X-Git-Url: https://git.danieliu.xyz/?p=surf.git;a=blobdiff_plain;f=surf.c;h=007f7b902af4851371763cbfe7c6e85ab8514f08;hp=d61534b2e8cebce0899ff47d949a8f30e0659023;hb=e23d5c1c45eeedb3e95219598981d8e1d6af8c15;hpb=3c2c0a65250e1415124603cb8d91bff4a657d46a diff --git a/surf.c b/surf.c index d61534b..007f7b9 100644 --- a/surf.c +++ b/surf.c @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -22,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -105,9 +107,10 @@ typedef struct Client { WebKitWebInspector *inspector; WebKitFindController *finder; WebKitHitTestResult *mousepos; + GTlsCertificate *cert, *failedcert; GTlsCertificateFlags tlserr; Window xid; - int progress, fullscreen, https, insecure; + int progress, fullscreen, https, insecure, errorpage; const char *title, *overtitle, *targeturi; const char *needle; struct Client *next; @@ -187,6 +190,9 @@ static GdkFilterReturn processx(GdkXEvent *xevent, GdkEvent *event, static gboolean winevent(GtkWidget *w, GdkEvent *e, Client *c); static void showview(WebKitWebView *v, Client *c); static GtkWidget *createwindow(Client *c); +static gboolean loadfailedtls(WebKitWebView *v, gchar *uri, + GTlsCertificate *cert, + GTlsCertificateFlags err, Client *c); static void loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c); static void progresschanged(WebKitWebView *v, GParamSpec *ps, Client *c); static void titlechanged(WebKitWebView *view, GParamSpec *ps, Client *c); @@ -212,6 +218,7 @@ static void destroywin(GtkWidget* w, Client *c); static void pasteuri(GtkClipboard *clipboard, const char *text, gpointer d); static void reload(Client *c, const Arg *a); static void print(Client *c, const Arg *a); +static void showcert(Client *c, const Arg *a); static void clipboard(Client *c, const Arg *a); static void zoom(Client *c, const Arg *a); static void scroll(Client *c, const Arg *a); @@ -229,7 +236,7 @@ static void clicknewwindow(Client *c, const Arg *a, WebKitHitTestResult *h); static void clickexternplayer(Client *c, const Arg *a, WebKitHitTestResult *h); static char winid[64]; -static char togglestats[11]; +static char togglestats[12]; static char pagestats[2]; static Atom atoms[AtomLast]; static Window embed; @@ -249,7 +256,7 @@ char *argv0; void usage(void) { - die("usage: %s [-bBdDfFgGiIkKmMnNpPsStTvx] [-a cookiepolicies ] " + die("usage: %s [-bBdDfFgGiIkKmMnNpPsStTvwxX] [-a cookiepolicies ] " "[-c cookiefile] [-C stylefile] [-e xid] [-r scriptfile] " "[-u useragent] [-z zoomlevel] [uri]\n", basename(argv0)); } @@ -299,26 +306,28 @@ setup(void) gdkkb = gdk_seat_get_keyboard(gdk_display_get_default_seat(gdpy)); for (i = 0; i < LENGTH(certs); ++i) { - if (regcomp(&(certs[i].re), certs[i].regex, REG_EXTENDED)) { + if (!regcomp(&(certs[i].re), certs[i].regex, REG_EXTENDED)) { + certs[i].file = g_strconcat(certdir, "/", certs[i].file, + NULL); + } else { fprintf(stderr, "Could not compile regex: %s\n", certs[i].regex); certs[i].regex = NULL; } - certs[i].file = g_strconcat(certdir, "/", certs[i].file, NULL); } if (!stylefile) { styledir = buildpath(styledir); for (i = 0; i < LENGTH(styles); ++i) { - if (regcomp(&(styles[i].re), styles[i].regex, + if (!regcomp(&(styles[i].re), styles[i].regex, REG_EXTENDED)) { - fprintf(stderr, - "Could not compile regex: %s\n", + styles[i].file = g_strconcat(styledir, "/", + styles[i].file, NULL); + } else { + fprintf(stderr, "Could not compile regex: %s\n", styles[i].regex); styles[i].regex = NULL; } - styles[i].file = g_strconcat(styledir, "/", - styles[i].file, NULL); } g_free(styledir); } else { @@ -336,8 +345,7 @@ setup(void) uriparams[i].config[j] = defconfig[j]; } } else { - fprintf(stderr, - "Could not compile regex: %s\n", + fprintf(stderr, "Could not compile regex: %s\n", uriparams[i].uri); uriparams[i].uri = NULL; } @@ -582,8 +590,9 @@ gettogglestats(Client *c) togglestats[6] = curconfig[Plugins].val.b ? 