Gitweb links:
...log
http://git.netsurf-browser.org/netsurf.git/shortlog/820fb0e7ff3103cff00778364df0390f4b3de513
...commit
http://git.netsurf-browser.org/netsurf.git/commit/820fb0e7ff3103cff00778364df0390f4b3de513
...tree
http://git.netsurf-browser.org/netsurf.git/tree/820fb0e7ff3103cff00778364df0390f4b3de513
The branch, master has been updated
via 820fb0e7ff3103cff00778364df0390f4b3de513 (commit)
via 98f45250734fc7a2826753a143d7c37fc522f604 (commit)
from c6a2c76867cbb6f108eb31e8eb9df0db51114dd5 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=820fb0e7ff3103cff00778364df0390f4b3de513
commit 820fb0e7ff3103cff00778364df0390f4b3de513
Author: Vincent Sanders <[email protected]>
Commit: Vincent Sanders <[email protected]>
add English message text for ssl errors
diff --git a/content/fetchers/about.c b/content/fetchers/about.c
index 32a7dbe..df51410 100644
--- a/content/fetchers/about.c
+++ b/content/fetchers/about.c
@@ -1057,7 +1057,7 @@ static bool fetch_about_query_privacy_handler(struct
fetch_about_context *ctx)
goto fetch_about_query_ssl_handler_aborted;
}
}
- res = ssenddataf(ctx, "<div><p>%s</p></div>", messages_get(reason));
+ res = ssenddataf(ctx, "<div><p>%s</p></div>", reason);
if (res != NSERROR_OK) {
goto fetch_about_query_ssl_handler_aborted;
}
diff --git a/resources/FatMessages b/resources/FatMessages
index 2c0aa06..e219651 100644
--- a/resources/FatMessages
+++ b/resources/FatMessages
@@ -2800,6 +2800,17 @@ fr.all.Backtosafety:Retour a la sécurité
it.all.Backtosafety:Ritorno alla sicurezza
nl.all.Backtosafety:Terug naar veiligheid
+en.all.SSLCertErrOk:The certificate has no errors.
+en.all.SSLCertErrUnknown:An unknown error occoured while processing the
certificate.
+en.all.SSLCertErrBadIssuer:The issuer of this certificate is not known. This
may occour if the browser cannot access the certificate authority (CA) bundle.
+en.all.SSLCertErrBadSig:The certificate is improperly signed.
+en.all.SSLCertErrTooYoung:The certificate is not yet valid.
+en.all.SSLCertErrTooOld:The certificate has expired.
+en.all.SSLCertErrSelfSigned:The certificate is self signed.
+en.all.SSLCertErrChainSelfSigned:The certificate chain is self signed.
+en.all.SSLCertErrRevoked:The certificate has been revoked by the issuer.
+en.all.SSLCertErrCommonName:The certificate is for a different host than the
server
+
# SSL certificate viewer
# ======================
#
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=98f45250734fc7a2826753a143d7c37fc522f604
commit 98f45250734fc7a2826753a143d7c37fc522f604
Author: Vincent Sanders <[email protected]>
Commit: Vincent Sanders <[email protected]>
add common name ssl certificate error
This adds an ssl faliure code and explanation why curl fetcher
does not currently set it.
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index 345f16c..db41b32 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -1180,9 +1180,22 @@ static void fetch_curl_done(CURL *curl_handle, CURLcode
result)
*/
;
} else if (result == CURLE_SSL_PEER_CERTIFICATE ||
- result == CURLE_SSL_CACERT) {
- /* CURLE_SSL_PEER_CERTIFICATE renamed to
- * CURLE_PEER_FAILED_VERIFICATION
+ result == CURLE_SSL_CACERT) {
+ /*
+ * curl in 7.63.0 (https://github.com/curl/curl/pull/3291)
+ * unified *all* SSL errors into the single
+ * CURLE_PEER_FAILED_VERIFICATION depricating
+ * CURLE_SSL_PEER_CERTIFICATE and CURLE_SSL_CACERT
+ *
+ * This change complete removed the ability to
+ * distinguish between certificate errors, host
+ * verification errors or any other failure reason
+ * using the curl result code.
+ *
+ * The result is when certificate error message is
+ * sent there is currently no way of informing the
+ * llcache about host verification faliures as the
+ * certificate chain has no error codes set.
