#include <sys/file.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <glib.h>
#include <libgen.h>
#include <limits.h>
#include <pwd.h>
#include <glib/gstdio.h>
#include <gtk/gtk.h>
#include <gtk/gtkx.h>
+#include <gcr/gcr.h>
#include <JavaScriptCore/JavaScript.h>
#include <webkit2/webkit2.h>
#include <X11/X.h>
Certificate,
CookiePolicies,
DiskCache,
+ DefaultCharset,
DNSPrefetch,
FontSize,
FrameFlattening,
WebKitWebInspector *inspector;
WebKitFindController *finder;
WebKitHitTestResult *mousepos;
+ GTlsCertificate *cert, *failedcert;
GTlsCertificateFlags tlserr;
Window xid;
- int progress, fullscreen, https, insecure;
+ int progress, fullscreen, https, insecure, errorpage;
const char *title, *overtitle, *targeturi;
const char *needle;
struct Client *next;
static gboolean winevent(GtkWidget *w, GdkEvent *e, Client *c);
static void showview(WebKitWebView *v, Client *c);
static GtkWidget *createwindow(Client *c);
+static gboolean loadfailedtls(WebKitWebView *v, gchar *uri,
+ GTlsCertificate *cert,
+ GTlsCertificateFlags err, Client *c);
static void loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c);
static void progresschanged(WebKitWebView *v, GParamSpec *ps, Client *c);
static void titlechanged(WebKitWebView *view, GParamSpec *ps, Client *c);
static void pasteuri(GtkClipboard *clipboard, const char *text, gpointer d);
static void reload(Client *c, const Arg *a);
static void print(Client *c, const Arg *a);
+static void showcert(Client *c, const Arg *a);
static void clipboard(Client *c, const Arg *a);
static void zoom(Client *c, const Arg *a);
static void scroll(Client *c, const Arg *a);
static void clickexternplayer(Client *c, const Arg *a, WebKitHitTestResult *h);
static char winid[64];
-static char togglestats[11];
+static char togglestats[12];
static char pagestats[2];
static Atom atoms[AtomLast];
static Window embed;
void
usage(void)
{
- die("usage: %s [-bBdDfFgGiIkKmMnNpPsStTvx] [-a cookiepolicies ] "
- "[-c cookiefile] [-C stylefile] [-e xid] [-r scriptfile] "
- "[-u useragent] [-z zoomlevel] [uri]\n", basename(argv0));
+ die("usage: surf [-bBdDfFgGiIkKmMnNpPsStTvwxX]\n"
+ "[-a cookiepolicies ] [-c cookiefile] [-C stylefile] [-e xid]\n"
+ "[-r scriptfile] [-u useragent] [-z zoomlevel] [uri]\n");
}
void
togglestats[6] = curconfig[Plugins].val.b ? 'V' : 'v';
togglestats[7] = curconfig[Style].val.b ? 'M' : 'm';
togglestats[8] = curconfig[FrameFlattening].val.b ? 'F' : 'f';
- togglestats[9] = curconfig[StrictTLS].val.b ? 'T' : 't';
- togglestats[10] = '\0';
+ togglestats[9] = curconfig[Certificate].val.b ? 'X' : 'x';
+ togglestats[10] = curconfig[StrictTLS].val.b ? 'T' : 't';
+ togglestats[11] = '\0';
}
void
void
seturiparameters(Client *c, const char *uri)
{
+ Parameter *newconfig = NULL;
int i;
for (i = 0; i < LENGTH(uriparams); ++i) {
if (uriparams[i].uri &&
!regexec(&(uriparams[i].re), uri, 0, NULL, 0)) {
- curconfig = uriparams[i].config;
+ newconfig = uriparams[i].config;
break;
}
}
