Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

Fix #5543: Relax SSL Certificate Validation to match all other browsers #7588

Merged
merged 1 commit into from
Jun 13, 2023
Merged

Fix #5543: Relax SSL Certificate Validation to match all other browsers #7588

merged 1 commit into from
Jun 13, 2023

Conversation

Brandon-T
Copy link
Collaborator

@Brandon-T Brandon-T commented Jun 8, 2023
edited

Security Review

Summary of Changes

  • Relax SSL validation.
  • Use Chromium validation over Apple's validation.
  • If Chromium returns a value indicating that the system should handle it, then we use Apple's validation.
  • Disable Apple's X509 validation and only validate it for SSL to match other browsers (including Safari).

This pull request fixes #5543

Submitter Checklist:

  • Unit Tests are updated to cover new or changed functionality
  • User-facing strings use NSLocalizableString()
  • New or updated UI has been tested across:
    • Light & dark mode
    • Different size classes (iPhone, landscape, iPad)
    • Different dynamic type sizes

Test Plan:

Reviewer Checklist:

  • Issues include necessary QA labels:
    • QA/(Yes|No)
    • bug / enhancement
  • Necessary security reviews have taken place.
  • Adequate unit test coverage exists to prevent regressions.
  • Adequate test plan exists for QA to validate (if applicable).
  • Issue and pull request is assigned to a milestone (should happen at merge time).

@Brandon-T Brandon-T added this to the 1.52 milestone Jun 8, 2023
@Brandon-T Brandon-T requested a review from a team as a code owner June 8, 2023 18:18
@Brandon-T Brandon-T self-assigned this Jun 8, 2023
@Brandon-T
Relax SSL validation. Use Chromium validation over Apple's validation.
6fcd5d3 
If Chromium returns a value indicating that the system should handle it, then we use Apple's validation.
However, we disable X509 validation and only validate it for SSL.

Signed-off-by: Brandon T <JustBrandonT@gmail.com>
@Brandon-T Brandon-T force-pushed the bugfix/CertificateValidation branch from f439199 to 6fcd5d3 Compare June 12, 2023 18:07
@iccub iccub merged commit 4ee6a51 into development Jun 13, 2023
9 checks passed
@iccub iccub deleted the bugfix/CertificateValidation branch June 13, 2023 15:20
iccub pushed a commit that referenced this pull request Jun 13, 2023
@Brandon-T @iccub
Fix #5543: Relax SSL Certificate Validation to match all other browse…
0ceb35e 
…rs (#7588)

Relax SSL validation. Use Chromium validation over Apple's validation.
If Chromium returns a value indicating that the system should handle it, then we use Apple's validation.
However, we disable X509 validation and only validate it for SSL.

Signed-off-by: Brandon T <JustBrandonT@gmail.com>
@Brandon-T
Copy link
Collaborator Author

Closing in favour of: #8309

arthuredelstein pushed a commit to brave/brave-core that referenced this pull request Feb 13, 2024
@Brandon-T
Fix brave/brave-ios#5543: Relax SSL Certificate Validation to match a…
e66e15c 
…ll other browsers (brave/brave-ios#7588)

Relax SSL validation. Use Chromium validation over Apple's validation.
If Chromium returns a value indicating that the system should handle it, then we use Apple's validation.
However, we disable X509 validation and only validate it for SSL.

Signed-off-by: Brandon T <JustBrandonT@gmail.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@stoletheminerals stoletheminerals stoletheminerals left review comments

@iccub iccub iccub approved these changes

Assignees

@Brandon-T Brandon-T

Labels
needs security review
Projects
None yet
Milestone
1.52
Development

Successfully merging this pull request may close these issues.

SSL Trust Validation too strict [does not match Safari's relaxed validation]
3 participants
@Brandon-T @iccub @stoletheminerals