Add SSL verification patch by Nick White.
This commit is contained in:
parent
2e62372969
commit
bc73b48743
|
@ -1,11 +1,14 @@
|
||||||
/* modifier 0 means no modifier */
|
/* modifier 0 means no modifier */
|
||||||
static char *useragent = "Surf/"VERSION" (X11; U; Unix; en-US) AppleWebKit/531.2+ Compatible (Safari)";
|
static char *useragent = "Surf/"VERSION" (X11; U; Unix; en-US) AppleWebKit/531.2+ Compatible (Safari)";
|
||||||
static char *progress = "#FF0000";
|
static char *progress = "#0066FF";
|
||||||
|
static char *progress_untrust = "#FF6600";
|
||||||
static char *progress_trust = "#00FF00";
|
static char *progress_trust = "#00FF00";
|
||||||
static char *stylefile = ".surf/style.css";
|
static char *stylefile = ".surf/style.css";
|
||||||
static char *scriptfile = ".surf/script.js";
|
static char *scriptfile = ".surf/script.js";
|
||||||
static char *cookiefile = ".surf/cookies.txt";
|
static char *cookiefile = ".surf/cookies.txt";
|
||||||
static time_t sessiontime = 3600;
|
static time_t sessiontime = 3600;
|
||||||
|
static char *cafile = "/etc/ssl/certs/ca-certificates.crt";
|
||||||
|
static char *strictssl = FALSE; /* Refuse untrusted SSL connections */
|
||||||
#define HIDE_BACKGROUND FALSE
|
#define HIDE_BACKGROUND FALSE
|
||||||
|
|
||||||
#define SETPROP(p, q) { .v = (char *[]){ "/bin/sh", "-c", \
|
#define SETPROP(p, q) { .v = (char *[]){ "/bin/sh", "-c", \
|
||||||
|
|
29
surf.c
29
surf.c
|
@ -37,6 +37,7 @@ typedef struct Client {
|
||||||
char *title, *linkhover;
|
char *title, *linkhover;
|
||||||
const char *uri, *needle;
|
const char *uri, *needle;
|
||||||
gint progress;
|
gint progress;
|
||||||
|
gboolean sslfailed;
|
||||||
struct Client *next;
|
struct Client *next;
|
||||||
gboolean zoomed;
|
gboolean zoomed;
|
||||||
} Client;
|
} Client;
|
||||||
|
@ -260,8 +261,11 @@ drawindicator(Client *c) {
|
||||||
w = c->indicator;
|
w = c->indicator;
|
||||||
width = c->progress * w->allocation.width / 100;
|
width = c->progress * w->allocation.width / 100;
|
||||||
gc = gdk_gc_new(w->window);
|
gc = gdk_gc_new(w->window);
|
||||||
gdk_color_parse(strstr(uri, "https://") == uri ?
|
if(strstr(uri, "https://") == uri)
|
||||||
progress_trust : progress, &fg);
|
gdk_color_parse(c->sslfailed ?
|
||||||
|
progress_untrust : progress_trust, &fg);
|
||||||
|
else
|
||||||
|
gdk_color_parse(progress, &fg);
|
||||||
gdk_gc_set_rgb_fg_color(gc, &fg);
|
gdk_gc_set_rgb_fg_color(gc, &fg);
|
||||||
gdk_draw_rectangle(w->window,
|
gdk_draw_rectangle(w->window,
|
||||||
w->style->bg_gc[GTK_WIDGET_STATE(w)],
|
w->style->bg_gc[GTK_WIDGET_STATE(w)],
|
||||||
|
@ -377,9 +381,24 @@ linkhover(WebKitWebView *v, const char* t, const char* l, Client *c) {
|
||||||
|
|
||||||
void
|
void
|
||||||
loadstatuschange(WebKitWebView *view, GParamSpec *pspec, Client *c) {
|
loadstatuschange(WebKitWebView *view, GParamSpec *pspec, Client *c) {
|
||||||
|
WebKitWebFrame *frame;
|
||||||
|
WebKitWebDataSource *src;
|
||||||
|
WebKitNetworkRequest *request;
|
||||||
|
SoupMessage *msg;
|
||||||
|
char *uri;
|
||||||
|
|
||||||
switch(webkit_web_view_get_load_status (c->view)) {
|
switch(webkit_web_view_get_load_status (c->view)) {
|
||||||
case WEBKIT_LOAD_COMMITTED:
|
case WEBKIT_LOAD_COMMITTED:
|
||||||
setatom(c, AtomUri, geturi(c));
|
uri = geturi(c);
|
||||||
|
if(strstr(uri, "https://") == uri) {
|
||||||
|
frame = webkit_web_view_get_main_frame(c->view);
|
||||||
|
src = webkit_web_frame_get_data_source(frame);
|
||||||
|
request = webkit_web_data_source_get_request(src);
|
||||||
|
msg = webkit_network_request_get_message(request);
|
||||||
|
c->sslfailed = soup_message_get_flags(msg)
|
||||||
|
^ SOUP_MESSAGE_CERTIFICATE_TRUSTED;
|
||||||
|
}
|
||||||
|
setatom(c, AtomUri, uri);
|
||||||
break;
|
break;
|
||||||
case WEBKIT_LOAD_FINISHED:
|
case WEBKIT_LOAD_FINISHED:
|
||||||
c->progress = 0;
|
c->progress = 0;
|
||||||
|
@ -708,6 +727,10 @@ setup(void) {
|
||||||
soup_session_remove_feature_by_type(s, soup_cookie_jar_get_type());
|
soup_session_remove_feature_by_type(s, soup_cookie_jar_get_type());
|
||||||
g_signal_connect_after(G_OBJECT(s), "request-started", G_CALLBACK(newrequest), NULL);
|
g_signal_connect_after(G_OBJECT(s), "request-started", G_CALLBACK(newrequest), NULL);
|
||||||
|
|
||||||
|
/* ssl */
|
||||||
|
g_object_set(G_OBJECT(s), "ssl-ca-file", cafile, NULL);
|
||||||
|
g_object_set(G_OBJECT(s), "ssl-strict", strictssl, NULL);
|
||||||
|
|
||||||
/* proxy */
|
/* proxy */
|
||||||
if((proxy = getenv("http_proxy")) && strcmp(proxy, "")) {
|
if((proxy = getenv("http_proxy")) && strcmp(proxy, "")) {
|
||||||
new_proxy = g_strrstr(proxy, "http://") ? g_strdup(proxy) :
|
new_proxy = g_strrstr(proxy, "http://") ? g_strdup(proxy) :
|
||||||
|
|
Loading…
Reference in New Issue