- for (i = 0; i < ParameterLast; ++i)
- setparameter(c, 0, i, &curconfig[i].val);
+ if (!newconfig)
+ newconfig = defconfig;
+ if (newconfig == curconfig)
+ return;
+
+ for (i = 0; i < ParameterLast; ++i) {
+ if (defconfig[i].force)
+ continue;
+ if (newconfig[i].force)
+ setparameter(c, 0, i, &newconfig[i].val);
+ else if (curconfig[i].force)
+ setparameter(c, 0, i, &defconfig[i].val);
+ }
+
+ curconfig = newconfig;
}
void
WEBKIT_CACHE_MODEL_WEB_BROWSER :
WEBKIT_CACHE_MODEL_DOCUMENT_VIEWER);
return; /* do not update */
+ case DefaultCharset:
+ webkit_settings_set_default_charset(s, a->v);
+ return; /* do not update */
case DNSPrefetch:
webkit_settings_set_enable_dns_prefetching(s, a->b);
return; /* do not update */
return;
}
- uri = strstr(uri, "://") + sizeof("://") - 1;
- host = strndup(uri, strstr(uri, "/") - uri);
+ if ((uri = strstr(uri, "https://"))) {
+ uri += sizeof("https://") - 1;
+ host = g_strndup(uri, strchr(uri, '/') - uri);
+ webkit_web_context_allow_tls_certificate_for_host(
+ webkit_web_view_get_context(c->view), cert, host);
+ g_free(host);
+ }
- webkit_web_context_allow_tls_certificate_for_host(
- webkit_web_view_get_context(c->view), cert, host);
g_object_unref(cert);
- free(host);
}
const char *
{
int i = 0;
char tmp[64];
- const char *cmd[28], *uri;
+ const char *cmd[29], *uri;
const Arg arg = { .v = cmd };
cmd[i++] = argv0;
cmd[i++] = fulluseragent;
}
if (showxid)
- cmd[i++] = "-x";
+ cmd[i++] = "-w";
+ cmd[i++] = curconfig[Certificate].val.b ? "-X" : "-x" ;
/* do not keep zoom level */
cmd[i++] = "--";
if ((uri = a->v))
} else {
settings = webkit_settings_new_with_settings(
"auto-load-images", curconfig[LoadImages].val.b,
+ "default-charset", curconfig[DefaultCharset].val.v,
"default-font-size", curconfig[FontSize].val.i,
"enable-caret-browsing", curconfig[CaretBrowsing].val.b,
"enable-developer-extras", curconfig[Inspector].val.b,
"enable-site-specific-quirks", curconfig[SiteQuirks].val.b,
"media-playback-requires-user-gesture", curconfig[MediaManualPlay].val.b,
NULL);
-/* For mor interesting settings, have a look at
+/* For more interesting settings, have a look at
* http://webkitgtk.org/reference/webkit2gtk/stable/WebKitSettings.html */
if (strcmp(fulluseragent, "")) {
G_CALLBACK(decidepolicy), c);
g_signal_connect(G_OBJECT(v), "insecure-content-detected",
G_CALLBACK(insecurecontent), c);
+ g_signal_connect(G_OBJECT(v), "load-failed-with-tls-errors",
+ G_CALLBACK(loadfailedtls), c);
g_signal_connect(G_OBJECT(v), "load-changed",
G_CALLBACK(loadchanged), c);
g_signal_connect(G_OBJECT(v), "mouse-target-changed",
return w;
}
+gboolean
+loadfailedtls(WebKitWebView *v, gchar *uri, GTlsCertificate *cert,
+ GTlsCertificateFlags err, Client *c)
+{
+ GString *errmsg = g_string_new(NULL);
+ gchar *html, *pem;
+
+ c->failedcert = g_object_ref(cert);
+ c->tlserr = err;
+ c->errorpage = 1;
+
+ if (err & G_TLS_CERTIFICATE_UNKNOWN_CA)
+ g_string_append(errmsg,
+ "The signing certificate authority is not known.<br>");
