From: Troels Henriksen Date: Fri, 4 Nov 2011 12:23:57 +0000 (+0100) Subject: Add SSL verification patch by Nick White. X-Git-Url: https://git.danieliu.xyz/?a=commitdiff_plain;h=bc73b48743eb0b51905322cad25b4647569e7996;p=surf.git Add SSL verification patch by Nick White. --- diff --git a/config.def.h b/config.def.h index bea744c..dd18e83 100644 --- a/config.def.h +++ b/config.def.h @@ -1,11 +1,14 @@ /* modifier 0 means no modifier */ static char *useragent = "Surf/"VERSION" (X11; U; Unix; en-US) AppleWebKit/531.2+ Compatible (Safari)"; -static char *progress = "#FF0000"; +static char *progress = "#0066FF"; +static char *progress_untrust = "#FF6600"; static char *progress_trust = "#00FF00"; static char *stylefile = ".surf/style.css"; static char *scriptfile = ".surf/script.js"; static char *cookiefile = ".surf/cookies.txt"; static time_t sessiontime = 3600; +static char *cafile = "/etc/ssl/certs/ca-certificates.crt"; +static char *strictssl = FALSE; /* Refuse untrusted SSL connections */ #define HIDE_BACKGROUND FALSE #define SETPROP(p, q) { .v = (char *[]){ "/bin/sh", "-c", \ diff --git a/surf.c b/surf.c index 60d1b14..492c836 100644 --- a/surf.c +++ b/surf.c @@ -37,6 +37,7 @@ typedef struct Client { char *title, *linkhover; const char *uri, *needle; gint progress; + gboolean sslfailed; struct Client *next; gboolean zoomed; } Client; @@ -260,8 +261,11 @@ drawindicator(Client *c) { w = c->indicator; width = c->progress * w->allocation.width / 100; gc = gdk_gc_new(w->window); - gdk_color_parse(strstr(uri, "https://") == uri ? - progress_trust : progress, &fg); + if(strstr(uri, "https://") == uri) + gdk_color_parse(c->sslfailed ? + progress_untrust : progress_trust, &fg); + else + gdk_color_parse(progress, &fg); gdk_gc_set_rgb_fg_color(gc, &fg); gdk_draw_rectangle(w->window, w->style->bg_gc[GTK_WIDGET_STATE(w)], @@ -377,9 +381,24 @@ linkhover(WebKitWebView *v, const char* t, const char* l, Client *c) { void loadstatuschange(WebKitWebView *view, GParamSpec *pspec, Client *c) { + WebKitWebFrame *frame; + WebKitWebDataSource *src; + WebKitNetworkRequest *request; + SoupMessage *msg; + char *uri; + switch(webkit_web_view_get_load_status (c->view)) { case WEBKIT_LOAD_COMMITTED: - setatom(c, AtomUri, geturi(c)); + uri = geturi(c); + if(strstr(uri, "https://") == uri) { + frame = webkit_web_view_get_main_frame(c->view); + src = webkit_web_frame_get_data_source(frame); + request = webkit_web_data_source_get_request(src); + msg = webkit_network_request_get_message(request); + c->sslfailed = soup_message_get_flags(msg) + ^ SOUP_MESSAGE_CERTIFICATE_TRUSTED; + } + setatom(c, AtomUri, uri); break; case WEBKIT_LOAD_FINISHED: c->progress = 0; @@ -708,6 +727,10 @@ setup(void) { soup_session_remove_feature_by_type(s, soup_cookie_jar_get_type()); g_signal_connect_after(G_OBJECT(s), "request-started", G_CALLBACK(newrequest), NULL); + /* ssl */ + g_object_set(G_OBJECT(s), "ssl-ca-file", cafile, NULL); + g_object_set(G_OBJECT(s), "ssl-strict", strictssl, NULL); + /* proxy */ if((proxy = getenv("http_proxy")) && strcmp(proxy, "")) { new_proxy = g_strrstr(proxy, "http://") ? g_strdup(proxy) :