'V' : 'v'; togglestats[7] = curconfig[Style].val.b ? 'M' : 'm'; togglestats[8] = curconfig[FrameFlattening].val.b ? 'F' : 'f'; - togglestats[9] = curconfig[StrictTLS].val.b ? 'T' : 't'; - togglestats[10] = '\0'; + togglestats[9] = curconfig[Certificate].val.b ? 'X' : 'x'; + togglestats[10] = curconfig[StrictTLS].val.b ? 'T' : 't'; + togglestats[11] = '\0'; } void @@ -783,13 +792,16 @@ setcert(Client *c, const char *uri) return; } - uri = strstr(uri, "://") + sizeof("://") - 1; - host = strndup(uri, strstr(uri, "/") - uri); + if ((uri = strstr(uri, "https://"))) { + uri += sizeof("https://") - 1; + host = g_strndup(uri, strchr(uri, '/') - uri); + webkit_web_context_allow_tls_certificate_for_host( + webkit_web_view_get_context(c->view), cert, host); + g_free(host); + } - webkit_web_context_allow_tls_certificate_for_host( - webkit_web_view_get_context(c->view), cert, host); + g_object_unref(cert); - free(host); } const char * @@ -872,7 +884,7 @@ newwindow(Client *c, const Arg *a, int noembed) { int i = 0; char tmp[64]; - const char *cmd[28], *uri; + const char *cmd[29], *uri; const Arg arg = { .v = cmd }; cmd[i++] = argv0; @@ -911,7 +923,8 @@ newwindow(Client *c, const Arg *a, int noembed) cmd[i++] = fulluseragent; } if (showxid) - cmd[i++] = "-x"; + cmd[i++] = "-w"; + cmd[i++] = curconfig[Certificate].val.b ? "-X" : "-x" ; /* do not keep zoom level */ cmd[i++] = "--"; if ((uri = a->v)) @@ -994,7 +1007,7 @@ newview(Client *c, WebKitWebView *rv) "enable-site-specific-quirks", curconfig[SiteQuirks].val.b, "media-playback-requires-user-gesture", curconfig[MediaManualPlay].val.b, NULL); -/* For mor interesting settings, have a look at +/* For more interesting settings, have a look at * http://webkitgtk.org/reference/webkit2gtk/stable/WebKitSettings.html */ if (strcmp(fulluseragent, "")) { @@ -1068,6 +1081,8 @@ newview(Client *c, WebKitWebView *rv) G_CALLBACK(decidepolicy), c); g_signal_connect(G_OBJECT(v), "insecure-content-detected", G_CALLBACK(insecurecontent), c); + g_signal_connect(G_OBJECT(v), "load-failed-with-tls-errors", + G_CALLBACK(loadfailedtls), c); g_signal_connect(G_OBJECT(v), "load-changed", G_CALLBACK(loadchanged), c); g_signal_connect(G_OBJECT(v), "mouse-target-changed", @@ -1279,6 +1294,55 @@ createwindow(Client *c) return w; } +gboolean +loadfailedtls(WebKitWebView *v, gchar *uri, GTlsCertificate *cert, + GTlsCertificateFlags err, Client *c) +{ + GString *errmsg = g_string_new(NULL); + gchar *html, *pem; + + c->failedcert = g_object_ref(cert); + c->tlserr = err; + c->errorpage = 1; + + if (err & G_TLS_CERTIFICATE_UNKNOWN_CA) + g_string_append(errmsg, + "The signing certificate authority is not known.
"); + if (err & G_TLS_CERTIFICATE_BAD_IDENTITY) + g_string_append(errmsg, + "The certificate does not match the expected identity " + "of the site that it was retrieved from.
"); + if (err & G_TLS_CERTIFICATE_NOT_ACTIVATED) + g_string_append(errmsg, + "The certificate's activation time " + "is still in the future.
"); + if (err & G_TLS_CERTIFICATE_EXPIRED) + g_string_append(errmsg, "The certificate has expired.
"); + if (err & G_TLS_CERTIFICATE_REVOKED) + g_string_append(errmsg, + "The certificate has been revoked according to " + "the GTlsConnection's certificate revocation list.
"); + if (err & G_TLS_CERTIFICATE_INSECURE) + g_string_append(errmsg, + "The certificate's algorithm is considered insecure.
"); + if (err & G_TLS_CERTIFICATE_GENERIC_ERROR) + g_string_append(errmsg, + "Some error occurred validating the certificate.
"); + + g_object_get(cert, "certificate-pem", &pem, NULL); + html = g_strdup_printf("

