X-Git-Url: https://git.danieliu.xyz/?p=surf.git;a=blobdiff_plain;f=surf.c;h=d61534b2e8cebce0899ff47d949a8f30e0659023;hp=4ead12296b286553bf298c6650366ef7e8af31eb;hb=3c2c0a65250e1415124603cb8d91bff4a657d46a;hpb=eb32dd6eca5b6224bb5fb28cadef5bd035581ef3

diff --git a/surf.c b/surf.c
index 4ead122..d61534b 100644
--- a/surf.c
+++ b/surf.c
@@ -60,6 +60,7 @@ enum {
 typedef enum {
 	AcceleratedCanvas,
 	CaretBrowsing,
+	Certificate,
 	CookiePolicies,
 	DiskCache,
 	DNSPrefetch,
@@ -162,6 +163,8 @@ static WebKitCookieAcceptPolicy cookiepolicy_get(void);
 static char cookiepolicy_set(const WebKitCookieAcceptPolicy p);
 static void seturiparameters(Client *c, const char *uri);
 static void setparameter(Client *c, int refresh, ParamName p, const Arg *a);
+static const char *getcert(const char *uri);
+static void setcert(Client *c, const char *file);
 static const char *getstyle(const char *uri);
 static void setstyle(Client *c, const char *file);
 static void runscript(Client *c);
@@ -291,9 +294,19 @@ setup(void)
 	cookiefile = buildfile(cookiefile);
 	scriptfile = buildfile(scriptfile);
 	cachedir   = buildpath(cachedir);
+	certdir    = buildpath(certdir);
 
 	gdkkb = gdk_seat_get_keyboard(gdk_display_get_default_seat(gdpy));
 
+	for (i = 0; i < LENGTH(certs); ++i) {
+		if (regcomp(&(certs[i].re), certs[i].regex, REG_EXTENDED)) {
+			fprintf(stderr, "Could not compile regex: %s\n",
+			        certs[i].regex);
+			certs[i].regex = NULL;
+		}
+		certs[i].file = g_strconcat(certdir, "/", certs[i].file, NULL);
+	}
+
 	if (!stylefile) {
 		styledir = buildpath(styledir);
 		for (i = 0; i < LENGTH(styles); ++i) {
@@ -642,6 +655,10 @@ setparameter(Client *c, int refresh, ParamName p, const Arg *a)
 		webkit_settings_set_enable_caret_browsing(s, a->b);
 		refresh = 0;
 		break;
+	case Certificate:
+		if (a->b)
+			setcert(c, geturi(c));
+		return; /* do not update */
 	case CookiePolicies:
 		webkit_cookie_manager_set_accept_policy(
 		    webkit_web_context_get_cookie_manager(
@@ -737,6 +754,44 @@ setparameter(Client *c, int refresh, ParamName p, const Arg *a)
 		reload(c, a);
 }
 
+const char *
+getcert(const char *uri)
+{
+	int i;
+
+	for (i = 0; i < LENGTH(certs); ++i) {
+		if (certs[i].regex &&
+		    !regexec(&(certs[i].re), uri, 0, NULL, 0))
+			return certs[i].file;
+	}
+
+	return NULL;
+}
+
+void
+setcert(Client *c, const char *uri)
+{
+	const char *file = getcert(uri);
+	char *host;
+	GTlsCertificate *cert;
+
+	if (!file)
+		return;
+
+	if (!(cert = g_tls_certificate_new_from_file(file, NULL))) {
+		fprintf(stderr, "Could not read certificate file: %s\n", file);
+		return;
+	}
+
+	uri = strstr(uri, "://") + sizeof("://") - 1;
+	host = strndup(uri, strstr(uri, "/") - uri);
+
+	webkit_web_context_allow_tls_certificate_for_host(
+	    webkit_web_view_get_context(c->view), cert, host);
+
+	free(host);
+}
+
 const char *
 getstyle(const char *uri)
 {