Set strict ssl by default and handle insecure content

Non-https content in https pages is now handled separately from https
connection establishment.
This commit is contained in:
Quentin Rameau 2016-07-08 18:27:07 +02:00
parent 2355c20e92
commit 0247e91b00
2 changed files with 20 additions and 11 deletions

View file

@ -30,7 +30,7 @@ static Parameter defconfig[ParameterLast] = {
SETB(SiteQuirks, 1), SETB(SiteQuirks, 1),
SETB(SpellChecking, 0), SETB(SpellChecking, 0),
SETV(SpellLanguages, ((char *[]){ "en_US", NULL })), SETV(SpellLanguages, ((char *[]){ "en_US", NULL })),
SETB(StrictSSL, 0), SETB(StrictSSL, 1),
SETB(Style, 1), SETB(Style, 1),
SETF(ZoomLevel, 1.0), SETF(ZoomLevel, 1.0),
}; };

29
surf.c
View file

@ -104,9 +104,9 @@ typedef struct Client {
WebKitWebInspector *inspector; WebKitWebInspector *inspector;
WebKitFindController *finder; WebKitFindController *finder;
WebKitHitTestResult *mousepos; WebKitHitTestResult *mousepos;
GTlsCertificateFlags tlsflags; GTlsCertificateFlags tlserr;
Window xid; Window xid;
int progress, fullscreen; int progress, fullscreen, https, insecure;
const char *title, *overtitle, *targeturi; const char *title, *overtitle, *targeturi;
const char *needle; const char *needle;
struct Client *next; struct Client *next;
@ -196,6 +196,8 @@ static gboolean decidepolicy(WebKitWebView *v, WebKitPolicyDecision *d,
static void decidenavigation(WebKitPolicyDecision *d, Client *c); static void decidenavigation(WebKitPolicyDecision *d, Client *c);
static void decidenewwindow(WebKitPolicyDecision *d, Client *c); static void decidenewwindow(WebKitPolicyDecision *d, Client *c);
static void decideresource(WebKitPolicyDecision *d, Client *c); static void decideresource(WebKitPolicyDecision *d, Client *c);
static void insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e,
Client *c);
static void downloadstarted(WebKitWebContext *wc, WebKitDownload *d, static void downloadstarted(WebKitWebContext *wc, WebKitDownload *d,
Client *c); Client *c);
static void responsereceived(WebKitDownload *d, GParamSpec *ps, Client *c); static void responsereceived(WebKitDownload *d, GParamSpec *ps, Client *c);
@ -452,7 +454,6 @@ newclient(Client *rc)
clients = c; clients = c;
c->progress = 100; c->progress = 100;
c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
c->view = newview(c, rc ? rc->view : NULL); c->view = newview(c, rc ? rc->view : NULL);
return c; return c;
@ -574,8 +575,10 @@ gettogglestats(Client *c)
void void
getpagestats(Client *c) getpagestats(Client *c)
{ {
pagestats[0] = c->tlsflags > G_TLS_CERTIFICATE_VALIDATE_ALL ? '-' : if (c->https)
c->tlsflags > 0 ? 'U' : 'T'; pagestats[0] = (c->tlserr || c->insecure) ? 'U' : 'T';
else
pagestats[0] = '-';
pagestats[1] = '\0'; pagestats[1] = '\0';
} }
@ -1006,6 +1009,8 @@ newview(Client *c, WebKitWebView *rv)
G_CALLBACK(createview), c); G_CALLBACK(createview), c);
g_signal_connect(G_OBJECT(v), "decide-policy", g_signal_connect(G_OBJECT(v), "decide-policy",
G_CALLBACK(decidepolicy), c); G_CALLBACK(decidepolicy), c);
g_signal_connect(G_OBJECT(v), "insecure-content-detected",
G_CALLBACK(insecurecontent), c);
g_signal_connect(G_OBJECT(v), "load-changed", g_signal_connect(G_OBJECT(v), "load-changed",
G_CALLBACK(loadchanged), c); G_CALLBACK(loadchanged), c);
g_signal_connect(G_OBJECT(v), "mouse-target-changed", g_signal_connect(G_OBJECT(v), "mouse-target-changed",
@ -1227,7 +1232,7 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
curconfig = defconfig; curconfig = defconfig;
setatom(c, AtomUri, title); setatom(c, AtomUri, title);
c->title = title; c->title = title;
c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1; c->https = c->insecure = 0;
seturiparameters(c, geturi(c)); seturiparameters(c, geturi(c));
break; break;
case WEBKIT_LOAD_REDIRECTED: case WEBKIT_LOAD_REDIRECTED:
@ -1236,10 +1241,8 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
seturiparameters(c, geturi(c)); seturiparameters(c, geturi(c));
break; break;
case WEBKIT_LOAD_COMMITTED: case WEBKIT_LOAD_COMMITTED:
if (!webkit_web_view_get_tls_info(c->view, NULL, c->https = webkit_web_view_get_tls_info(c->view, NULL,
&(c->tlsflags))) &c->tlserr);
c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
break; break;
case WEBKIT_LOAD_FINISHED: case WEBKIT_LOAD_FINISHED:
/* Disabled until we write some WebKitWebExtension for /* Disabled until we write some WebKitWebExtension for
@ -1426,6 +1429,12 @@ decideresource(WebKitPolicyDecision *d, Client *c)
} }
} }
void
insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e, Client *c)
{
c->insecure = 1;
}
void void
downloadstarted(WebKitWebContext *wc, WebKitDownload *d, Client *c) downloadstarted(WebKitWebContext *wc, WebKitDownload *d, Client *c)
{ {