pinosaur
/
surf.git
/ commitdiff
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
2e62372
)
Add SSL verification patch by Nick White.
author
Troels Henriksen
<athas@sigkill.dk>
Fri, 4 Nov 2011 12:23:57 +0000
(13:23 +0100)
committer
Troels Henriksen
<athas@sigkill.dk>
Fri, 4 Nov 2011 12:23:57 +0000
(13:23 +0100)
config.def.h
patch
|
blob
|
history
surf.c
patch
|
blob
|
history
diff --git
a/config.def.h
b/config.def.h
index
bea744c
..
dd18e83
100644
(file)
--- a/
config.def.h
+++ b/
config.def.h
@@
-1,11
+1,14
@@
/* modifier 0 means no modifier */
static char *useragent = "Surf/"VERSION" (X11; U; Unix; en-US) AppleWebKit/531.2+ Compatible (Safari)";
/* modifier 0 means no modifier */
static char *useragent = "Surf/"VERSION" (X11; U; Unix; en-US) AppleWebKit/531.2+ Compatible (Safari)";
-static char *progress = "#FF0000";
+static char *progress = "#0066FF";
+static char *progress_untrust = "#FF6600";
static char *progress_trust = "#00FF00";
static char *stylefile = ".surf/style.css";
static char *scriptfile = ".surf/script.js";
static char *cookiefile = ".surf/cookies.txt";
static time_t sessiontime = 3600;
static char *progress_trust = "#00FF00";
static char *stylefile = ".surf/style.css";
static char *scriptfile = ".surf/script.js";
static char *cookiefile = ".surf/cookies.txt";
static time_t sessiontime = 3600;
+static char *cafile = "/etc/ssl/certs/ca-certificates.crt";
+static char *strictssl = FALSE; /* Refuse untrusted SSL connections */
#define HIDE_BACKGROUND FALSE
#define SETPROP(p, q) { .v = (char *[]){ "/bin/sh", "-c", \
#define HIDE_BACKGROUND FALSE
#define SETPROP(p, q) { .v = (char *[]){ "/bin/sh", "-c", \
diff --git
a/surf.c
b/surf.c
index
60d1b14
..
492c836
100644
(file)
--- a/
surf.c
+++ b/
surf.c
@@
-37,6
+37,7
@@
typedef struct Client {
char *title, *linkhover;
const char *uri, *needle;
gint progress;
char *title, *linkhover;
const char *uri, *needle;
gint progress;
+ gboolean sslfailed;
struct Client *next;
gboolean zoomed;
} Client;
struct Client *next;
gboolean zoomed;
} Client;
@@
-260,8
+261,11
@@
drawindicator(Client *c) {
w = c->indicator;
width = c->progress * w->allocation.width / 100;
gc = gdk_gc_new(w->window);
w = c->indicator;
width = c->progress * w->allocation.width / 100;
gc = gdk_gc_new(w->window);
- gdk_color_parse(strstr(uri, "https://") == uri ?
- progress_trust : progress, &fg);
+ if(strstr(uri, "https://") == uri)
+ gdk_color_parse(c->sslfailed ?
+ progress_untrust : progress_trust, &fg);
+ else
+ gdk_color_parse(progress, &fg);
gdk_gc_set_rgb_fg_color(gc, &fg);
gdk_draw_rectangle(w->window,
w->style->bg_gc[GTK_WIDGET_STATE(w)],
gdk_gc_set_rgb_fg_color(gc, &fg);
gdk_draw_rectangle(w->window,
w->style->bg_gc[GTK_WIDGET_STATE(w)],
@@
-377,9
+381,24
@@
linkhover(WebKitWebView *v, const char* t, const char* l, Client *c) {
void
loadstatuschange(WebKitWebView *view, GParamSpec *pspec, Client *c) {
void
loadstatuschange(WebKitWebView *view, GParamSpec *pspec, Client *c) {
+ WebKitWebFrame *frame;
+ WebKitWebDataSource *src;
+ WebKitNetworkRequest *request;
+ SoupMessage *msg;
+ char *uri;
+
switch(webkit_web_view_get_load_status (c->view)) {
case WEBKIT_LOAD_COMMITTED:
switch(webkit_web_view_get_load_status (c->view)) {
case WEBKIT_LOAD_COMMITTED:
- setatom(c, AtomUri, geturi(c));
+ uri = geturi(c);
+ if(strstr(uri, "https://") == uri) {
+ frame = webkit_web_view_get_main_frame(c->view);
+ src = webkit_web_frame_get_data_source(frame);
+ request = webkit_web_data_source_get_request(src);
+ msg = webkit_network_request_get_message(request);
+ c->sslfailed = soup_message_get_flags(msg)
+ ^ SOUP_MESSAGE_CERTIFICATE_TRUSTED;
+ }
+ setatom(c, AtomUri, uri);
break;
case WEBKIT_LOAD_FINISHED:
c->progress = 0;
break;
case WEBKIT_LOAD_FINISHED:
c->progress = 0;
@@
-708,6
+727,10
@@
setup(void) {
soup_session_remove_feature_by_type(s, soup_cookie_jar_get_type());
g_signal_connect_after(G_OBJECT(s), "request-started", G_CALLBACK(newrequest), NULL);
soup_session_remove_feature_by_type(s, soup_cookie_jar_get_type());
g_signal_connect_after(G_OBJECT(s), "request-started", G_CALLBACK(newrequest), NULL);
+ /* ssl */
+ g_object_set(G_OBJECT(s), "ssl-ca-file", cafile, NULL);
+ g_object_set(G_OBJECT(s), "ssl-strict", strictssl, NULL);
+
/* proxy */
if((proxy = getenv("http_proxy")) && strcmp(proxy, "")) {
new_proxy = g_strrstr(proxy, "http://") ? g_strdup(proxy) :
/* proxy */
if((proxy = getenv("http_proxy")) && strcmp(proxy, "")) {
new_proxy = g_strrstr(proxy, "http://") ? g_strdup(proxy) :