X-Git-Url: https://git.danieliu.xyz/?p=surf.git;a=blobdiff_plain;f=surf.c;h=84ab8e3fb9a526ba4eaf669f7e38d9a4f832c798;hp=88dfd75ccac6a46b08c7a94b674a583fa190b92e;hb=7823ab6fc0d035a1e75a3d08867a0dfd04ff635f;hpb=db7922f173b803d14039f286146c949ded1538cb diff --git a/surf.c b/surf.c index 88dfd75..84ab8e3 100644 --- a/surf.c +++ b/surf.c @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -22,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -105,9 +107,10 @@ typedef struct Client { WebKitWebInspector *inspector; WebKitFindController *finder; WebKitHitTestResult *mousepos; + GTlsCertificate *cert, *failedcert; GTlsCertificateFlags tlserr; Window xid; - int progress, fullscreen, https, insecure; + int progress, fullscreen, https, insecure, errorpage; const char *title, *overtitle, *targeturi; const char *needle; struct Client *next; @@ -187,6 +190,9 @@ static GdkFilterReturn processx(GdkXEvent *xevent, GdkEvent *event, static gboolean winevent(GtkWidget *w, GdkEvent *e, Client *c); static void showview(WebKitWebView *v, Client *c); static GtkWidget *createwindow(Client *c); +static gboolean loadfailedtls(WebKitWebView *v, gchar *uri, + GTlsCertificate *cert, + GTlsCertificateFlags err, Client *c); static void loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c); static void progresschanged(WebKitWebView *v, GParamSpec *ps, Client *c); static void titlechanged(WebKitWebView *view, GParamSpec *ps, Client *c); @@ -212,6 +218,7 @@ static void destroywin(GtkWidget* w, Client *c); static void pasteuri(GtkClipboard *clipboard, const char *text, gpointer d); static void reload(Client *c, const Arg *a); static void print(Client *c, const Arg *a); +static void showcert(Client *c, const Arg *a); static void clipboard(Client *c, const Arg *a); static void zoom(Client *c, const Arg *a); static void scroll(Client *c, const Arg *a); @@ -913,7 +920,7 @@ newwindow(Client *c, const Arg *a, int noembed) cmd[i++] = fulluseragent; } if (showxid) - cmd[i++] = "-x"; + cmd[i++] = "-w"; /* do not keep zoom level */ cmd[i++] = "--"; if ((uri = a->v)) @@ -1070,6 +1077,8 @@ newview(Client *c, WebKitWebView *rv) G_CALLBACK(decidepolicy), c); g_signal_connect(G_OBJECT(v), "insecure-content-detected", G_CALLBACK(insecurecontent), c); + g_signal_connect(G_OBJECT(v), "load-failed-with-tls-errors", + G_CALLBACK(loadfailedtls), c); g_signal_connect(G_OBJECT(v), "load-changed", G_CALLBACK(loadchanged), c); g_signal_connect(G_OBJECT(v), "mouse-target-changed", @@ -1281,6 +1290,55 @@ createwindow(Client *c) return w; } +gboolean +loadfailedtls(WebKitWebView *v, gchar *uri, GTlsCertificate *cert, + GTlsCertificateFlags err, Client *c) +{ + GString *errmsg = g_string_new(NULL); + gchar *html, *pem; + + c->failedcert = g_object_ref(cert); + c->tlserr = err; + c->errorpage = 1; + + if (err & G_TLS_CERTIFICATE_UNKNOWN_CA) + g_string_append(errmsg, + "The signing certificate authority is not known.
"); + if (err & G_TLS_CERTIFICATE_BAD_IDENTITY) + g_string_append(errmsg, + "The certificate does not match the expected identity " + "of the site that it was retrieved from.
"); + if (err & G_TLS_CERTIFICATE_NOT_ACTIVATED) + g_string_append(errmsg, + "The certificate's activation time " + "is still in the future.
"); + if (err & G_TLS_CERTIFICATE_EXPIRED) + g_string_append(errmsg, "The certificate has expired.
"); + if (err & G_TLS_CERTIFICATE_REVOKED) + g_string_append(errmsg, + "The certificate has been revoked according to " + "the GTlsConnection's certificate revocation list.
"); + if (err & G_TLS_CERTIFICATE_INSECURE) + g_string_append(errmsg, + "The certificate's algorithm is considered insecure.
"); + if (err & G_TLS_CERTIFICATE_GENERIC_ERROR) + g_string_append(errmsg, + "Some error occurred validating the certificate.
"); + + g_object_get(cert, "certificate-pem", &pem, NULL); + html = g_strdup_printf("

Could not validate TLS for “%s”
%s

" + "

You can inspect the following certificate " + "with Ctrl+Shift+x (default keybinding).

" + "

%s

", uri, errmsg->str, pem); + g_free(pem); + g_string_free(errmsg, TRUE); + + webkit_web_view_load_alternate_html(c->view, html, uri, NULL); + g_free(html); + + return TRUE; +} + void loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) { @@ -1293,6 +1351,10 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) c->title = title; c->https = c->insecure = 0; seturiparameters(c, geturi(c)); + if (c->errorpage) + c->errorpage = 0; + else + g_clear_object(&c->failedcert); break; case WEBKIT_LOAD_REDIRECTED: setatom(c, AtomUri, title); @@ -1300,7 +1362,7 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) seturiparameters(c, geturi(c)); break; case WEBKIT_LOAD_COMMITTED: - c->https = webkit_web_view_get_tls_info(c->view, NULL, + c->https = webkit_web_view_get_tls_info(c->view, &c->cert, &c->tlserr); break; case WEBKIT_LOAD_FINISHED: @@ -1553,6 +1615,30 @@ print(Client *c, const Arg *a) GTK_WINDOW(c->win)); } +void +showcert(Client *c, const Arg *a) +{ + GTlsCertificate *cert = c->failedcert ? c->failedcert : c->cert; + GcrCertificate *gcrt; + GByteArray *crt; + GtkWidget *win; + GcrCertificateWidget *wcert; + + if (!cert) + return; + + g_object_get(cert, "certificate", &crt, NULL); + gcrt = gcr_simple_certificate_new(crt->data, crt->len); + g_byte_array_unref(crt); + + win = gtk_window_new(GTK_WINDOW_TOPLEVEL); + wcert = gcr_certificate_widget_new(gcrt); + g_object_unref(gcrt); + + gtk_container_add(GTK_CONTAINER(win), GTK_WIDGET(wcert)); + gtk_widget_show_all(win); +} + void clipboard(Client *c, const Arg *a) { @@ -1813,7 +1899,7 @@ main(int argc, char *argv[]) case 'v': die("surf-"VERSION", ©2009-2017 surf engineers, " "see LICENSE for details\n"); - case 'x': + case 'w': showxid = 1; break; case 'z':