Set strict ssl by default and handle insecure content
Non-https content in https pages is now handled separately from https connection establishment.
This commit is contained in:
parent
2355c20e92
commit
0247e91b00
2 changed files with 20 additions and 11 deletions
|
@ -30,7 +30,7 @@ static Parameter defconfig[ParameterLast] = {
|
|||
SETB(SiteQuirks, 1),
|
||||
SETB(SpellChecking, 0),
|
||||
SETV(SpellLanguages, ((char *[]){ "en_US", NULL })),
|
||||
SETB(StrictSSL, 0),
|
||||
SETB(StrictSSL, 1),
|
||||
SETB(Style, 1),
|
||||
SETF(ZoomLevel, 1.0),
|
||||
};
|
||||
|
|
29
surf.c
29
surf.c
|
@ -104,9 +104,9 @@ typedef struct Client {
|
|||
WebKitWebInspector *inspector;
|
||||
WebKitFindController *finder;
|
||||
WebKitHitTestResult *mousepos;
|
||||
GTlsCertificateFlags tlsflags;
|
||||
GTlsCertificateFlags tlserr;
|
||||
Window xid;
|
||||
int progress, fullscreen;
|
||||
int progress, fullscreen, https, insecure;
|
||||
const char *title, *overtitle, *targeturi;
|
||||
const char *needle;
|
||||
struct Client *next;
|
||||
|
@ -196,6 +196,8 @@ static gboolean decidepolicy(WebKitWebView *v, WebKitPolicyDecision *d,
|
|||
static void decidenavigation(WebKitPolicyDecision *d, Client *c);
|
||||
static void decidenewwindow(WebKitPolicyDecision *d, Client *c);
|
||||
static void decideresource(WebKitPolicyDecision *d, Client *c);
|
||||
static void insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e,
|
||||
Client *c);
|
||||
static void downloadstarted(WebKitWebContext *wc, WebKitDownload *d,
|
||||
Client *c);
|
||||
static void responsereceived(WebKitDownload *d, GParamSpec *ps, Client *c);
|
||||
|
@ -452,7 +454,6 @@ newclient(Client *rc)
|
|||
clients = c;
|
||||
|
||||
c->progress = 100;
|
||||
c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
|
||||
c->view = newview(c, rc ? rc->view : NULL);
|
||||
|
||||
return c;
|
||||
|
@ -574,8 +575,10 @@ gettogglestats(Client *c)
|
|||
void
|
||||
getpagestats(Client *c)
|
||||
{
|
||||
pagestats[0] = c->tlsflags > G_TLS_CERTIFICATE_VALIDATE_ALL ? '-' :
|
||||
c->tlsflags > 0 ? 'U' : 'T';
|
||||
if (c->https)
|
||||
pagestats[0] = (c->tlserr || c->insecure) ? 'U' : 'T';
|
||||
else
|
||||
pagestats[0] = '-';
|
||||
pagestats[1] = '\0';
|
||||
}
|
||||
|
||||
|
@ -1006,6 +1009,8 @@ newview(Client *c, WebKitWebView *rv)
|
|||
G_CALLBACK(createview), c);
|
||||
g_signal_connect(G_OBJECT(v), "decide-policy",
|
||||
G_CALLBACK(decidepolicy), c);
|
||||
g_signal_connect(G_OBJECT(v), "insecure-content-detected",
|
||||
G_CALLBACK(insecurecontent), c);
|
||||
g_signal_connect(G_OBJECT(v), "load-changed",
|
||||
G_CALLBACK(loadchanged), c);
|
||||
g_signal_connect(G_OBJECT(v), "mouse-target-changed",
|
||||
|
@ -1227,7 +1232,7 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
|
|||
curconfig = defconfig;
|
||||
setatom(c, AtomUri, title);
|
||||
c->title = title;
|
||||
c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
|
||||
c->https = c->insecure = 0;
|
||||
seturiparameters(c, geturi(c));
|
||||
break;
|
||||
case WEBKIT_LOAD_REDIRECTED:
|
||||
|
@ -1236,10 +1241,8 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
|
|||
seturiparameters(c, geturi(c));
|
||||
break;
|
||||
case WEBKIT_LOAD_COMMITTED:
|
||||
if (!webkit_web_view_get_tls_info(c->view, NULL,
|
||||
&(c->tlsflags)))
|
||||
c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
|
||||
|
||||
c->https = webkit_web_view_get_tls_info(c->view, NULL,
|
||||
&c->tlserr);
|
||||
break;
|
||||
case WEBKIT_LOAD_FINISHED:
|
||||
/* Disabled until we write some WebKitWebExtension for
|
||||
|
@ -1426,6 +1429,12 @@ decideresource(WebKitPolicyDecision *d, Client *c)
|
|||
}
|
||||
}
|
||||
|
||||
void
|
||||
insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e, Client *c)
|
||||
{
|
||||
c->insecure = 1;
|
||||
}
|
||||
|
||||
void
|
||||
downloadstarted(WebKitWebContext *wc, WebKitDownload *d, Client *c)
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue