Carlos Garcia Campos.

Since version WebKitGTK version 2.2, developers can register a
authenticate callback to the WebView. This gives a WebKitAuthenticationRequest
which gives a chance to provide certificates with webkit_authentication_request_authenticate.
While developing, it turned out that the websocket implementation does not handle
client certificates. The implemention in this commit is partial based on NetworkDataTaskSoup.

Canonical link: https://commits.webkit.org/256780@main

c10230a

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug βœ… πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl βœ… πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ gtk-wk2
βœ… πŸ§ͺ api-ios βœ… πŸ§ͺ api-mac βœ… πŸ§ͺ api-gtk
βœ… πŸ›  tv βœ… πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim βœ… πŸ§ͺ mac-wk2
βœ… πŸ›  watch βœ… πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  πŸ§ͺ unsafe-merge βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

@ThomasDevoogdt ThomasDevoogdt requested a review from a team as a code owner November 8, 2022 10:43
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash cbd5bd9)

Misc iOS, tvOS & watchOS macOS Linux Windows
❌ πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug βœ… πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl   πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ gtk-wk2
  πŸ§ͺ api-ios βœ… πŸ§ͺ api-mac βœ… πŸ§ͺ api-gtk
βœ… πŸ›  tv   πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim βœ… πŸ§ͺ mac-wk2
βœ… πŸ›  watch   πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

@philn
Copy link
Member

philn commented Nov 8, 2022

Can you remove the signed-off-by and fix the coding style errors?

@philn
Copy link
Member

philn commented Nov 8, 2022

Also I'm afraid this needs to be associated with a bugzilla report.

@ThomasDevoogdt ThomasDevoogdt force-pushed the feature/soup-websocket-client-cert branch from cbd5bd9 to a38e481 Compare November 8, 2022 12:43
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash a38e481)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug βœ… πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl βœ… πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ gtk-wk2
βœ… πŸ§ͺ api-ios βœ… πŸ§ͺ api-mac βœ… πŸ§ͺ api-gtk
βœ… πŸ›  tv βœ… πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim βœ… πŸ§ͺ mac-wk2
βœ… πŸ›  watch βœ… πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

@ThomasDevoogdt
Copy link
Contributor Author

ThomasDevoogdt commented Nov 8, 2022
edited

Can you remove the signed-off-by and fix the coding style errors?

About the coding style, it was not about 'style', but about an ASSERT_NOT_REACHED
check. I've removed it since the callback won't be triggered in SOUP2.

Also I'm afraid this needs to be associated with a bugzilla report.

Yes, fixed that.

mcatanzaro
mcatanzaro reviewed Nov 8, 2022
View reviewed changes
Copy link
Contributor

@mcatanzaro mcatanzaro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Huh, impressive. It's not very common that people who discover a bug manage to fix it. Good job.

Source/WebKit/NetworkProcess/soup/WebSocketTaskSoup.cpp Outdated Show resolved Hide resolved
Source/WebKit/NetworkProcess/soup/WebSocketTaskSoup.cpp Outdated Show resolved Hide resolved
mcatanzaro
mcatanzaro reviewed Nov 8, 2022
View reviewed changes
Copy link
Contributor

@mcatanzaro mcatanzaro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible to modify testClientSideCertificate in Tools/TestWebKitAPI/Tests/WebKitGLib/TestSSL.cpp to ensure this doesn't break in the future? I'm not sure how hard it would be to do that, but without a test we'll break it sooner or late.

@ThomasDevoogdt
Copy link
Contributor Author

Is it possible to modify testClientSideCertificate in Tools/TestWebKitAPI/Tests/WebKitGLib/TestSSL.cpp to ensure this doesn't break in the future? I'm not sure how hard it would be to do that, but without a test we'll break it sooner or late.

Yes, a combination of testClientSideCertificate and testWebSocketTLSErrors. Will need some time to learn how to execute and debug these tests. Do you prefer this in this PR also?

@mcatanzaro
Copy link
Contributor

Yes, a combination of testClientSideCertificate and testWebSocketTLSErrors. Will need some time to learn how to execute and debug these tests. Do you prefer this in this PR also?

Yes please. Writing tests is usually the hardest part of the change in my experience, but sounds like you have a plan....

