KTOR-6759 Darwin: Throw specific exception for SSL Pinning failure #4408
Conversation
osipxd
force-pushed
the
osipxd/darwin-ambiguous-ssl-pinning-failure
branch
from
286dd71 to
cc70f73
Compare
osipxd
force-pushed
the
osipxd/darwin-ambiguous-ssl-pinning-failure
branch
from
cc70f73 to
13901e5
Compare
| @@ -436,3 +430,5 @@ public data class CertificatePinner( | |||
| ) | |||
| } | |||
| } | |||
|
|
|||
| public class CertificatePinnerException(message: String) : IOException(message) | |||
There was a problem hiding this comment.
I have concerns regarding this exception:
- Previously
DarwinHttpRequestExceptionwas thrown for such cases, so it is potentially breaking change - This exception is used for any error thrown by the pinner. Should we give a possibility to distinct between these errors?
- Should we provide a multiplatform exception to be able to handle SSL pinning problems in a unified manner?
There was a problem hiding this comment.
Looks good to me.
- I would still consider this as a bug fix
- We can make this exception open, and wait if there are use cases for that.
- We could introduce this exception in ktor-network common code.
Let's target to 3.1.0 and do it
There was a problem hiding this comment.
@osipxd Thanks for this PR! I have very little context on the Ktor code, so I don't have much feedback to share. I can see that the exception contains the output message which is exactly what I was hoping to be able to access. I also appreciate how you included some tests. Thanks for your help and @e5l thank you for your review as well! 🙏
| @@ -436,3 +430,5 @@ public data class CertificatePinner( | |||
| ) | |||
| } | |||
| } | |||
|
|
|||
| public class CertificatePinnerException(message: String) : IOException(message) | |||
There was a problem hiding this comment.
Looks good to me.
- I would still consider this as a bug fix
- We can make this exception open, and wait if there are use cases for that.
- We could introduce this exception in ktor-network common code.
Let's target to 3.1.0 and do it
| @@ -436,3 +430,5 @@ public data class CertificatePinner( | |||
| ) | |||
| } | |||
| } | |||
|
|
|||
| public class CertificatePinnerException(message: String) : IOException(message) | |||
There was a problem hiding this comment.
@osipxd Thanks for this PR! I have very little context on the Ktor code, so I don't have much feedback to share. I can see that the exception contains the output message which is exactly what I was hoping to be able to access. I also appreciate how you included some tests. Thanks for your help and @e5l thank you for your review as well! 🙏
e5l
force-pushed
the
3.1.0-eap
branch
2 times, most recently
from
ce83e36 to
ccb920f
Compare
e5l
force-pushed
the
3.1.0-eap
branch
5 times, most recently
from
1d19b77 to
e1f483e
Compare
e5l
force-pushed
the
3.1.0-eap
branch
2 times, most recently
from
95e95b0 to
1971db7
Compare
osipxd
force-pushed
the
3.1.0-eap
branch
5 times, most recently
from
ecb56d2 to
d50a66e
Compare
Subsystem
Client, Darwin
Motivation
KTOR-6759 Darwin: Ambiguous DarwinHttpRequestException for SSL Pinning failure
The problem is that we call
completionHandlerwithNSURLSessionAuthChallengePerformDefaultHandlingon SSL pinning failure and then third-party API throws an exception. There are no mechanisms to attach additional data to this exception (or at least I don't know any).The place where the actual error occurs and the place where
DarwinHttpRequestExceptionis constructed are two completely different places.Solution
Save actual failure thrown during challenge handling to a
DarwinTaskHandlerand throw it later instead of creating a generic one. Throw specific exceptionCertificatePinnerto make it possible to catch pinning failures specifically:Naming, comments, and other stylistic things aren’t final yet, but I need this draft to be reviewed.