diff options
| author | Peter Hofmann <scm@uninformativ.de> | 2015-01-05 20:05:35 +0100 |
|---|---|---|
| committer | Peter Hofmann <scm@uninformativ.de> | 2015-01-05 20:31:10 +0100 |
| commit | 99e3756464d92b496cd5e118da46c560bf213c15 (patch) | |
| tree | 5924a8945e7fc16f09b6daa717c66fcd918fad11 /browser.c | |
| parent | 60f2fc63302340ea2be9c07098d4f5191fbc032a (diff) | |
| download | lariza-99e3756464d92b496cd5e118da46c560bf213c15.tar.gz | |
Implement a simple certificate trust store
The WebKit1 version of lariza simply ignored certificate errors. I could
have turned off validation in WebKit2 as well, but I wanted to try to do
it right. :-)
Closes #12.
Diffstat (limited to 'browser.c')
| -rw-r--r-- | browser.c | 38 |
1 files changed, 38 insertions, 0 deletions
@@ -41,6 +41,7 @@ static gboolean keywords_try_search(WebKitWebView *, const gchar *); static gboolean remote_msg(GIOChannel *, GIOCondition, gpointer); static void search(gpointer, gint); static Window tabbed_launch(void); +static void trust_user_certs(WebKitWebContext *); static void usage(void); @@ -187,6 +188,8 @@ client_new(const gchar *uri) g_signal_connect(G_OBJECT(wc), "download-started", G_CALLBACK(download_handle_start), NULL); + trust_user_certs(wc); + initial_wc_setup_done = TRUE; } @@ -593,6 +596,7 @@ key_location(GtkWidget *widget, GdkEvent *event, gpointer data) struct Client *c = (struct Client *)data; const gchar *t; gchar *f; + WebKitWebContext *wc = webkit_web_view_get_context(WEBKIT_WEB_VIEW(c->web_view)); if (event->type == GDK_KEY_PRESS) { @@ -614,6 +618,9 @@ key_location(GtkWidget *widget, GdkEvent *event, gpointer data) gtk_entry_set_text(GTK_ENTRY(c->location), "/"); gtk_editable_set_position(GTK_EDITABLE(c->location), -1); return TRUE; + case GDK_KEY_c: /* reload trusted certs (left hand) */ + trust_user_certs(wc); + return TRUE; } } else @@ -656,6 +663,7 @@ key_web_view(GtkWidget *widget, GdkEvent *event, gpointer data) gdouble dx, dy; gchar *f; gfloat z; + WebKitWebContext *wc = webkit_web_view_get_context(WEBKIT_WEB_VIEW(c->web_view)); if (event->type == GDK_KEY_PRESS) { @@ -698,6 +706,9 @@ key_web_view(GtkWidget *widget, GdkEvent *event, gpointer data) gtk_entry_set_text(GTK_ENTRY(c->location), "/"); gtk_editable_set_position(GTK_EDITABLE(c->location), -1); return TRUE; + case GDK_KEY_c: /* reload trusted certs (left hand) */ + trust_user_certs(wc); + return TRUE; } } else if (((GdkEventKey *)event)->keyval == GDK_KEY_Escape) @@ -883,6 +894,33 @@ tabbed_launch(void) } void +trust_user_certs(WebKitWebContext *wc) +{ + GTlsCertificate *cert; + const gchar *basedir, *file, *absfile; + GDir *dir; + + basedir = g_build_filename(g_get_user_config_dir(), __NAME__, "certs", NULL); + dir = g_dir_open(basedir, 0, NULL); + if (dir != NULL) + { + file = g_dir_read_name(dir); + while (file != NULL) + { + absfile = g_build_filename(g_get_user_config_dir(), __NAME__, "certs", + file, NULL); + cert = g_tls_certificate_new_from_file(absfile, NULL); + if (cert == NULL) + fprintf(stderr, __NAME__": Could not load trusted cert '%s'\n", file); + else + webkit_web_context_allow_tls_certificate_for_host(wc, cert, file); + file = g_dir_read_name(dir); + } + g_dir_close(dir); + } +} + +void usage(void) { fprintf(stderr, "Usage: "__NAME__" [OPTION]... [URI]...\n"); |