@ThomasDevoogdt ThomasDevoogdt force-pushed the feature/soup-websocket-client-cert branch from a38e481 to f142b66 Compare November 9, 2022 09:46
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash f142b66)

Misc iOS, tvOS & watchOS macOS Linux Windows
❌ πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe ⏳ πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug βœ… πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl ⏳ πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug   πŸ§ͺ gtk-wk2
⏳ πŸ§ͺ api-ios βœ… πŸ§ͺ api-mac   πŸ§ͺ api-gtk
βœ… πŸ›  tv ⏳ πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim   πŸ§ͺ mac-wk2
βœ… πŸ›  watch ⏳ πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

@ThomasDevoogdt ThomasDevoogdt force-pushed the feature/soup-websocket-client-cert branch from f142b66 to a8c301f Compare November 9, 2022 09:51
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash a8c301f)

Misc iOS, tvOS & watchOS macOS Linux Windows
❌ πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe   πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug βœ… πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl   πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug   πŸ§ͺ gtk-wk2
  πŸ§ͺ api-ios βœ… πŸ§ͺ api-mac βœ… πŸ§ͺ api-gtk
βœ… πŸ›  tv ⏳ πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim βœ… πŸ§ͺ mac-wk2
βœ… πŸ›  watch ⏳ πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

@ThomasDevoogdt ThomasDevoogdt force-pushed the feature/soup-websocket-client-cert branch from a8c301f to 96cbffa Compare November 9, 2022 10:11
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash 96cbffa)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug βœ… πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl ⏳ πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ gtk-wk2
⏳ πŸ§ͺ api-ios βœ… πŸ§ͺ api-mac βœ… πŸ§ͺ api-gtk
βœ… πŸ›  tv βœ… πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim βœ… πŸ§ͺ mac-wk2
βœ… πŸ›  watch βœ… πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

@ThomasDevoogdt
Copy link
Contributor Author

Yes please. Writing tests is usually the hardest part of the change in my experience, but sounds like you have a plan....

I spend some time getting a test working. But I'm not able to reproduce the exact same behaviors that I was solving with this PR in the first place.

  /webkit/WebKitWebView/client-side-certificate:                      PASS
undefined:1:14: CONSOLE JS ERROR TypeError: undefined is not an object (evaluating 'window.webkit.messageHandlers')
Mesa: The provided filesystem timestamp for the cache is bogus! Disabling On-disk cache.
undefined:1:14: CONSOLE JS ERROR TypeError: undefined is not an object (evaluating 'window.webkit.messageHandlers')
undefined:1:14: CONSOLE JS ERROR TypeError: undefined is not an object (evaluating 'window.webkit.messageHandlers')
undefined:1:14: CONSOLE JS ERROR TypeError: undefined is not an object (evaluating 'window.webkit.messageHandlers')
undefined:1:14: CONSOLE JS ERROR TypeError: undefined is not an object (evaluating 'window.webkit.messageHandlers')
  /webkit/WebKitWebView/web-socket-client-side-certificate:           TIMEOUT

It's clear that the test is stuck in g_main_loop_run(m_mainLoop), I was also able to pinpoint what exact line causes the timeout while developing. But no success yet. I also don't know how much time I still can spend on this topic. Is it really required to be part of this PR?

@mcatanzaro
Copy link
Contributor

It's clear that the test is stuck in g_main_loop_run(m_mainLoop), I was also able to pinpoint what exact line causes the timeout while developing. But no success yet. I also don't know how much time I still can spend on this topic. Is it really required to be part of this PR?

It's much better if we have a test. Maybe you could push your test in a WIP commit so others can take a look? Your call to g_main_loop_run() should be paired with a call to g_main_loop_quit() somewhere.

@ThomasDevoogdt
Copy link
Contributor Author

It's much better if we have a test. Maybe you could push your test in a WIP commit so others can take a look? Your call to g_main_loop_run() should be paired with a call to g_main_loop_quit() somewhere.

This is what I have: 13a124ddbfe072a8c7fb73ff76941589e3ccd49a which can be found on main...ThomasDevoogdt:WebKit:feature/soup-websocket-client-cert-test-wip.

@ThomasDevoogdt
Copy link
Contributor Author

I'm not able to find it myself. I even don't know if the libsoup3 server (WebKitTestServer) has support for WebSocket client authentication. I do test this against a propriety Kotlin server. I hope that this PR still gets a chance to be accepted without additional tests.

