GopherProxy

	Add support for using custom certificates per url - surf - surf browser, a WebK…
	git clone git://git.suckless.org/surf
	Log
	Files
	Refs
	README
	LICENSE
	---
	commit 3c2c0a65250e1415124603cb8d91bff4a657d46a
	parent eb32dd6eca5b6224bb5fb28cadef5bd035581ef3
	Author: Quentin Rameau <[email protected]>
	Date: Fri, 28 Apr 2017 12:58:36 +0200

	Add support for using custom certificates per url

	Diffstat:
	M config.def.h \| 11 +++++++++++
	M surf.c \| 55 +++++++++++++++++++++++++++++…

	2 files changed, 66 insertions(+), 0 deletions(-)
	---
	diff --git a/config.def.h b/config.def.h
	@@ -3,12 +3,14 @@ static int surfuseragent = 1; /* Append Surf version to d…
	static char fulluseragent = ""; / Or override the whole user agent string */
	static char *scriptfile = "~/.surf/script.js";
	static char *styledir = "~/.surf/styles/";
	+static char *certdir = "~/.surf/certificates/";
	static char *cachedir = "~/.surf/cache/";
	static char *cookiefile = "~/.surf/cookies.txt";

	/* Webkit default features */
	static Parameter defconfig[ParameterLast] = {
	SETB(AcceleratedCanvas, 1),
	+ SETB(Certificate, 0),
	SETB(CaretBrowsing, 0),
	SETV(CookiePolicies, "@Aa"),
	SETB(DiskCache, 1),
	@@ -95,6 +97,15 @@ static SiteSpecific styles[] = {
	{ ".*", "default.css" },
	};

	+/* certificates */
	+/*
	+ * Provide custom certificate for urls
	+ */
	+static SiteSpecific certs[] = {
	+ /* regexp file in $certdir */
	+ { "://suckless\\.org/", "suckless.org.crt" },
	+};
	+
	#define MODKEY GDK_CONTROL_MASK

	/* hotkeys */
	diff --git a/surf.c b/surf.c
	@@ -60,6 +60,7 @@ enum {
	typedef enum {
	AcceleratedCanvas,
	CaretBrowsing,
	+ Certificate,
	CookiePolicies,
	DiskCache,
	DNSPrefetch,
	@@ -162,6 +163,8 @@ static WebKitCookieAcceptPolicy cookiepolicy_get(void);
	static char cookiepolicy_set(const WebKitCookieAcceptPolicy p);
	static void seturiparameters(Client c, const char uri);
	static void setparameter(Client c, int refresh, ParamName p, const Arg a);
	+static const char getcert(const char uri);
	+static void setcert(Client c, const char file);
	static const char getstyle(const char uri);
	static void setstyle(Client c, const char file);
	static void runscript(Client *c);
	@@ -291,9 +294,19 @@ setup(void)
	cookiefile = buildfile(cookiefile);
	scriptfile = buildfile(scriptfile);
	cachedir = buildpath(cachedir);
	+ certdir = buildpath(certdir);

	gdkkb = gdk_seat_get_keyboard(gdk_display_get_default_seat(gdpy));

	+ for (i = 0; i < LENGTH(certs); ++i) {
	+ if (regcomp(&(certs[i].re), certs[i].regex, REG_EXTENDED)) {
	+ fprintf(stderr, "Could not compile regex: %s\n",
	+ certs[i].regex);
	+ certs[i].regex = NULL;
	+ }
	+ certs[i].file = g_strconcat(certdir, "/", certs[i].file, NULL);
	+ }
	+
	if (!stylefile) {
	styledir = buildpath(styledir);
	for (i = 0; i < LENGTH(styles); ++i) {
	@@ -642,6 +655,10 @@ setparameter(Client *c, int refresh, ParamName p, const Ar…
	webkit_settings_set_enable_caret_browsing(s, a->b);
	refresh = 0;
	break;
	+ case Certificate:
	+ if (a->b)
	+ setcert(c, geturi(c));
	+ return; /* do not update */
	case CookiePolicies:
	webkit_cookie_manager_set_accept_policy(
	webkit_web_context_get_cookie_manager(
	@@ -738,6 +755,44 @@ setparameter(Client *c, int refresh, ParamName p, const Ar…
	}

	const char *
	+getcert(const char *uri)
	+{
	+ int i;
	+
	+ for (i = 0; i < LENGTH(certs); ++i) {
	+ if (certs[i].regex &&
	+ !regexec(&(certs[i].re), uri, 0, NULL, 0))
	+ return certs[i].file;
	+ }
	+
	+ return NULL;
	+}
	+
	+void
	+setcert(Client c, const char uri)
	+{
	+ const char *file = getcert(uri);
	+ char *host;
	+ GTlsCertificate *cert;
	+
	+ if (!file)
	+ return;
	+
	+ if (!(cert = g_tls_certificate_new_from_file(file, NULL))) {
	+ fprintf(stderr, "Could not read certificate file: %s\n", file);
	+ return;
	+ }
	+
	+ uri = strstr(uri, "://") + sizeof("://") - 1;
	+ host = strndup(uri, strstr(uri, "/") - uri);
	+
	+ webkit_web_context_allow_tls_certificate_for_host(
	+ webkit_web_view_get_context(c->view), cert, host);
	+
	+ free(host);
	+}
	+
	+const char *
	getstyle(const char *uri)
	{
	int i;