From 4eeb78d23f1ab7a5fb2f9702a685867825cd3ce6 Mon Sep 17 00:00:00 2001 From: Brandon-T Date: Thu, 25 Jan 2024 12:31:09 -0500 Subject: [PATCH] Fix #8703: Match Desktop Cert Display (#8704) Match Chrome Behaviour for SSL Handshake validation --- .../BrowserViewController/BVC+WKNavigationDelegate.swift | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Sources/Brave/Frontend/Browser/BrowserViewController/BVC+WKNavigationDelegate.swift b/Sources/Brave/Frontend/Browser/BrowserViewController/BVC+WKNavigationDelegate.swift index 3279569b46d..48b717f99ef 100644 --- a/Sources/Brave/Frontend/Browser/BrowserViewController/BVC+WKNavigationDelegate.swift +++ b/Sources/Brave/Frontend/Browser/BrowserViewController/BVC+WKNavigationDelegate.swift @@ -802,10 +802,9 @@ extension BrowserViewController: WKNavigationDelegate { // Also, when Chromium cert validation passes, BUT Apple cert validation fails, the request is cancelled automatically by WebKit // In such a case, the webView.serverTrust is `nil`. The only time we have a valid trust is when we received the challenge // so we need to update the URL-Bar to show that serverTrust when WebKit's is nil. - let serverTrust = webView.serverTrust ?? tab.sslPinningTrust observeValue(forKeyPath: KVOConstants.serverTrust.keyPath, of: webView, - change: [.newKey: serverTrust as Any, .kindKey: 1], + change: [.newKey: webView.serverTrust ?? tab.sslPinningTrust as Any, .kindKey: 1], context: nil) // Ignore the "Frame load interrupted" error that is triggered when we cancel a request @@ -840,7 +839,7 @@ extension BrowserViewController: WKNavigationDelegate { if let url = error.userInfo[NSURLErrorFailingURLErrorKey] as? URL { // The certificate came from the WebKit SSL Handshake validation and the cert is untrusted - if let serverTrust = serverTrust, error.userInfo["NSErrorPeerCertificateChainKey"] == nil { + if webView.serverTrust == nil, let serverTrust = tab.sslPinningTrust, error.userInfo["NSErrorPeerCertificateChainKey"] == nil { // Build a cert chain error to display in the cert viewer in such cases, as we aren't given one by WebKit var userInfo = error.userInfo userInfo["NSErrorPeerCertificateChainKey"] = SecTrustCopyCertificateChain(serverTrust) as? [SecCertificate] ?? []