tDisplay an error message and certificate on tls error - surf - customized buil… | |
git clone git://src.adamsgaard.dk/surf | |
Log | |
Files | |
Refs | |
README | |
LICENSE | |
--- | |
commit 1dc3cd513a75570cc2fc33a86d4af565ecf9255e | |
parent c870098b82f1dfc3cd59cd8c90cea580bd01cb47 | |
Author: Quentin Rameau <[email protected]> | |
Date: Sat, 29 Apr 2017 14:49:04 +0200 | |
Display an error message and certificate on tls error | |
Diffstat: | |
M config.mk | 7 ++++--- | |
M surf.c | 51 +++++++++++++++++++++++++++++… | |
2 files changed, 55 insertions(+), 3 deletions(-) | |
--- | |
diff --git a/config.mk b/config.mk | |
t@@ -11,15 +11,16 @@ LIBPREFIX = $(PREFIX)/lib/surf | |
X11INC = /usr/X11R6/include | |
X11LIB = /usr/X11R6/lib | |
-GTKINC = `pkg-config --cflags gtk+-3.0 webkit2gtk-4.0` | |
-GTKLIB = `pkg-config --libs gtk+-3.0 webkit2gtk-4.0` | |
+GTKINC = `pkg-config --cflags gtk+-3.0 gcr-3 webkit2gtk-4.0` | |
+GTKLIB = `pkg-config --libs gtk+-3.0 gcr-3 webkit2gtk-4.0` | |
# includes and libs | |
INCS = -I$(X11INC) $(GTKINC) | |
LIBS = -L$(X11LIB) -lX11 $(GTKLIB) -lgthread-2.0 | |
# flags | |
-CPPFLAGS = -DVERSION=\"${VERSION}\" -DWEBEXTDIR=\"${LIBPREFIX}\" -D_DEFAULT_SO… | |
+CPPFLAGS = -DVERSION=\"${VERSION}\" -DWEBEXTDIR=\"${LIBPREFIX}\" \ | |
+ -D_DEFAULT_SOURCE -DGCR_API_SUBJECT_TO_CHANGE | |
SURF_CFLAGS = $(INCS) $(CPPFLAGS) $(CFLAGS) | |
SURF_LDFLAGS = $(LIBS) $(LDFLAGS) | |
diff --git a/surf.c b/surf.c | |
t@@ -22,6 +22,7 @@ | |
#include <glib/gstdio.h> | |
#include <gtk/gtk.h> | |
#include <gtk/gtkx.h> | |
+#include <gcr/gcr.h> | |
#include <JavaScriptCore/JavaScript.h> | |
#include <webkit2/webkit2.h> | |
#include <X11/X.h> | |
t@@ -187,6 +188,9 @@ static GdkFilterReturn processx(GdkXEvent *xevent, GdkEven… | |
static gboolean winevent(GtkWidget *w, GdkEvent *e, Client *c); | |
static void showview(WebKitWebView *v, Client *c); | |
static GtkWidget *createwindow(Client *c); | |
+static gboolean loadfailedtls(WebKitWebView *v, gchar *uri, | |
+ GTlsCertificate *cert, | |
+ GTlsCertificateFlags err, Client *c); | |
static void loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c); | |
static void progresschanged(WebKitWebView *v, GParamSpec *ps, Client *c); | |
static void titlechanged(WebKitWebView *view, GParamSpec *ps, Client *c); | |
t@@ -1070,6 +1074,8 @@ newview(Client *c, WebKitWebView *rv) | |
G_CALLBACK(decidepolicy), c); | |
g_signal_connect(G_OBJECT(v), "insecure-content-detected", | |
G_CALLBACK(insecurecontent), c); | |
+ g_signal_connect(G_OBJECT(v), "load-failed-with-tls-errors", | |
+ G_CALLBACK(loadfailedtls), c); | |
g_signal_connect(G_OBJECT(v), "load-changed", | |
G_CALLBACK(loadchanged), c); | |
g_signal_connect(G_OBJECT(v), "mouse-target-changed", | |
t@@ -1281,6 +1287,51 @@ createwindow(Client *c) | |
return w; | |
} | |
+gboolean | |
+loadfailedtls(WebKitWebView *v, gchar *uri, GTlsCertificate *cert, | |
+ GTlsCertificateFlags err, Client *c) | |
+{ | |
+ GString *errmsg = g_string_new(NULL); | |
+ gchar *html, *pem; | |
+ | |
+ c->tlserr = err; | |
+ | |
+ if (err & G_TLS_CERTIFICATE_UNKNOWN_CA) | |
+ g_string_append(errmsg, | |
+ "The signing certificate authority is not known.<br>"); | |
+ if (err & G_TLS_CERTIFICATE_BAD_IDENTITY) | |
+ g_string_append(errmsg, | |
+ "The certificate does not match the expected identity " | |
+ "of the site that it was retrieved from.<br>"); | |
+ if (err & G_TLS_CERTIFICATE_NOT_ACTIVATED) | |
+ g_string_append(errmsg, | |
+ "The certificate's activation time " | |
+ "is still in the future.<br>"); | |
+ if (err & G_TLS_CERTIFICATE_EXPIRED) | |
+ g_string_append(errmsg, "The certificate has expired.<br>"); | |
+ if (err & G_TLS_CERTIFICATE_REVOKED) | |
+ g_string_append(errmsg, | |
+ "The certificate has been revoked according to " | |
+ "the GTlsConnection's certificate revocation list.<br>"); | |
+ if (err & G_TLS_CERTIFICATE_INSECURE) | |
+ g_string_append(errmsg, | |
+ "The certificate's algorithm is considered insecure.<br>"); | |
+ if (err & G_TLS_CERTIFICATE_GENERIC_ERROR) | |
+ g_string_append(errmsg, | |
+ "Some error occurred validating the certificate.<br>"); | |
+ | |
+ g_object_get(cert, "certificate-pem", &pem, NULL); | |
+ html = g_strdup_printf("<p>Could not validate TLS for ā%sā<br>%s</… | |
+ "<p><pre>%s</pre><p>", uri, errmsg->str, pem); | |
+ g_free(pem); | |
+ g_string_free(errmsg, TRUE); | |
+ | |
+ webkit_web_view_load_alternate_html(c->view, html, uri, NULL); | |
+ g_free(html); | |
+ | |
+ return TRUE; | |
+} | |
+ | |
void | |
loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) | |
{ |