tSet strict ssl by default and handle insecure content - surf - customized buil… | |
git clone git://src.adamsgaard.dk/surf | |
Log | |
Files | |
Refs | |
README | |
LICENSE | |
--- | |
commit 0247e91b0067c715b19dedd7a3012624ee61576a | |
parent 2355c20e92d6f47100323e3394d565f8e8bf70dc | |
Author: Quentin Rameau <[email protected]> | |
Date: Fri, 8 Jul 2016 18:27:07 +0200 | |
Set strict ssl by default and handle insecure content | |
Non-https content in https pages is now handled separately from https | |
connection establishment. | |
Diffstat: | |
M config.def.h | 2 +- | |
M surf.c | 29 +++++++++++++++++++---------- | |
2 files changed, 20 insertions(+), 11 deletions(-) | |
--- | |
diff --git a/config.def.h b/config.def.h | |
t@@ -30,7 +30,7 @@ static Parameter defconfig[ParameterLast] = { | |
SETB(SiteQuirks, 1), | |
SETB(SpellChecking, 0), | |
SETV(SpellLanguages, ((char *[]){ "en_US", NULL })), | |
- SETB(StrictSSL, 0), | |
+ SETB(StrictSSL, 1), | |
SETB(Style, 1), | |
SETF(ZoomLevel, 1.0), | |
}; | |
diff --git a/surf.c b/surf.c | |
t@@ -104,9 +104,9 @@ typedef struct Client { | |
WebKitWebInspector *inspector; | |
WebKitFindController *finder; | |
WebKitHitTestResult *mousepos; | |
- GTlsCertificateFlags tlsflags; | |
+ GTlsCertificateFlags tlserr; | |
Window xid; | |
- int progress, fullscreen; | |
+ int progress, fullscreen, https, insecure; | |
const char *title, *overtitle, *targeturi; | |
const char *needle; | |
struct Client *next; | |
t@@ -196,6 +196,8 @@ static gboolean decidepolicy(WebKitWebView *v, WebKitPolic… | |
static void decidenavigation(WebKitPolicyDecision *d, Client *c); | |
static void decidenewwindow(WebKitPolicyDecision *d, Client *c); | |
static void decideresource(WebKitPolicyDecision *d, Client *c); | |
+static void insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e, | |
+ Client *c); | |
static void downloadstarted(WebKitWebContext *wc, WebKitDownload *d, | |
Client *c); | |
static void responsereceived(WebKitDownload *d, GParamSpec *ps, Client *c); | |
t@@ -452,7 +454,6 @@ newclient(Client *rc) | |
clients = c; | |
c->progress = 100; | |
- c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1; | |
c->view = newview(c, rc ? rc->view : NULL); | |
return c; | |
t@@ -574,8 +575,10 @@ gettogglestats(Client *c) | |
void | |
getpagestats(Client *c) | |
{ | |
- pagestats[0] = c->tlsflags > G_TLS_CERTIFICATE_VALIDATE_ALL ? '-' : | |
- c->tlsflags > 0 ? 'U' : 'T'; | |
+ if (c->https) | |
+ pagestats[0] = (c->tlserr || c->insecure) ? 'U' : 'T'; | |
+ else | |
+ pagestats[0] = '-'; | |
pagestats[1] = '\0'; | |
} | |
t@@ -1006,6 +1009,8 @@ newview(Client *c, WebKitWebView *rv) | |
G_CALLBACK(createview), c); | |
g_signal_connect(G_OBJECT(v), "decide-policy", | |
G_CALLBACK(decidepolicy), c); | |
+ g_signal_connect(G_OBJECT(v), "insecure-content-detected", | |
+ G_CALLBACK(insecurecontent), c); | |
g_signal_connect(G_OBJECT(v), "load-changed", | |
G_CALLBACK(loadchanged), c); | |
g_signal_connect(G_OBJECT(v), "mouse-target-changed", | |
t@@ -1227,7 +1232,7 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client … | |
curconfig = defconfig; | |
setatom(c, AtomUri, title); | |
c->title = title; | |
- c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1; | |
+ c->https = c->insecure = 0; | |
seturiparameters(c, geturi(c)); | |
break; | |
case WEBKIT_LOAD_REDIRECTED: | |
t@@ -1236,10 +1241,8 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client… | |
seturiparameters(c, geturi(c)); | |
break; | |
case WEBKIT_LOAD_COMMITTED: | |
- if (!webkit_web_view_get_tls_info(c->view, NULL, | |
- &(c->tlsflags))) | |
- c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1; | |
- | |
+ c->https = webkit_web_view_get_tls_info(c->view, NULL, | |
+ &c->tlserr); | |
break; | |
case WEBKIT_LOAD_FINISHED: | |
/* Disabled until we write some WebKitWebExtension for | |
t@@ -1427,6 +1430,12 @@ decideresource(WebKitPolicyDecision *d, Client *c) | |
} | |
void | |
+insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e, Client *c) | |
+{ | |
+ c->insecure = 1; | |
+} | |
+ | |
+void | |
downloadstarted(WebKitWebContext *wc, WebKitDownload *d, Client *c) | |
{ | |
g_signal_connect(G_OBJECT(d), "notify::response", |