*/
cert = true;
} else {
diff --git a/include/netsurf/ssl_certs.h b/include/netsurf/ssl_certs.h
index a73dc60..c77c299 100644
--- a/include/netsurf/ssl_certs.h
+++ b/include/netsurf/ssl_certs.h
@@ -38,6 +38,7 @@ typedef enum {
SSL_CERT_ERR_SELF_SIGNED, /**< This certificate (or the chain) is self
signed */
SSL_CERT_ERR_CHAIN_SELF_SIGNED, /**< This certificate chain is self
signed */
SSL_CERT_ERR_REVOKED, /**< This certificate has been revoked */
+ SSL_CERT_ERR_COMMON_NAME, /**< This certificate host did not match teh
server */
} ssl_cert_err;
/**
diff --git a/utils/messages.c b/utils/messages.c
index 29443f9..c4a7959 100644
--- a/utils/messages.c
+++ b/utils/messages.c
@@ -382,6 +382,11 @@ const char *messages_get_sslcode(ssl_cert_err code)
case SSL_CERT_ERR_REVOKED:
/* This certificate has been revoked */
return messages_get_ctx("SSLCertErrRevoked", messages_hash);
+
+ case SSL_CERT_ERR_COMMON_NAME:
+ /* Common name is invalid */
+ return messages_get_ctx("SSLCertErrCommonName", messages_hash);
+
}
/* The switch has no default, so the compiler should tell us when we
-----------------------------------------------------------------------
Summary of changes:
content/fetchers/about.c | 2 +-
content/fetchers/curl.c | 19 ++++++++++++++++---
include/netsurf/ssl_certs.h | 1 +
resources/FatMessages | 11 +++++++++++
utils/messages.c | 5 +++++
5 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/content/fetchers/about.c b/content/fetchers/about.c
index 32a7dbe..df51410 100644
--- a/content/fetchers/about.c
+++ b/content/fetchers/about.c
@@ -1057,7 +1057,7 @@ static bool fetch_about_query_privacy_handler(struct
fetch_about_context *ctx)
goto fetch_about_query_ssl_handler_aborted;
}
}
- res = ssenddataf(ctx, "<div><p>%s</p></div>", messages_get(reason));
+ res = ssenddataf(ctx, "<div><p>%s</p></div>", reason);
if (res != NSERROR_OK) {
goto fetch_about_query_ssl_handler_aborted;
}
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index 345f16c..db41b32 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -1180,9 +1180,22 @@ static void fetch_curl_done(CURL *curl_handle, CURLcode
result)
*/
;
} else if (result == CURLE_SSL_PEER_CERTIFICATE ||
- result == CURLE_SSL_CACERT) {
- /* CURLE_SSL_PEER_CERTIFICATE renamed to
- * CURLE_PEER_FAILED_VERIFICATION
+ result == CURLE_SSL_CACERT) {
+ /*
+ * curl in 7.63.0 (https://github.com/curl/curl/pull/3291)
+ * unified *all* SSL errors into the single
+ * CURLE_PEER_FAILED_VERIFICATION depricating
+ * CURLE_SSL_PEER_CERTIFICATE and CURLE_SSL_CACERT
+ *
+ * This change complete removed the ability to
+ * distinguish between certificate errors, host
+ * verification errors or any other failure reason
+ * using the curl result code.
+ *
+ * The result is when certificate error message is
+ * sent there is currently no way of informing the
+ * llcache about host verification faliures as the
+ * certificate chain has no error codes set.
*/
cert = true;
} else {
diff --git a/include/netsurf/ssl_certs.h b/include/netsurf/ssl_certs.h
index a73dc60..c77c299 100644
--- a/include/netsurf/ssl_certs.h
+++ b/include/netsurf/ssl_certs.h
@@ -38,6 +38,7 @@ typedef enum {
SSL_CERT_ERR_SELF_SIGNED, /**< This certificate (or the chain) is self
signed */
SSL_CERT_ERR_CHAIN_SELF_SIGNED, /**< This certificate chain is self
signed */
SSL_CERT_ERR_REVOKED, /**< This certificate has been revoked */
+ SSL_CERT_ERR_COMMON_NAME, /**< This certificate host did not match teh
server */
} ssl_cert_err;
/**
diff --git a/resources/FatMessages b/resources/FatMessages
index 2c0aa06..e219651 100644
--- a/resources/FatMessages
+++ b/resources/FatMessages
@@ -2800,6 +2800,17 @@ fr.all.Backtosafety:Retour a la sécurité
it.all.Backtosafety:Ritorno alla sicurezza
nl.all.Backtosafety:Terug naar veiligheid
+en.all.SSLCertErrOk:The certificate has no errors.
+en.all.SSLCertErrUnknown:An unknown error occoured while processing the
certificate.
+en.all.SSLCertErrBadIssuer:The issuer of this certificate is not known. This
may occour if the browser cannot access the certificate authority (CA) bundle.
+en.all.SSLCertErrBadSig:The certificate is improperly signed.
+en.all.SSLCertErrTooYoung:The certificate is not yet valid.
+en.all.SSLCertErrTooOld:The certificate has expired.
+en.all.SSLCertErrSelfSigned:The certificate is self signed.
+en.all.SSLCertErrChainSelfSigned:The certificate chain is self signed.
+en.all.SSLCertErrRevoked:The certificate has been revoked by the issuer.
+en.all.SSLCertErrCommonName:The certificate is for a different host than the
server
+
# SSL certificate viewer
# ======================
#
diff --git a/utils/messages.c b/utils/messages.c
index 29443f9..c4a7959 100644
--- a/utils/messages.c
+++ b/utils/messages.c
@@ -382,6 +382,11 @@ const char *messages_get_sslcode(ssl_cert_err code)
case SSL_CERT_ERR_REVOKED:
/* This certificate has been revoked */
return messages_get_ctx("SSLCertErrRevoked", messages_hash);
+
+ case SSL_CERT_ERR_COMMON_NAME:
+ /* Common name is invalid */
+ return messages_get_ctx("SSLCertErrCommonName", messages_hash);
+
}
/* The switch has no default, so the compiler should tell us when we
--
NetSurf Browser
_______________________________________________
netsurf-commits mailing list
[email protected]
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/netsurf-commits-netsurf-browser.org