@ThomasDevoogdt ThomasDevoogdt force-pushed the feature/soup-websocket-client-cert branch from 96cbffa to a8b4c4e Compare November 10, 2022 11:01
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash a8b4c4e)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug βœ… πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl   πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ gtk-wk2
  πŸ§ͺ api-ios βœ… πŸ§ͺ api-mac ❌ πŸ§ͺ api-gtk
βœ… πŸ›  tv   πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim βœ… πŸ§ͺ mac-wk2
βœ… πŸ›  watch   πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

@ThomasDevoogdt ThomasDevoogdt force-pushed the feature/soup-websocket-client-cert branch from a8b4c4e to 8450c03 Compare November 10, 2022 12:52
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash 8450c03)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug βœ… πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl   πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ gtk-wk2
  πŸ§ͺ api-ios βœ… πŸ§ͺ api-mac βœ… πŸ§ͺ api-gtk
βœ… πŸ›  tv   πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim βœ… πŸ§ͺ mac-wk2
βœ… πŸ›  watch   πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

carlosgcampos
carlosgcampos requested changes Nov 10, 2022
View reviewed changes
Copy link
Contributor

@carlosgcampos carlosgcampos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did the test fail? the client certificate is requested during the connection and before the protocol upgrade libsoup handles the connection the same way.

Source/WebKit/NetworkProcess/soup/WebSocketTaskSoup.cpp Outdated Show resolved Hide resolved
Source/WebKit/NetworkProcess/soup/WebSocketTaskSoup.cpp Outdated Show resolved Hide resolved
mcatanzaro
mcatanzaro reviewed Nov 10, 2022
View reviewed changes
Copy link
Contributor

@mcatanzaro mcatanzaro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did the test fail? the client certificate is requested during the connection and before the protocol upgrade libsoup handles the connection the same way.

See 13a124d#r89401896. It looks pretty close to working. Pretty sure the JS is just failing to call the message handler.

If it's too hard to write a test, then I think it's OK to land without a test, on the understanding that it will inevitably break if there is no test... but you seem really close. ;)

@carlosgcampos
Copy link
Contributor

I'll check the test to see if I understand why it's failing.

@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash 6f948c0)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac ❌ πŸ›  wpe ❌ πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug ❌ πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl   πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug ❌ πŸ§ͺ gtk-wk2
  πŸ§ͺ api-ios ⏳ πŸ§ͺ api-mac ❌ πŸ§ͺ api-gtk
βœ… πŸ›  tv ⏳ πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim ⏳ πŸ§ͺ mac-wk2
βœ… πŸ›  watch   πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

@webkit-ews-buildbot webkit-ews-buildbot added the merging-blocked Applied to prevent a change from being merged label Nov 10, 2022
@ThomasDevoogdt ThomasDevoogdt force-pushed the feature/soup-websocket-client-cert branch from 6f948c0 to 43c205b Compare November 10, 2022 19:08
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash 43c205b)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug βœ… πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl βœ… πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ gtk-wk2
βœ… πŸ§ͺ api-ios βœ… πŸ§ͺ api-mac βœ… πŸ§ͺ api-gtk
βœ… πŸ›  tv ❌ πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim βœ… πŸ§ͺ mac-wk2
βœ… πŸ›  watch βœ… πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

@ThomasDevoogdt ThomasDevoogdt force-pushed the feature/soup-websocket-client-cert branch from 43c205b to 6087d3a Compare November 14, 2022 13:01
@webkit-early-warning-system
Copy link
Collaborator

EWS run on previous version of this PR (hash 6087d3a)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug βœ… πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl βœ… πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ gtk-wk2
βœ… πŸ§ͺ api-ios βœ… πŸ§ͺ api-mac βœ… πŸ§ͺ api-gtk
βœ… πŸ›  tv βœ… πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim βœ… πŸ§ͺ mac-wk2
βœ… πŸ›  watch βœ… πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

@ThomasDevoogdt ThomasDevoogdt requested review from mcatanzaro and carlosgcampos and removed request for carlosgcampos and mcatanzaro November 14, 2022 14:55
@ThomasDevoogdt ThomasDevoogdt force-pushed the feature/soup-websocket-client-cert branch from 6087d3a to c10230a Compare November 15, 2022 07:19
@webkit-early-warning-system
Copy link
Collaborator