Could not validate TLS for “%s”
%s

" + "

You can inspect the following certificate " + "with Ctrl-t (default keybinding).

" + "

%s

", uri, errmsg->str, pem); + g_free(pem); + g_string_free(errmsg, TRUE); + + webkit_web_view_load_alternate_html(c->view, html, uri, NULL); + g_free(html); + + return TRUE; +} + void loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) { @@ -1291,6 +1355,10 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) c->title = title; c->https = c->insecure = 0; seturiparameters(c, geturi(c)); + if (c->errorpage) + c->errorpage = 0; + else + g_clear_object(&c->failedcert); break; case WEBKIT_LOAD_REDIRECTED: setatom(c, AtomUri, title); @@ -1298,7 +1366,7 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) seturiparameters(c, geturi(c)); break; case WEBKIT_LOAD_COMMITTED: - c->https = webkit_web_view_get_tls_info(c->view, NULL, + c->https = webkit_web_view_get_tls_info(c->view, &c->cert, &c->tlserr); break; case WEBKIT_LOAD_FINISHED: @@ -1551,6 +1619,30 @@ print(Client *c, const Arg *a) GTK_WINDOW(c->win)); } +void +showcert(Client *c, const Arg *a) +{ + GTlsCertificate *cert = c->failedcert ? c->failedcert : c->cert; + GcrCertificate *gcrt; + GByteArray *crt; + GtkWidget *win; + GcrCertificateWidget *wcert; + + if (!cert) + return; + + g_object_get(cert, "certificate", &crt, NULL); + gcrt = gcr_simple_certificate_new(crt->data, crt->len); + g_byte_array_unref(crt); + + win = gtk_window_new(GTK_WINDOW_TOPLEVEL); + wcert = gcr_certificate_widget_new(gcrt); + g_object_unref(gcrt); + + gtk_container_add(GTK_CONTAINER(win), GTK_WIDGET(wcert)); + gtk_widget_show_all(win); +} + void clipboard(Client *c, const Arg *a) { @@ -1811,9 +1903,15 @@ main(int argc, char *argv[]) case 'v': die("surf-"VERSION", ©2009-2017 surf engineers, " "see LICENSE for details\n"); - case 'x': + case 'w': showxid = 1; break; + case 'x': + defconfig CSETB(Certificate, 0); + break; + case 'X': + defconfig CSETB(Certificate, 1); + break; case 'z': defconfig CSETF(ZoomLevel, strtof(EARGF(usage()), NULL)); break;