surf

surf browser, a WebKit based browser
git clone git://git.suckless.org/surf
Log | Files | Refs | README | LICENSE

commit 1dc3cd513a75570cc2fc33a86d4af565ecf9255e
parent c870098b82f1dfc3cd59cd8c90cea580bd01cb47
Author: Quentin Rameau <quinq@fifth.space>
Date:   Sat, 29 Apr 2017 14:49:04 +0200

Display an error message and certificate on tls error

Diffstat:
Mconfig.mk | 7++++---
Msurf.c | 51+++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/config.mk b/config.mk @@ -11,15 +11,16 @@ LIBPREFIX = $(PREFIX)/lib/surf X11INC = /usr/X11R6/include X11LIB = /usr/X11R6/lib -GTKINC = `pkg-config --cflags gtk+-3.0 webkit2gtk-4.0` -GTKLIB = `pkg-config --libs gtk+-3.0 webkit2gtk-4.0` +GTKINC = `pkg-config --cflags gtk+-3.0 gcr-3 webkit2gtk-4.0` +GTKLIB = `pkg-config --libs gtk+-3.0 gcr-3 webkit2gtk-4.0` # includes and libs INCS = -I$(X11INC) $(GTKINC) LIBS = -L$(X11LIB) -lX11 $(GTKLIB) -lgthread-2.0 # flags -CPPFLAGS = -DVERSION=\"${VERSION}\" -DWEBEXTDIR=\"${LIBPREFIX}\" -D_DEFAULT_SOURCE +CPPFLAGS = -DVERSION=\"${VERSION}\" -DWEBEXTDIR=\"${LIBPREFIX}\" \ + -D_DEFAULT_SOURCE -DGCR_API_SUBJECT_TO_CHANGE SURF_CFLAGS = $(INCS) $(CPPFLAGS) $(CFLAGS) SURF_LDFLAGS = $(LIBS) $(LDFLAGS) diff --git a/surf.c b/surf.c @@ -22,6 +22,7 @@ #include <glib/gstdio.h> #include <gtk/gtk.h> #include <gtk/gtkx.h> +#include <gcr/gcr.h> #include <JavaScriptCore/JavaScript.h> #include <webkit2/webkit2.h> #include <X11/X.h> @@ -187,6 +188,9 @@ static GdkFilterReturn processx(GdkXEvent *xevent, GdkEvent *event, static gboolean winevent(GtkWidget *w, GdkEvent *e, Client *c); static void showview(WebKitWebView *v, Client *c); static GtkWidget *createwindow(Client *c); +static gboolean loadfailedtls(WebKitWebView *v, gchar *uri, + GTlsCertificate *cert, + GTlsCertificateFlags err, Client *c); static void loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c); static void progresschanged(WebKitWebView *v, GParamSpec *ps, Client *c); static void titlechanged(WebKitWebView *view, GParamSpec *ps, Client *c); @@ -1070,6 +1074,8 @@ newview(Client *c, WebKitWebView *rv) G_CALLBACK(decidepolicy), c); g_signal_connect(G_OBJECT(v), "insecure-content-detected", G_CALLBACK(insecurecontent), c); + g_signal_connect(G_OBJECT(v), "load-failed-with-tls-errors", + G_CALLBACK(loadfailedtls), c); g_signal_connect(G_OBJECT(v), "load-changed", G_CALLBACK(loadchanged), c); g_signal_connect(G_OBJECT(v), "mouse-target-changed", @@ -1281,6 +1287,51 @@ createwindow(Client *c) return w; } +gboolean +loadfailedtls(WebKitWebView *v, gchar *uri, GTlsCertificate *cert, + GTlsCertificateFlags err, Client *c) +{ + GString *errmsg = g_string_new(NULL); + gchar *html, *pem; + + c->tlserr = err; + + if (err & G_TLS_CERTIFICATE_UNKNOWN_CA) + g_string_append(errmsg, + "The signing certificate authority is not known.<br>"); + if (err & G_TLS_CERTIFICATE_BAD_IDENTITY) + g_string_append(errmsg, + "The certificate does not match the expected identity " + "of the site that it was retrieved from.<br>"); + if (err & G_TLS_CERTIFICATE_NOT_ACTIVATED) + g_string_append(errmsg, + "The certificate's activation time " + "is still in the future.<br>"); + if (err & G_TLS_CERTIFICATE_EXPIRED) + g_string_append(errmsg, "The certificate has expired.<br>"); + if (err & G_TLS_CERTIFICATE_REVOKED) + g_string_append(errmsg, + "The certificate has been revoked according to " + "the GTlsConnection's certificate revocation list.<br>"); + if (err & G_TLS_CERTIFICATE_INSECURE) + g_string_append(errmsg, + "The certificate's algorithm is considered insecure.<br>"); + if (err & G_TLS_CERTIFICATE_GENERIC_ERROR) + g_string_append(errmsg, + "Some error occurred validating the certificate.<br>"); + + g_object_get(cert, "certificate-pem", &pem, NULL); + html = g_strdup_printf("<p>Could not validate TLS for ā€œ%sā€<br>%s</p>" + "<p><pre>%s</pre><p>", uri, errmsg->str, pem); + g_free(pem); + g_string_free(errmsg, TRUE); + + webkit_web_view_load_alternate_html(c->view, html, uri, NULL); + g_free(html); + + return TRUE; +} + void loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) {