[hackers] [surf] Display an error message and certificate on tls error || Quentin Rameau

From: <git_AT_suckless.org>
Date: Sun, 30 Apr 2017 23:25:11 +0200 (CEST)

commit 1dc3cd513a75570cc2fc33a86d4af565ecf9255e
Author: Quentin Rameau <quinq_AT_fifth.space>
AuthorDate: Sat Apr 29 14:49:04 2017 +0200
Commit: Quentin Rameau <quinq_AT_fifth.space>
CommitDate: Sat Apr 29 16:34:48 2017 +0200

    Display an error message and certificate on tls error

diff --git a/config.mk b/config.mk
index 5bec3e5..7972bb6 100644
--- a/config.mk
+++ b/config.mk
_AT_@ -11,15 +11,16 @@ LIBPREFIX = $(PREFIX)/lib/surf
 X11INC = /usr/X11R6/include
 X11LIB = /usr/X11R6/lib
 
-GTKINC = `pkg-config --cflags gtk+-3.0 webkit2gtk-4.0`
-GTKLIB = `pkg-config --libs gtk+-3.0 webkit2gtk-4.0`
+GTKINC = `pkg-config --cflags gtk+-3.0 gcr-3 webkit2gtk-4.0`
+GTKLIB = `pkg-config --libs gtk+-3.0 gcr-3 webkit2gtk-4.0`
 
 # includes and libs
 INCS = -I$(X11INC) $(GTKINC)
 LIBS = -L$(X11LIB) -lX11 $(GTKLIB) -lgthread-2.0
 
 # flags
-CPPFLAGS = -DVERSION=\"${VERSION}\" -DWEBEXTDIR=\"${LIBPREFIX}\" -D_DEFAULT_SOURCE
+CPPFLAGS = -DVERSION=\"${VERSION}\" -DWEBEXTDIR=\"${LIBPREFIX}\" \
+ -D_DEFAULT_SOURCE -DGCR_API_SUBJECT_TO_CHANGE
 SURF_CFLAGS = $(INCS) $(CPPFLAGS) $(CFLAGS)
 SURF_LDFLAGS = $(LIBS) $(LDFLAGS)
 
diff --git a/surf.c b/surf.c
index 88dfd75..40f514f 100644
--- a/surf.c
+++ b/surf.c
_AT_@ -22,6 +22,7 @@
 #include <glib/gstdio.h>
 #include <gtk/gtk.h>
 #include <gtk/gtkx.h>
+#include <gcr/gcr.h>
 #include <JavaScriptCore/JavaScript.h>
 #include <webkit2/webkit2.h>
 #include <X11/X.h>
_AT_@ -187,6 +188,9 @@ static GdkFilterReturn processx(GdkXEvent *xevent, GdkEvent *event,
 static gboolean winevent(GtkWidget *w, GdkEvent *e, Client *c);
 static void showview(WebKitWebView *v, Client *c);
 static GtkWidget *createwindow(Client *c);
+static gboolean loadfailedtls(WebKitWebView *v, gchar *uri,
+ GTlsCertificate *cert,
+ GTlsCertificateFlags err, Client *c);
 static void loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c);
 static void progresschanged(WebKitWebView *v, GParamSpec *ps, Client *c);
 static void titlechanged(WebKitWebView *view, GParamSpec *ps, Client *c);
_AT_@ -1070,6 +1074,8 @@ newview(Client *c, WebKitWebView *rv)
                          G_CALLBACK(decidepolicy), c);
         g_signal_connect(G_OBJECT(v), "insecure-content-detected",
                          G_CALLBACK(insecurecontent), c);
+ g_signal_connect(G_OBJECT(v), "load-failed-with-tls-errors",
+ G_CALLBACK(loadfailedtls), c);
         g_signal_connect(G_OBJECT(v), "load-changed",
                          G_CALLBACK(loadchanged), c);
         g_signal_connect(G_OBJECT(v), "mouse-target-changed",
_AT_@ -1281,6 +1287,51 @@ createwindow(Client *c)
         return w;
 }
 
+gboolean
+loadfailedtls(WebKitWebView *v, gchar *uri, GTlsCertificate *cert,
+ GTlsCertificateFlags err, Client *c)
+{
+ GString *errmsg = g_string_new(NULL);
+ gchar *html, *pem;
+
+ c->tlserr = err;
+
+ if (err & G_TLS_CERTIFICATE_UNKNOWN_CA)
+ g_string_append(errmsg,
+ "The signing certificate authority is not known.<br>");
+ if (err & G_TLS_CERTIFICATE_BAD_IDENTITY)
+ g_string_append(errmsg,
+ "The certificate does not match the expected identity "
+ "of the site that it was retrieved from.<br>");
+ if (err & G_TLS_CERTIFICATE_NOT_ACTIVATED)
+ g_string_append(errmsg,
+ "The certificate's activation time "
+ "is still in the future.<br>");
+ if (err & G_TLS_CERTIFICATE_EXPIRED)
+ g_string_append(errmsg, "The certificate has expired.<br>");
+ if (err & G_TLS_CERTIFICATE_REVOKED)
+ g_string_append(errmsg,
+ "The certificate has been revoked according to "
+ "the GTlsConnection's certificate revocation list.<br>");
+ if (err & G_TLS_CERTIFICATE_INSECURE)
+ g_string_append(errmsg,
+ "The certificate's algorithm is considered insecure.<br>");
+ if (err & G_TLS_CERTIFICATE_GENERIC_ERROR)
+ g_string_append(errmsg,
+ "Some error occurred validating the certificate.<br>");
+
+ g_object_get(cert, "certificate-pem", &pem, NULL);
+ html = g_strdup_printf("<p>Could not validate TLS for ā€œ%sā€<br>%s</p>"
+ "<p><pre>%s</pre><p>", uri, errmsg->str, pem);
+ g_free(pem);
+ g_string_free(errmsg, TRUE);
+
+ webkit_web_view_load_alternate_html(c->view, html, uri, NULL);
+ g_free(html);
+
+ return TRUE;
+}
+
 void
 loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c)
 {
Received on Sun Apr 30 2017 - 23:25:11 CEST

This archive was generated by hypermail 2.3.0 : Sun Apr 30 2017 - 23:36:43 CEST