[libsoup/hsts: 36/36] Cancel messages for STS known hosts with HTTPS errors

[Claudio Saavedra <csaavedra src gnome org>]

commit e618d89efd76ca697bc90e93eb4c0520fcb626f5
Author: Claudio Saavedra <csaavedra igalia com>
Date:   Tue Sep 25 10:54:30 2018 +0300

    Cancel messages for STS known hosts with HTTPS errors
    
    The specification requires that STS known hosts have their messages
    cancelled if there are any underlying secure transport errors.

 libsoup/soup-hsts-enforcer.c | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)
---
diff --git a/libsoup/soup-hsts-enforcer.c b/libsoup/soup-hsts-enforcer.c
index b687ba43..1279a494 100644
--- a/libsoup/soup-hsts-enforcer.c
+++ b/libsoup/soup-hsts-enforcer.c
@@ -58,6 +58,7 @@ enum {
 static guint signals[LAST_SIGNAL] = { 0 };
 
 struct _SoupHSTSEnforcerPrivate {
+       SoupSession *session;
        GHashTable *host_policies;
        GHashTable *session_policies;
 };
@@ -482,6 +483,20 @@ rewrite_message_uri_to_https (SoupMessage *msg)
        soup_uri_free (uri);
 }
 
+static void
+on_sts_known_host_message_starting (SoupMessage *msg, SoupHSTSEnforcer *enforcer)
+{
+       GTlsCertificateFlags errors;
+
+       /* THE UA MUST terminate the connection if there are
+          any errors with the underlying secure transport for STS
+          known hosts. */
+
+       soup_message_get_https_status (msg, NULL, &errors);
+       if (errors)
+               soup_session_cancel_message (enforcer->priv->session, msg, SOUP_STATUS_CANCELLED);
+}
+
 static void
 preprocess_request (SoupHSTSEnforcer *enforcer, SoupMessage *msg)
 {
@@ -497,8 +512,12 @@ preprocess_request (SoupHSTSEnforcer *enforcer, SoupMessage *msg)
 
        scheme = soup_uri_get_scheme (uri);
        if (scheme == SOUP_URI_SCHEME_HTTP) {
-               if (soup_hsts_enforcer_must_enforce_secure_transport (enforcer, soup_uri_get_host (uri)))
+               if (soup_hsts_enforcer_must_enforce_secure_transport (enforcer, soup_uri_get_host (uri))) {
                        rewrite_message_uri_to_https (msg);
+                       g_signal_connect (msg, "starting",
+                                         G_CALLBACK (on_sts_known_host_message_starting),
+                                         enforcer);
+               }
        } else if (scheme == SOUP_URI_SCHEME_HTTPS) {
                soup_message_add_header_handler (msg, "got-headers",
                                                 "Strict-Transport-Security",
@@ -514,6 +533,15 @@ message_restarted_cb (SoupMessage *msg, gpointer user_data)
 
 }
 
+static void
+soup_hsts_enforcer_attach (SoupSessionFeature *feature, SoupSession *session)
+{
+       SOUP_HSTS_ENFORCER (feature)->priv->session = session;
+
+       if (soup_hsts_enforcer_default_feature_interface->attach)
+               soup_hsts_enforcer_default_feature_interface->attach (feature, session);
+}
+
 static void
 soup_hsts_enforcer_request_queued (SoupSessionFeature *feature,
                                   SoupSession *session,
@@ -545,6 +573,7 @@ soup_hsts_enforcer_session_feature_init (SoupSessionFeatureInterface *feature_in
        soup_hsts_enforcer_default_feature_interface =
                g_type_default_interface_peek (SOUP_TYPE_SESSION_FEATURE);
 
+       feature_interface->attach = soup_hsts_enforcer_attach;
        feature_interface->request_queued = soup_hsts_enforcer_request_queued;
        feature_interface->request_unqueued = soup_hsts_enforcer_request_unqueued;
 }