[PATCH] Print certificate errors on stderr from Nick White on 2014-02-03 (dev mail list archive)

From: Nick White <git_AT_njw.me.uk>
Date: Mon, 3 Feb 2014 17:02:43 +0000

---
 surf.c |   43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
diff --git a/surf.c b/surf.c
index e967672..14de226 100644
--- a/surf.c
+++ b/surf.c
_AT_@ -69,6 +69,21 @@ typedef struct {
 	SoupCookieJarTextClass parent_class;
 } CookieJarClass;
 
+typedef struct {
+	int flag;
+	char *errstr;
+} TlsError;
+
+static TlsError tlserrors[] = {
+	{ G_TLS_CERTIFICATE_UNKNOWN_CA, "The signing certificate authority is not known." },
+	{ G_TLS_CERTIFICATE_BAD_IDENTITY, "The certificate does not match the expected identity of the site that it was retrieved from." },
+	{ G_TLS_CERTIFICATE_NOT_ACTIVATED, "The certificate's activation time is still in the future." },
+	{ G_TLS_CERTIFICATE_EXPIRED, "The certificate has expired." },
+	{ G_TLS_CERTIFICATE_REVOKED, "The certificate has been revoked." },
+	{ G_TLS_CERTIFICATE_INSECURE, "The certificate's algorithm is considered insecure." },
+	{ G_TLS_CERTIFICATE_GENERIC_ERROR, "A general error occurred validating the certificate." },
+};
+
 G_DEFINE_TYPE(CookieJar, cookiejar, SOUP_TYPE_COOKIE_JAR_TEXT)
 
 static Display *dpy;
_AT_@ -630,7 +645,13 @@ loadstatuschange(WebKitWebView *view, GParamSpec *pspec, Client *c) {
 	WebKitWebDataSource *src;
 	WebKitNetworkRequest *request;
 	SoupMessage *msg;
+	SoupSession *session;
+	GTlsCertificate *cert;
+	GTlsCertificateFlags flags;
 	char *uri;
+	char *cut_uri;
+	char *s;
+	int i;
 
 	switch(webkit_web_view_get_load_status (c->view)) {
 	case WEBKIT_LOAD_COMMITTED:
_AT_@ -642,6 +663,28 @@ loadstatuschange(WebKitWebView *view, GParamSpec *pspec, Client *c) {
 			msg = webkit_network_request_get_message(request);
 			c->sslfailed = !(soup_message_get_flags(msg)
 			                & SOUP_MESSAGE_CERTIFICATE_TRUSTED);
+			if(c->sslfailed) {
+				/* For some reason the https status can't be got from webkit's soup msg,
+				 * so we make a dummy connection to the server's homepage here. */
+				cut_uri = g_strdup(uri);
+				s = cut_uri;
+				for (i = 0; i < 3; ++i) {
+					s = strchr(&(s[1]), '/');
+				}
+				s[1] = '\0';
+				msg = soup_message_new("HEAD", uri);
+				soup_message_set_flags(msg, SOUP_MESSAGE_NO_REDIRECT);
+				session = webkit_get_default_session();
+				soup_session_send_message(session, msg);
+
+				soup_message_get_https_status(msg, &cert, &flags);
+
+				for(i = 0; i < LENGTH(tlserrors); i++) {
+					if(flags & tlserrors[i].flag) {
+						fprintf(stderr, "%s - %s\n", uri, tlserrors[i].errstr);
+					}
+				}
+			}
 		}
 		setatom(c, AtomUri, uri);
 		break;
-- 
1.7.10.4
--bg08WKrSYDhXBjb5--

Received on Mon Sep 17 2001 - 00:00:00 CEST

This archive was generated by hypermail 2.3.0 : Tue Feb 25 2014 - 20:12:02 CET