EWS run on current version of this PR (hash c10230a)

Misc iOS, tvOS & watchOS macOS Linux Windows
βœ… πŸ§ͺ style βœ… πŸ›  ios βœ… πŸ›  mac βœ… πŸ›  wpe βœ… πŸ›  πŸ§ͺ win
βœ… πŸ§ͺ bindings βœ… πŸ›  ios-sim βœ… πŸ›  mac-debug βœ… πŸ›  gtk βœ… πŸ›  wincairo
βœ… πŸ§ͺ webkitperl βœ… πŸ§ͺ ios-wk2 βœ… πŸ›  mac-AS-debug βœ… πŸ§ͺ gtk-wk2
βœ… πŸ§ͺ api-ios βœ… πŸ§ͺ api-mac βœ… πŸ§ͺ api-gtk
βœ… πŸ›  tv βœ… πŸ§ͺ mac-wk1
βœ… πŸ›  tv-sim βœ… πŸ§ͺ mac-wk2
βœ… πŸ›  watch βœ… πŸ§ͺ mac-AS-debug-wk2
βœ… πŸ›  πŸ§ͺ unsafe-merge βœ… πŸ›  watch-sim βœ… πŸ§ͺ mac-wk2-stress

@ThomasDevoogdt ThomasDevoogdt requested review from mcatanzaro and removed request for carlosgcampos November 15, 2022 07:20
@mcatanzaro
Copy link
Contributor

It's disappointing to see you give up on the test so quickly. ;) Let's wait for Carlos to check out what's going wrong with the JS. He might need a few days to get to it.

@carlosgcampos
Copy link
Contributor

Yes, I haven't forgotten it, I just need to find the time.

@ThomasDevoogdt
Copy link
Contributor Author

ThomasDevoogdt commented Nov 15, 2022
edited

Sorry, It's not that I didn't try to find it, already spend quite some time on it, but I also have to devide my time properly. I will probably come back to it, but not immediately. If besides there are still remarks related to the commit itself, let me know, will for sure adapt it until everything is fine. Anyway, also thx four your time, I do appreciate it.

@mcatanzaro
Copy link
Contributor

The code changes look good to me!

I didn't mean to shame you for failure to complete the test, but rather to suggest that you put it back even though it doesn't work quite right yet, so that Carlos Garcia doesn't have to dig through your older commits to find it.

carlosgcampos
carlosgcampos approved these changes Nov 17, 2022
View reviewed changes
Copy link
Contributor

@carlosgcampos carlosgcampos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The patch is good, I managed to make a test, I'll open a new PR for the test.

@carlosgcampos carlosgcampos added unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing and removed merging-blocked Applied to prevent a change from being merged labels Nov 17, 2022
@ThomasDevoogdt @carlosgcampos
[SOUP] WebSocketTask: add client authentication support
7d61be0 
https://bugs.webkit.org/show_bug.cgi?id=247608

Reviewed by Carlos Garcia Campos.

Since version WebKitGTK version 2.2, developers can register a
authenticate callback to the WebView. This gives a WebKitAuthenticationRequest
which gives a chance to provide certificates with webkit_authentication_request_authenticate.
While developing, it turned out that the websocket implementation does not handle
client certificates. The implemention in this commit is partial based on NetworkDataTaskSoup.

Canonical link: https://commits.webkit.org/256780@main
@webkit-commit-queue
Copy link
Collaborator

Committed 256780@main (7d61be0): https://commits.webkit.org/256780@main

Reviewed commits have been landed. Closing PR #6245 and removing active labels.

@webkit-early-warning-system webkit-early-warning-system merged commit 7d61be0 into WebKit:main Nov 17, 2022
@webkit-commit-queue webkit-commit-queue removed the unsafe-merge-queue Applied to send a pull request to merge-queue, but skip building and testing label Nov 17, 2022
@mcatanzaro
Copy link
Contributor

Thanks for fixing this!

@ThomasDevoogdt ThomasDevoogdt deleted the feature/soup-websocket-client-cert branch November 19, 2022 10:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carlosgcampos carlosgcampos carlosgcampos approved these changes

@mcatanzaro mcatanzaro Awaiting requested review from mcatanzaro

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
7 participants
@ThomasDevoogdt @webkit-early-warning-system @philn @mcatanzaro @carlosgcampos @webkit-commit-queue @webkit-ews-buildbot