 |
tAdd SSL verification patch by Nick White. - surf - customized build of surf, t… |
 |
git clone git://src.adamsgaard.dk/surf |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
commit bc73b48743eb0b51905322cad25b4647569e7996 |
|
parent 2e62372969239285705504187b0211039b5ae619 |
|
Author: Troels Henriksen <[email protected]> |
|
Date: Fri, 4 Nov 2011 13:23:57 +0100 |
|
|
|
Add SSL verification patch by Nick White. |
|
Diffstat: |
|
M config.def.h | 5 ++++- |
|
M surf.c | 29 ++++++++++++++++++++++++++--- |
|
|
|
2 files changed, 30 insertions(+), 4 deletions(-) |
|
--- |
|
diff --git a/config.def.h b/config.def.h |
|
t@@ -1,11 +1,14 @@ |
|
/* modifier 0 means no modifier */ |
|
static char *useragent = "Surf/"VERSION" (X11; U; Unix; en-US) AppleWebKi… |
|
-static char *progress = "#FF0000"; |
|
+static char *progress = "#0066FF"; |
|
+static char *progress_untrust = "#FF6600"; |
|
static char *progress_trust = "#00FF00"; |
|
static char *stylefile = ".surf/style.css"; |
|
static char *scriptfile = ".surf/script.js"; |
|
static char *cookiefile = ".surf/cookies.txt"; |
|
static time_t sessiontime = 3600; |
|
+static char *cafile = "/etc/ssl/certs/ca-certificates.crt"; |
|
+static char *strictssl = FALSE; /* Refuse untrusted SSL connections */ |
|
#define HIDE_BACKGROUND FALSE |
|
|
|
#define SETPROP(p, q) { .v = (char *[]){ "/bin/sh", "-c", \ |
|
diff --git a/surf.c b/surf.c |
|
t@@ -37,6 +37,7 @@ typedef struct Client { |
|
char *title, *linkhover; |
|
const char *uri, *needle; |
|
gint progress; |
|
+ gboolean sslfailed; |
|
struct Client *next; |
|
gboolean zoomed; |
|
} Client; |
|
t@@ -260,8 +261,11 @@ drawindicator(Client *c) { |
|
w = c->indicator; |
|
width = c->progress * w->allocation.width / 100; |
|
gc = gdk_gc_new(w->window); |
|
- gdk_color_parse(strstr(uri, "https://") == uri ? |
|
- progress_trust : progress, &fg); |
|
+ if(strstr(uri, "https://") == uri) |
|
+ gdk_color_parse(c->sslfailed ? |
|
+ progress_untrust : progress_trust, &fg); |
|
+ else |
|
+ gdk_color_parse(progress, &fg); |
|
gdk_gc_set_rgb_fg_color(gc, &fg); |
|
gdk_draw_rectangle(w->window, |
|
w->style->bg_gc[GTK_WIDGET_STATE(w)], |
|
t@@ -377,9 +381,24 @@ linkhover(WebKitWebView *v, const char* t, const char* l,… |
|
|
|
void |
|
loadstatuschange(WebKitWebView *view, GParamSpec *pspec, Client *c) { |
|
+ WebKitWebFrame *frame; |
|
+ WebKitWebDataSource *src; |
|
+ WebKitNetworkRequest *request; |
|
+ SoupMessage *msg; |
|
+ char *uri; |
|
+ |
|
switch(webkit_web_view_get_load_status (c->view)) { |
|
case WEBKIT_LOAD_COMMITTED: |
|
- setatom(c, AtomUri, geturi(c)); |
|
+ uri = geturi(c); |
|
+ if(strstr(uri, "https://") == uri) { |
|
+ frame = webkit_web_view_get_main_frame(c->view); |
|
+ src = webkit_web_frame_get_data_source(frame); |
|
+ request = webkit_web_data_source_get_request(src); |
|
+ msg = webkit_network_request_get_message(request); |
|
+ c->sslfailed = soup_message_get_flags(msg) |
|
+ ^ SOUP_MESSAGE_CERTIFICATE_TRUSTED; |
|
+ } |
|
+ setatom(c, AtomUri, uri); |
|
break; |
|
case WEBKIT_LOAD_FINISHED: |
|
c->progress = 0; |
|
t@@ -708,6 +727,10 @@ setup(void) { |
|
soup_session_remove_feature_by_type(s, soup_cookie_jar_get_type()); |
|
g_signal_connect_after(G_OBJECT(s), "request-started", G_CALLBACK(newr… |
|
|
|
+ /* ssl */ |
|
+ g_object_set(G_OBJECT(s), "ssl-ca-file", cafile, NULL); |
|
+ g_object_set(G_OBJECT(s), "ssl-strict", strictssl, NULL); |
|
+ |
|
/* proxy */ |
|
if((proxy = getenv("http_proxy")) && strcmp(proxy, "")) { |
|
new_proxy = g_strrstr(proxy, "http://") ? g_strdup(proxy) : |
