-
Chris Thompson authored
This adds support for triggering the legacy TLS interstitial on iOS, for iOS 14 or higher where WebKit exposes the |shouldAllowDeprecatedTLS| method. This is behind an off-by-default feature flag |kIOSLegacyTLSInterstitial|. (Without this change, in iOS14 legacy TLS connections will default to being allowed in WKWebView; with this change but with the feature disabled will be the same behavior.) This new interstitial roughly follows the same code structure as the iOS lookalike interstitial. The new method |shouldAllowDeprecatedTLS| checks if the domain has been allowlisted (by the user clicking through the interstitial) and if not sets an error for the navigation and tells WebKit to cancel. The error is then handled via the standard error page flow, with a new check for the net::ERR_SSL_OBSOLETE_VERSION error. Because CRWWKNavigationHandler can't depend on security_interstitals, this adds a delegate method to the WebClient interface called |IsLegacyTLSAllowedForHost|, which in turn looks up the host in the LegacyTLSTabAllowList from the WebState. This also includes a new egtest suite for exercising legacy TLS connections and the interstitial behavior. This does not include downgrading the security indicator for sites that use legacy TLS connections (after a user clicks through the interstitial). Bug: 1100647 Change-Id: Ia92e28bf52c0808875877322909fabdbaead3fa1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2325071Reviewed-by:
Eugene But <eugenebut@chromium.org> Reviewed-by:
Matt Mueller <mattm@chromium.org> Reviewed-by:
Livvie Lin <livvielin@chromium.org> Commit-Queue: Christopher Thompson <cthomp@chromium.org> Cr-Commit-Position: refs/heads/master@{#794757}
40cbb16d
