From: Quentin Rameau Date: Fri, 8 Jul 2016 16:27:07 +0000 (+0200) Subject: Set strict ssl by default and handle insecure content X-Git-Url: https://git.danieliu.xyz/?a=commitdiff_plain;h=0247e91b0067c715b19dedd7a3012624ee61576a;p=surf.git Set strict ssl by default and handle insecure content Non-https content in https pages is now handled separately from https connection establishment. --- diff --git a/config.def.h b/config.def.h index 0ade76e..fca81c3 100644 --- a/config.def.h +++ b/config.def.h @@ -30,7 +30,7 @@ static Parameter defconfig[ParameterLast] = { SETB(SiteQuirks, 1), SETB(SpellChecking, 0), SETV(SpellLanguages, ((char *[]){ "en_US", NULL })), - SETB(StrictSSL, 0), + SETB(StrictSSL, 1), SETB(Style, 1), SETF(ZoomLevel, 1.0), }; diff --git a/surf.c b/surf.c index 0f7e049..40c7fe4 100644 --- a/surf.c +++ b/surf.c @@ -104,9 +104,9 @@ typedef struct Client { WebKitWebInspector *inspector; WebKitFindController *finder; WebKitHitTestResult *mousepos; - GTlsCertificateFlags tlsflags; + GTlsCertificateFlags tlserr; Window xid; - int progress, fullscreen; + int progress, fullscreen, https, insecure; const char *title, *overtitle, *targeturi; const char *needle; struct Client *next; @@ -196,6 +196,8 @@ static gboolean decidepolicy(WebKitWebView *v, WebKitPolicyDecision *d, static void decidenavigation(WebKitPolicyDecision *d, Client *c); static void decidenewwindow(WebKitPolicyDecision *d, Client *c); static void decideresource(WebKitPolicyDecision *d, Client *c); +static void insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e, + Client *c); static void downloadstarted(WebKitWebContext *wc, WebKitDownload *d, Client *c); static void responsereceived(WebKitDownload *d, GParamSpec *ps, Client *c); @@ -452,7 +454,6 @@ newclient(Client *rc) clients = c; c->progress = 100; - c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1; c->view = newview(c, rc ? rc->view : NULL); return c; @@ -574,8 +575,10 @@ gettogglestats(Client *c) void getpagestats(Client *c) { - pagestats[0] = c->tlsflags > G_TLS_CERTIFICATE_VALIDATE_ALL ? '-' : - c->tlsflags > 0 ? 'U' : 'T'; + if (c->https) + pagestats[0] = (c->tlserr || c->insecure) ? 'U' : 'T'; + else + pagestats[0] = '-'; pagestats[1] = '\0'; } @@ -1006,6 +1009,8 @@ newview(Client *c, WebKitWebView *rv) G_CALLBACK(createview), c); g_signal_connect(G_OBJECT(v), "decide-policy", G_CALLBACK(decidepolicy), c); + g_signal_connect(G_OBJECT(v), "insecure-content-detected", + G_CALLBACK(insecurecontent), c); g_signal_connect(G_OBJECT(v), "load-changed", G_CALLBACK(loadchanged), c); g_signal_connect(G_OBJECT(v), "mouse-target-changed", @@ -1227,7 +1232,7 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) curconfig = defconfig; setatom(c, AtomUri, title); c->title = title; - c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1; + c->https = c->insecure = 0; seturiparameters(c, geturi(c)); break; case WEBKIT_LOAD_REDIRECTED: @@ -1236,10 +1241,8 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) seturiparameters(c, geturi(c)); break; case WEBKIT_LOAD_COMMITTED: - if (!webkit_web_view_get_tls_info(c->view, NULL, - &(c->tlsflags))) - c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1; - + c->https = webkit_web_view_get_tls_info(c->view, NULL, + &c->tlserr); break; case WEBKIT_LOAD_FINISHED: /* Disabled until we write some WebKitWebExtension for @@ -1426,6 +1429,12 @@ decideresource(WebKitPolicyDecision *d, Client *c) } } +void +insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e, Client *c) +{ + c->insecure = 1; +} + void downloadstarted(WebKitWebContext *wc, WebKitDownload *d, Client *c) {