+ if (err & G_TLS_CERTIFICATE_BAD_IDENTITY)
+ g_string_append(errmsg,
+ "The certificate does not match the expected identity "
+ "of the site that it was retrieved from.<br>");
+ if (err & G_TLS_CERTIFICATE_NOT_ACTIVATED)
+ g_string_append(errmsg,
+ "The certificate's activation time "
+ "is still in the future.<br>");
+ if (err & G_TLS_CERTIFICATE_EXPIRED)
+ g_string_append(errmsg, "The certificate has expired.<br>");
+ if (err & G_TLS_CERTIFICATE_REVOKED)
+ g_string_append(errmsg,
+ "The certificate has been revoked according to "
+ "the GTlsConnection's certificate revocation list.<br>");
+ if (err & G_TLS_CERTIFICATE_INSECURE)
+ g_string_append(errmsg,
+ "The certificate's algorithm is considered insecure.<br>");
+ if (err & G_TLS_CERTIFICATE_GENERIC_ERROR)
+ g_string_append(errmsg,
+ "Some error occurred validating the certificate.<br>");
+
+ g_object_get(cert, "certificate-pem", &pem, NULL);
+ html = g_strdup_printf("<p>Could not validate TLS for “%s”<br>%s</p>"
+ "<p>You can inspect the following certificate "
+ "with Ctrl-t (default keybinding).</p>"
+ "<p><pre>%s</pre></p>", uri, errmsg->str, pem);
+ g_free(pem);
+ g_string_free(errmsg, TRUE);
+
+ webkit_web_view_load_alternate_html(c->view, html, uri, NULL);
+ g_free(html);
+
+ return TRUE;
+}
+
void
loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
{
switch (e) {
case WEBKIT_LOAD_STARTED:
- curconfig = defconfig;
setatom(c, AtomUri, title);
c->title = title;
c->https = c->insecure = 0;
seturiparameters(c, geturi(c));
+ if (c->errorpage)
+ c->errorpage = 0;
+ else
+ g_clear_object(&c->failedcert);
break;
case WEBKIT_LOAD_REDIRECTED:
setatom(c, AtomUri, title);
seturiparameters(c, geturi(c));
break;
case WEBKIT_LOAD_COMMITTED:
- c->https = webkit_web_view_get_tls_info(c->view, NULL,
+ c->https = webkit_web_view_get_tls_info(c->view, &c->cert,
&c->tlserr);
break;
case WEBKIT_LOAD_FINISHED:
GTK_WINDOW(c->win));
}
+void
+showcert(Client *c, const Arg *a)
+{
+ GTlsCertificate *cert = c->failedcert ? c->failedcert : c->cert;
+ GcrCertificate *gcrt;
+ GByteArray *crt;
+ GtkWidget *win;
+ GcrCertificateWidget *wcert;
+
+ if (!cert)
+ return;
+
+ g_object_get(cert, "certificate", &crt, NULL);
+ gcrt = gcr_simple_certificate_new(crt->data, crt->len);
+ g_byte_array_unref(crt);
+
+ win = gtk_window_new(GTK_WINDOW_TOPLEVEL);
+ wcert = gcr_certificate_widget_new(gcrt);
+ g_object_unref(gcrt);
+
+ gtk_container_add(GTK_CONTAINER(win), GTK_WIDGET(wcert));
+ gtk_widget_show_all(win);
+}
+
void
clipboard(Client *c, const Arg *a)
{
fulluseragent = EARGF(usage());
break;
case 'v':
- die("surf-"VERSION", ©2009-2017 surf engineers, "
- "see LICENSE for details\n");
- case 'x':
+ die("surf-"VERSION", see LICENSE for © details\n");
+ case 'w':
showxid = 1;
break;
+ case 'x':
+ defconfig CSETB(Certificate, 0);
+ break;
+ case 'X':
+ defconfig CSETB(Certificate, 1);
+ break;
case 'z':
defconfig CSETF(ZoomLevel, strtof(EARGF(usage()), NULL));
break;
