GopherProxy

	Set strict ssl by default and handle insecure content - surf - surf browser, a …
	git clone git://git.suckless.org/surf
	Log
	Files
	Refs
	README
	LICENSE
	---
	commit 0247e91b0067c715b19dedd7a3012624ee61576a
	parent 2355c20e92d6f47100323e3394d565f8e8bf70dc
	Author: Quentin Rameau <[email protected]>
	Date: Fri, 8 Jul 2016 18:27:07 +0200

	Set strict ssl by default and handle insecure content

	Non-https content in https pages is now handled separately from https
	connection establishment.

	Diffstat:
	M config.def.h \| 2 +-
	M surf.c \| 29 +++++++++++++++++++----------

	2 files changed, 20 insertions(+), 11 deletions(-)
	---
	diff --git a/config.def.h b/config.def.h
	@@ -30,7 +30,7 @@ static Parameter defconfig[ParameterLast] = {
	SETB(SiteQuirks, 1),
	SETB(SpellChecking, 0),
	SETV(SpellLanguages, ((char *[]){ "en_US", NULL })),
	- SETB(StrictSSL, 0),
	+ SETB(StrictSSL, 1),
	SETB(Style, 1),
	SETF(ZoomLevel, 1.0),
	};
	diff --git a/surf.c b/surf.c
	@@ -104,9 +104,9 @@ typedef struct Client {
	WebKitWebInspector *inspector;
	WebKitFindController *finder;
	WebKitHitTestResult *mousepos;
	- GTlsCertificateFlags tlsflags;
	+ GTlsCertificateFlags tlserr;
	Window xid;
	- int progress, fullscreen;
	+ int progress, fullscreen, https, insecure;
	const char title, overtitle, *targeturi;
	const char *needle;
	struct Client *next;
	@@ -196,6 +196,8 @@ static gboolean decidepolicy(WebKitWebView *v, WebKitPolicy…
	static void decidenavigation(WebKitPolicyDecision d, Client c);
	static void decidenewwindow(WebKitPolicyDecision d, Client c);
	static void decideresource(WebKitPolicyDecision d, Client c);
	+static void insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e,
	+ Client *c);
	static void downloadstarted(WebKitWebContext wc, WebKitDownload d,
	Client *c);
	static void responsereceived(WebKitDownload d, GParamSpec ps, Client *c);
	@@ -452,7 +454,6 @@ newclient(Client *rc)
	clients = c;

	c->progress = 100;
	- c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
	c->view = newview(c, rc ? rc->view : NULL);

	return c;
	@@ -574,8 +575,10 @@ gettogglestats(Client *c)
	void
	getpagestats(Client *c)
	{
	- pagestats[0] = c->tlsflags > G_TLS_CERTIFICATE_VALIDATE_ALL ? '-' :
	- c->tlsflags > 0 ? 'U' : 'T';
	+ if (c->https)
	+ pagestats[0] = (c->tlserr \|\| c->insecure) ? 'U' : 'T';
	+ else
	+ pagestats[0] = '-';
	pagestats[1] = '\0';
	}

	@@ -1006,6 +1009,8 @@ newview(Client c, WebKitWebView rv)
	G_CALLBACK(createview), c);
	g_signal_connect(G_OBJECT(v), "decide-policy",
	G_CALLBACK(decidepolicy), c);
	+ g_signal_connect(G_OBJECT(v), "insecure-content-detected",
	+ G_CALLBACK(insecurecontent), c);
	g_signal_connect(G_OBJECT(v), "load-changed",
	G_CALLBACK(loadchanged), c);
	g_signal_connect(G_OBJECT(v), "mouse-target-changed",
	@@ -1227,7 +1232,7 @@ loadchanged(WebKitWebView v, WebKitLoadEvent e, Client …
	curconfig = defconfig;
	setatom(c, AtomUri, title);
	c->title = title;
	- c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
	+ c->https = c->insecure = 0;
	seturiparameters(c, geturi(c));
	break;
	case WEBKIT_LOAD_REDIRECTED:
	@@ -1236,10 +1241,8 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client …
	seturiparameters(c, geturi(c));
	break;
	case WEBKIT_LOAD_COMMITTED:
	- if (!webkit_web_view_get_tls_info(c->view, NULL,
	- &(c->tlsflags)))
	- c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
	-
	+ c->https = webkit_web_view_get_tls_info(c->view, NULL,
	+ &c->tlserr);
	break;
	case WEBKIT_LOAD_FINISHED:
	/* Disabled until we write some WebKitWebExtension for
	@@ -1427,6 +1430,12 @@ decideresource(WebKitPolicyDecision d, Client c)
	}

	void
	+insecurecontent(WebKitWebView v, WebKitInsecureContentEvent e, Client c)
	+{
	+ c->insecure = 1;
	+}
	+
	+void
	downloadstarted(WebKitWebContext wc, WebKitDownload d, Client *c)
	{
	g_signal_connect(G_OBJECT(d), "notify::response",