Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make it possible to accept self-signed certs #26683

Closed
jdm opened this issue May 27, 2020 · 0 comments
Closed

Make it possible to accept self-signed certs #26683

jdm opened this issue May 27, 2020 · 0 comments
Labels
A-embedding A-network
Projects
Mobile developer ergonomics UWP port

Comments

@jdm
Copy link
Member

@jdm jdm commented May 27, 2020

There are two main issues at the moment:

  • the embedding API embeds the contents of resources/certs into the binary (

    servo/ports/libsimpleservo/api/src/lib.rs

    Line 926 in 748b424

    Resource::SSLCertificates => &include_bytes!("../../../../resources/certs")[..],
    )
  • we need to recognize when an unsupported cert causes the connection to be terminated and offer a UI that can bypass that error if desired
@atouchet atouchet added this to To do in UWP port May 28, 2020
@jdm jdm mentioned this issue May 29, 2020
Merged
4 of 4 tasks complete
@jdm jdm moved this from To do to In progress in UWP port May 29, 2020
@jdm jdm moved this from To do to In progress in Mobile developer ergonomics May 29, 2020
bors-servo added a commit that referenced this issue Jun 9, 2020
@bors-servo
Auto merge of #26716 - jdm:selfsigned, r=Manishearth,asajeffrey
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
ab7a72d 
Add UI for bypassing SSL handshake failures

There are several parts to these changes:
1. resurrecting the network error classification code to distinguish between SSL failures and other network errors
1. adding an SSL verification callback to support verifying certs against a list that can change at runtime, rather than just at program initialization
1. exposing a privileged chrome://allowcert URI which accepts the PEM cert contents along with a secret token
1. extracting the PEM cert contents out of the network layer when a handshake failure occurs, and getting them into the HTML that is parsed when an SSL failure occurs
1. adding a button in the handshake failure page that performs an XHR to chrome://allowcert with knowledge of the secret token and the PEM cert contents, before reloading the original URL that failed

The presence of the secret token means that while the chrome://allowcert URL is currently visible to web content, they cannot make use of it to inject arbitrary certs into the verification process.

---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #26683
- [x] These changes do not require tests because the UI requires user activation and can't clearly be automated
bors-servo added a commit that referenced this issue Jun 9, 2020
@bors-servo
Auto merge of #26716 - jdm:selfsigned, r=Manishearth,asajeffrey
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
5c24d40 
Add UI for bypassing SSL handshake failures

There are several parts to these changes:
1. resurrecting the network error classification code to distinguish between SSL failures and other network errors
1. adding an SSL verification callback to support verifying certs against a list that can change at runtime, rather than just at program initialization
1. exposing a privileged chrome://allowcert URI which accepts the PEM cert contents along with a secret token
1. extracting the PEM cert contents out of the network layer when a handshake failure occurs, and getting them into the HTML that is parsed when an SSL failure occurs
1. adding a button in the handshake failure page that performs an XHR to chrome://allowcert with knowledge of the secret token and the PEM cert contents, before reloading the original URL that failed

The presence of the secret token means that while the chrome://allowcert URL is currently visible to web content, they cannot make use of it to inject arbitrary certs into the verification process.

---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #26683
- [x] These changes do not require tests because the UI requires user activation and can't clearly be automated
bors-servo added a commit that referenced this issue Jun 9, 2020
@bors-servo
Auto merge of #26716 - jdm:selfsigned, r=Manishearth,asajeffrey
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
efab964 
Add UI for bypassing SSL handshake failures

There are several parts to these changes:
1. resurrecting the network error classification code to distinguish between SSL failures and other network errors
1. adding an SSL verification callback to support verifying certs against a list that can change at runtime, rather than just at program initialization
1. exposing a privileged chrome://allowcert URI which accepts the PEM cert contents along with a secret token
1. extracting the PEM cert contents out of the network layer when a handshake failure occurs, and getting them into the HTML that is parsed when an SSL failure occurs
1. adding a button in the handshake failure page that performs an XHR to chrome://allowcert with knowledge of the secret token and the PEM cert contents, before reloading the original URL that failed

The presence of the secret token means that while the chrome://allowcert URL is currently visible to web content, they cannot make use of it to inject arbitrary certs into the verification process.

---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #26683
- [x] These changes do not require tests because the UI requires user activation and can't clearly be automated
bors-servo added a commit that referenced this issue Jun 9, 2020
@bors-servo
Auto merge of #26716 - jdm:selfsigned, r=Manishearth,asajeffrey
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
3892463 
Add UI for bypassing SSL handshake failures

There are several parts to these changes:
1. resurrecting the network error classification code to distinguish between SSL failures and other network errors
1. adding an SSL verification callback to support verifying certs against a list that can change at runtime, rather than just at program initialization
1. exposing a privileged chrome://allowcert URI which accepts the PEM cert contents along with a secret token
1. extracting the PEM cert contents out of the network layer when a handshake failure occurs, and getting them into the HTML that is parsed when an SSL failure occurs
1. adding a button in the handshake failure page that performs an XHR to chrome://allowcert with knowledge of the secret token and the PEM cert contents, before reloading the original URL that failed

The presence of the secret token means that while the chrome://allowcert URL is currently visible to web content, they cannot make use of it to inject arbitrary certs into the verification process.

---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #26683
- [x] These changes do not require tests because the UI requires user activation and can't clearly be automated
bors-servo added a commit that referenced this issue Jun 9, 2020
@bors-servo
Auto merge of #26716 - jdm:selfsigned, r=Manishearth,asajeffrey
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
7fa5bf4 
Add UI for bypassing SSL handshake failures

There are several parts to these changes:
1. resurrecting the network error classification code to distinguish between SSL failures and other network errors
1. adding an SSL verification callback to support verifying certs against a list that can change at runtime, rather than just at program initialization
1. exposing a privileged chrome://allowcert URI which accepts the PEM cert contents along with a secret token
1. extracting the PEM cert contents out of the network layer when a handshake failure occurs, and getting them into the HTML that is parsed when an SSL failure occurs
1. adding a button in the handshake failure page that performs an XHR to chrome://allowcert with knowledge of the secret token and the PEM cert contents, before reloading the original URL that failed

The presence of the secret token means that while the chrome://allowcert URL is currently visible to web content, they cannot make use of it to inject arbitrary certs into the verification process.

---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #26683
- [x] These changes do not require tests because the UI requires user activation and can't clearly be automated
UWP port automation moved this from In progress to Done Jun 10, 2020
@atouchet atouchet moved this from In progress to Done in Mobile developer ergonomics Jun 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-embedding A-network
Projects
Mobile developer ergonomics
  
Done
UWP port
  
Done
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

Add UI for bypassing SSL handshake failures
1 participant
@jdm
You can’t perform that action at this time.