tAdd SSL verification patch by Nick White. - surf - customized build of surf, t… | |
git clone git://src.adamsgaard.dk/surf | |
Log | |
Files | |
Refs | |
README | |
LICENSE | |
--- | |
commit bc73b48743eb0b51905322cad25b4647569e7996 | |
parent 2e62372969239285705504187b0211039b5ae619 | |
Author: Troels Henriksen <[email protected]> | |
Date: Fri, 4 Nov 2011 13:23:57 +0100 | |
Add SSL verification patch by Nick White. | |
Diffstat: | |
M config.def.h | 5 ++++- | |
M surf.c | 29 ++++++++++++++++++++++++++--- | |
2 files changed, 30 insertions(+), 4 deletions(-) | |
--- | |
diff --git a/config.def.h b/config.def.h | |
t@@ -1,11 +1,14 @@ | |
/* modifier 0 means no modifier */ | |
static char *useragent = "Surf/"VERSION" (X11; U; Unix; en-US) AppleWebKi… | |
-static char *progress = "#FF0000"; | |
+static char *progress = "#0066FF"; | |
+static char *progress_untrust = "#FF6600"; | |
static char *progress_trust = "#00FF00"; | |
static char *stylefile = ".surf/style.css"; | |
static char *scriptfile = ".surf/script.js"; | |
static char *cookiefile = ".surf/cookies.txt"; | |
static time_t sessiontime = 3600; | |
+static char *cafile = "/etc/ssl/certs/ca-certificates.crt"; | |
+static char *strictssl = FALSE; /* Refuse untrusted SSL connections */ | |
#define HIDE_BACKGROUND FALSE | |
#define SETPROP(p, q) { .v = (char *[]){ "/bin/sh", "-c", \ | |
diff --git a/surf.c b/surf.c | |
t@@ -37,6 +37,7 @@ typedef struct Client { | |
char *title, *linkhover; | |
const char *uri, *needle; | |
gint progress; | |
+ gboolean sslfailed; | |
struct Client *next; | |
gboolean zoomed; | |
} Client; | |
t@@ -260,8 +261,11 @@ drawindicator(Client *c) { | |
w = c->indicator; | |
width = c->progress * w->allocation.width / 100; | |
gc = gdk_gc_new(w->window); | |
- gdk_color_parse(strstr(uri, "https://") == uri ? | |
- progress_trust : progress, &fg); | |
+ if(strstr(uri, "https://") == uri) | |
+ gdk_color_parse(c->sslfailed ? | |
+ progress_untrust : progress_trust, &fg); | |
+ else | |
+ gdk_color_parse(progress, &fg); | |
gdk_gc_set_rgb_fg_color(gc, &fg); | |
gdk_draw_rectangle(w->window, | |
w->style->bg_gc[GTK_WIDGET_STATE(w)], | |
t@@ -377,9 +381,24 @@ linkhover(WebKitWebView *v, const char* t, const char* l,… | |
void | |
loadstatuschange(WebKitWebView *view, GParamSpec *pspec, Client *c) { | |
+ WebKitWebFrame *frame; | |
+ WebKitWebDataSource *src; | |
+ WebKitNetworkRequest *request; | |
+ SoupMessage *msg; | |
+ char *uri; | |
+ | |
switch(webkit_web_view_get_load_status (c->view)) { | |
case WEBKIT_LOAD_COMMITTED: | |
- setatom(c, AtomUri, geturi(c)); | |
+ uri = geturi(c); | |
+ if(strstr(uri, "https://") == uri) { | |
+ frame = webkit_web_view_get_main_frame(c->view); | |
+ src = webkit_web_frame_get_data_source(frame); | |
+ request = webkit_web_data_source_get_request(src); | |
+ msg = webkit_network_request_get_message(request); | |
+ c->sslfailed = soup_message_get_flags(msg) | |
+ ^ SOUP_MESSAGE_CERTIFICATE_TRUSTED; | |
+ } | |
+ setatom(c, AtomUri, uri); | |
break; | |
case WEBKIT_LOAD_FINISHED: | |
c->progress = 0; | |
t@@ -708,6 +727,10 @@ setup(void) { | |
soup_session_remove_feature_by_type(s, soup_cookie_jar_get_type()); | |
g_signal_connect_after(G_OBJECT(s), "request-started", G_CALLBACK(newr… | |
+ /* ssl */ | |
+ g_object_set(G_OBJECT(s), "ssl-ca-file", cafile, NULL); | |
+ g_object_set(G_OBJECT(s), "ssl-strict", strictssl, NULL); | |
+ | |
/* proxy */ | |
if((proxy = getenv("http_proxy")) && strcmp(proxy, "")) { | |
new_proxy = g_strrstr(proxy, "http://") ? g_strdup(proxy) : |