[hackers] [surf/surf-webkit2] Set strict ssl by default and handle insecure content || Quentin Rameau

From: <git_AT_suckless.org>
Date: Thu, 20 Apr 2017 12:21:29 +0200 (CEST)

commit 0247e91b0067c715b19dedd7a3012624ee61576a
Author: Quentin Rameau <quinq_AT_fifth.space>
AuthorDate: Fri Jul 8 18:27:07 2016 +0200
Commit: Quentin Rameau <quinq_AT_fifth.space>
CommitDate: Wed Apr 19 17:41:23 2017 +0200

    Set strict ssl by default and handle insecure content
    
    Non-https content in https pages is now handled separately from https
    connection establishment.

diff --git a/config.def.h b/config.def.h
index 0ade76e..fca81c3 100644
--- a/config.def.h
+++ b/config.def.h
_AT_@ -30,7 +30,7 @@ static Parameter defconfig[ParameterLast] = {
         SETB(SiteQuirks, 1),
         SETB(SpellChecking, 0),
         SETV(SpellLanguages, ((char *[]){ "en_US", NULL })),
- SETB(StrictSSL, 0),
+ SETB(StrictSSL, 1),
         SETB(Style, 1),
         SETF(ZoomLevel, 1.0),
 };
diff --git a/surf.c b/surf.c
index 0f7e049..40c7fe4 100644
--- a/surf.c
+++ b/surf.c
_AT_@ -104,9 +104,9 @@ typedef struct Client {
         WebKitWebInspector *inspector;
         WebKitFindController *finder;
         WebKitHitTestResult *mousepos;
- GTlsCertificateFlags tlsflags;
+ GTlsCertificateFlags tlserr;
         Window xid;
- int progress, fullscreen;
+ int progress, fullscreen, https, insecure;
         const char *title, *overtitle, *targeturi;
         const char *needle;
         struct Client *next;
_AT_@ -196,6 +196,8 @@ static gboolean decidepolicy(WebKitWebView *v, WebKitPolicyDecision *d,
 static void decidenavigation(WebKitPolicyDecision *d, Client *c);
 static void decidenewwindow(WebKitPolicyDecision *d, Client *c);
 static void decideresource(WebKitPolicyDecision *d, Client *c);
+static void insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e,
+ Client *c);
 static void downloadstarted(WebKitWebContext *wc, WebKitDownload *d,
                             Client *c);
 static void responsereceived(WebKitDownload *d, GParamSpec *ps, Client *c);
_AT_@ -452,7 +454,6 @@ newclient(Client *rc)
         clients = c;
 
         c->progress = 100;
- c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
         c->view = newview(c, rc ? rc->view : NULL);
 
         return c;
_AT_@ -574,8 +575,10 @@ gettogglestats(Client *c)
 void
 getpagestats(Client *c)
 {
- pagestats[0] = c->tlsflags > G_TLS_CERTIFICATE_VALIDATE_ALL ? '-' :
- c->tlsflags > 0 ? 'U' : 'T';
+ if (c->https)
+ pagestats[0] = (c->tlserr || c->insecure) ? 'U' : 'T';
+ else
+ pagestats[0] = '-';
         pagestats[1] = '\0';
 }
 
_AT_@ -1006,6 +1009,8 @@ newview(Client *c, WebKitWebView *rv)
                          G_CALLBACK(createview), c);
         g_signal_connect(G_OBJECT(v), "decide-policy",
                          G_CALLBACK(decidepolicy), c);
+ g_signal_connect(G_OBJECT(v), "insecure-content-detected",
+ G_CALLBACK(insecurecontent), c);
         g_signal_connect(G_OBJECT(v), "load-changed",
                          G_CALLBACK(loadchanged), c);
         g_signal_connect(G_OBJECT(v), "mouse-target-changed",
_AT_@ -1227,7 +1232,7 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
                 curconfig = defconfig;
                 setatom(c, AtomUri, title);
                 c->title = title;
- c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
+ c->https = c->insecure = 0;
                 seturiparameters(c, geturi(c));
                 break;
         case WEBKIT_LOAD_REDIRECTED:
_AT_@ -1236,10 +1241,8 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
                 seturiparameters(c, geturi(c));
                 break;
         case WEBKIT_LOAD_COMMITTED:
- if (!webkit_web_view_get_tls_info(c->view, NULL,
- &(c->tlsflags)))
- c->tlsflags = G_TLS_CERTIFICATE_VALIDATE_ALL + 1;
-
+ c->https = webkit_web_view_get_tls_info(c->view, NULL,
+ &c->tlserr);
                 break;
         case WEBKIT_LOAD_FINISHED:
                 /* Disabled until we write some WebKitWebExtension for
_AT_@ -1427,6 +1430,12 @@ decideresource(WebKitPolicyDecision *d, Client *c)
 }
 
 void
+insecurecontent(WebKitWebView *v, WebKitInsecureContentEvent e, Client *c)
+{
+ c->insecure = 1;
+}
+
+void
 downloadstarted(WebKitWebContext *wc, WebKitDownload *d, Client *c)
 {
         g_signal_connect(G_OBJECT(d), "notify::response",
Received on Thu Apr 20 2017 - 12:21:29 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 20 2017 - 12:24:20 CEST