Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

Commit

Permalink
Fix #8703: Match Desktop Cert Display (#8704)
Browse files Browse the repository at this point in the history
Match Chrome Behaviour for SSL Handshake validation
  • Loading branch information
Brandon-T authored Jan 25, 2024
1 parent ec5b207 commit 4eeb78d
Showing 1 changed file with 2 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -802,10 +802,9 @@ extension BrowserViewController: WKNavigationDelegate {
// Also, when Chromium cert validation passes, BUT Apple cert validation fails, the request is cancelled automatically by WebKit
// In such a case, the webView.serverTrust is `nil`. The only time we have a valid trust is when we received the challenge
// so we need to update the URL-Bar to show that serverTrust when WebKit's is nil.
let serverTrust = webView.serverTrust ?? tab.sslPinningTrust
observeValue(forKeyPath: KVOConstants.serverTrust.keyPath,
of: webView,
change: [.newKey: serverTrust as Any, .kindKey: 1],
change: [.newKey: webView.serverTrust ?? tab.sslPinningTrust as Any, .kindKey: 1],
context: nil)

// Ignore the "Frame load interrupted" error that is triggered when we cancel a request
Expand Down Expand Up @@ -840,7 +839,7 @@ extension BrowserViewController: WKNavigationDelegate {
if let url = error.userInfo[NSURLErrorFailingURLErrorKey] as? URL {

// The certificate came from the WebKit SSL Handshake validation and the cert is untrusted
if let serverTrust = serverTrust, error.userInfo["NSErrorPeerCertificateChainKey"] == nil {
if webView.serverTrust == nil, let serverTrust = tab.sslPinningTrust, error.userInfo["NSErrorPeerCertificateChainKey"] == nil {
// Build a cert chain error to display in the cert viewer in such cases, as we aren't given one by WebKit
var userInfo = error.userInfo
userInfo["NSErrorPeerCertificateChainKey"] = SecTrustCopyCertificateChain(serverTrust) as? [SecCertificate] ?? []
Expand Down

0 comments on commit 4eeb78d

Please sign in to comment.