X-Git-Url: https://git.danieliu.xyz/?p=surf.git;a=blobdiff_plain;f=surf.c;h=40f514f16f3f24e890be1104bed25947fc452b13;hp=d61534b2e8cebce0899ff47d949a8f30e0659023;hb=1dc3cd513a75570cc2fc33a86d4af565ecf9255e;hpb=3c2c0a65250e1415124603cb8d91bff4a657d46a

diff --git a/surf.c b/surf.c
index d61534b..40f514f 100644
--- a/surf.c
+++ b/surf.c
@@ -22,6 +22,7 @@
 #include <glib/gstdio.h>
 #include <gtk/gtk.h>
 #include <gtk/gtkx.h>
+#include <gcr/gcr.h>
 #include <JavaScriptCore/JavaScript.h>
 #include <webkit2/webkit2.h>
 #include <X11/X.h>
@@ -187,6 +188,9 @@ static GdkFilterReturn processx(GdkXEvent *xevent, GdkEvent *event,
 static gboolean winevent(GtkWidget *w, GdkEvent *e, Client *c);
 static void showview(WebKitWebView *v, Client *c);
 static GtkWidget *createwindow(Client *c);
+static gboolean loadfailedtls(WebKitWebView *v, gchar *uri,
+                              GTlsCertificate *cert,
+                              GTlsCertificateFlags err, Client *c);
 static void loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c);
 static void progresschanged(WebKitWebView *v, GParamSpec *ps, Client *c);
 static void titlechanged(WebKitWebView *view, GParamSpec *ps, Client *c);
@@ -299,26 +303,28 @@ setup(void)
 	gdkkb = gdk_seat_get_keyboard(gdk_display_get_default_seat(gdpy));
 
 	for (i = 0; i < LENGTH(certs); ++i) {
-		if (regcomp(&(certs[i].re), certs[i].regex, REG_EXTENDED)) {
+		if (!regcomp(&(certs[i].re), certs[i].regex, REG_EXTENDED)) {
+			certs[i].file = g_strconcat(certdir, "/", certs[i].file,
+			                            NULL);
+		} else {
 			fprintf(stderr, "Could not compile regex: %s\n",
 			        certs[i].regex);
 			certs[i].regex = NULL;
 		}
-		certs[i].file = g_strconcat(certdir, "/", certs[i].file, NULL);
 	}
 
 	if (!stylefile) {
 		styledir = buildpath(styledir);
 		for (i = 0; i < LENGTH(styles); ++i) {
-			if (regcomp(&(styles[i].re), styles[i].regex,
+			if (!regcomp(&(styles[i].re), styles[i].regex,
 			    REG_EXTENDED)) {
-				fprintf(stderr,
-				        "Could not compile regex: %s\n",
+				styles[i].file = g_strconcat(styledir, "/",
+				                    styles[i].file, NULL);
+			} else {
+				fprintf(stderr, "Could not compile regex: %s\n",
 				        styles[i].regex);
 				styles[i].regex = NULL;
 			}
-			styles[i].file = g_strconcat(styledir, "/",
-			                             styles[i].file, NULL);
 		}
 		g_free(styledir);
 	} else {
@@ -336,8 +342,7 @@ setup(void)
 					uriparams[i].config[j] = defconfig[j];
 			}
 		} else {
-			fprintf(stderr,
-			        "Could not compile regex: %s\n",
+			fprintf(stderr, "Could not compile regex: %s\n",
 			        uriparams[i].uri);
 			uriparams[i].uri = NULL;
 		}
@@ -788,6 +793,7 @@ setcert(Client *c, const char *uri)
 
 	webkit_web_context_allow_tls_certificate_for_host(
 	    webkit_web_view_get_context(c->view), cert, host);
+	g_object_unref(cert);
 
 	free(host);
 }
@@ -1068,6 +1074,8 @@ newview(Client *c, WebKitWebView *rv)
 			 G_CALLBACK(decidepolicy), c);
 	g_signal_connect(G_OBJECT(v), "insecure-content-detected",
 			 G_CALLBACK(insecurecontent), c);
+	g_signal_connect(G_OBJECT(v), "load-failed-with-tls-errors",
+			 G_CALLBACK(loadfailedtls), c);
 	g_signal_connect(G_OBJECT(v), "load-changed",
 			 G_CALLBACK(loadchanged), c);
 	g_signal_connect(G_OBJECT(v), "mouse-target-changed",
@@ -1279,6 +1287,51 @@ createwindow(Client *c)
 	return w;
 }
 
+gboolean
+loadfailedtls(WebKitWebView *v, gchar *uri, GTlsCertificate *cert,
+              GTlsCertificateFlags err, Client *c)
+{
+	GString *errmsg = g_string_new(NULL);
+	gchar *html, *pem;
+
+	c->tlserr = err;
+
+	if (err & G_TLS_CERTIFICATE_UNKNOWN_CA)
+		g_string_append(errmsg,
+		    "The signing certificate authority is not known.<br>");
+	if (err & G_TLS_CERTIFICATE_BAD_IDENTITY)
+		g_string_append(errmsg,
+		    "The certificate does not match the expected identity "
+		    "of the site that it was retrieved from.<br>");
+	if (err & G_TLS_CERTIFICATE_NOT_ACTIVATED)
+		g_string_append(errmsg,
+		    "The certificate's activation time "
+		    "is still in the future.<br>");
+	if (err & G_TLS_CERTIFICATE_EXPIRED)
+		g_string_append(errmsg, "The certificate has expired.<br>");
+	if (err & G_TLS_CERTIFICATE_REVOKED)
+		g_string_append(errmsg,
+		    "The certificate has been revoked according to "
+		    "the GTlsConnection's certificate revocation list.<br>");
+	if (err & G_TLS_CERTIFICATE_INSECURE)
+		g_string_append(errmsg,
+		    "The certificate's algorithm is considered insecure.<br>");
+	if (err & G_TLS_CERTIFICATE_GENERIC_ERROR)
+		g_string_append(errmsg,
+		    "Some error occurred validating the certificate.<br>");
+
+	g_object_get(cert, "certificate-pem", &pem, NULL);
+	html = g_strdup_printf("<p>Could not validate TLS for â%sâ<br>%s</p>"
+	                       "<p><pre>%s</pre><p>", uri, errmsg->str, pem);
+	g_free(pem);
+	g_string_free(errmsg, TRUE);
+
+	webkit_web_view_load_alternate_html(c->view, html, uri, NULL);
+	g_free(html);
+
+	return TRUE;
+}
+
 void
 loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
 {
