Gitweb links:
...log
http://git.netsurf-browser.org/netsurf.git/shortlog/f3a0e9f0a19f6b88f13b0ad7a11392f0a9b5269e
...commit
http://git.netsurf-browser.org/netsurf.git/commit/f3a0e9f0a19f6b88f13b0ad7a11392f0a9b5269e
...tree
http://git.netsurf-browser.org/netsurf.git/tree/f3a0e9f0a19f6b88f13b0ad7a11392f0a9b5269e
The branch, master has been updated
via f3a0e9f0a19f6b88f13b0ad7a11392f0a9b5269e (commit)
via e6a5c090c9cb877e16fbd8e2034215b8fff42a16 (commit)
via af53312b838b1caca59fb0279daa606089c03b02 (commit)
via 5a5670410b2cf3c90f5ef8534c48feb0c97532bb (commit)
from 494db4cd51a5896778fcda150ed9c29b92ef504a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=f3a0e9f0a19f6b88f13b0ad7a11392f0a9b5269e
commit f3a0e9f0a19f6b88f13b0ad7a11392f0a9b5269e
Author: Daniel Silverstone <[email protected]>
Commit: Daniel Silverstone <[email protected]>
browser_window: Various little SSL fixes
Signed-off-by: Daniel Silverstone <[email protected]>
diff --git a/desktop/browser_window.c b/desktop/browser_window.c
index 59ab73d..bdf48b3 100644
--- a/desktop/browser_window.c
+++ b/desktop/browser_window.c
@@ -3590,17 +3590,28 @@ navigate_internal_query_ssl(struct browser_window *bw,
struct browser_fetch_parameters *params)
{
bool is_proceed = false, is_back = false;
+ const char *siteurl = NULL;
+ nsurl *siteurl_ns;
assert(params->post_multipart != NULL);
is_proceed = fetch_multipart_data_find(params->post_multipart,
"proceed") != NULL;
is_back = fetch_multipart_data_find(params->post_multipart, "back") !=
NULL;
+ siteurl = fetch_multipart_data_find(params->post_multipart, "siteurl");
- if (!(is_proceed || is_back)) {
+ if (!(is_proceed || is_back) || siteurl == NULL) {
/* This is a request, so pass it on */
return navigate_internal_real(bw, params);
}
+ if (nsurl_create(siteurl, &siteurl_ns) != NSERROR_OK) {
+ NSLOG(netsurf, ERROR, "Unable to reset ssl loading parameters");
+ } else {
+ /* In order that we may proceed, replace the loading parameters
*/
+ nsurl_unref(bw->loading_parameters.url);
+ bw->loading_parameters.url = siteurl_ns;
+ }
+
return browser_window__handle_ssl_query_response(is_proceed, bw);
}
@@ -4693,7 +4704,7 @@ browser_window_page_info_state
browser_window_get_page_info_state(
lwc_string_unref(scheme);
/* Did we have to override this SSL setting? */
- if (urldb_get_cert_permissions(bw->current_parameters.url)) {
+ if
(urldb_get_cert_permissions(hlcache_handle_get_url(bw->current_content))) {
return PAGE_STATE_SECURE_OVERRIDE;
}
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=e6a5c090c9cb877e16fbd8e2034215b8fff42a16
commit e6a5c090c9cb877e16fbd8e2034215b8fff42a16
Author: Daniel Silverstone <[email protected]>
Commit: Daniel Silverstone <[email protected]>
curl: Implement SSL chain cache in cURL fetcher
Because cURL can do connection caching behind the scenes, we
need to have a cache for the SSL certificate chains which we
send onward on first header back from cURL.
This uses the new hashmap implementation to mean that we cache
chains on a hostname:port basis.
Signed-off-by: Daniel Silverstone <[email protected]>
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index 83e92d8..39759cf 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -43,6 +43,7 @@
#include <nsutils/time.h>
#include "utils/corestrings.h"
+#include "utils/hashmap.h"
#include "utils/nsoption.h"
#include "utils/log.h"
#include "utils/messages.h"
@@ -121,6 +122,94 @@ static void ns_X509_free(X509 *cert)
#endif /* WITH_OPENSSL */
+/* SSL certificate chain cache */
+
+/* We're only interested in the hostname and port */
+static uint32_t
+curl_fetch_ssl_key_hash(void *key)
+{
+ nsurl *url = key;
+ lwc_string *hostname = nsurl_get_component(url, NSURL_HOST);
+ lwc_string *port = nsurl_get_component(url, NSURL_PORT);
+ uint32_t hash;
+
+ if (port == NULL)
+ port = lwc_string_ref(corestring_lwc_443);
+
+ hash = lwc_string_hash_value(hostname) ^ lwc_string_hash_value(port);
+
+ lwc_string_unref(hostname);
+ lwc_string_unref(port);
+
+ return hash;
+}
+
+/* We only compare the hostname and port */
+static bool
+curl_fetch_ssl_key_eq(void *key1, void *key2)
+{
+ nsurl *url1 = key1;
+ nsurl *url2 = key2;
+ lwc_string *hostname1 = nsurl_get_component(url1, NSURL_HOST);
+ lwc_string *hostname2 = nsurl_get_component(url2, NSURL_HOST);
+ lwc_string *port1 = nsurl_get_component(url1, NSURL_PORT);
+ lwc_string *port2 = nsurl_get_component(url2, NSURL_PORT);
+ bool iseq = false;
+
+ if (port1 == NULL)
+ port1 = lwc_string_ref(corestring_lwc_443);
+ if (port2 == NULL)
+ port2 = lwc_string_ref(corestring_lwc_443);
+
+ if (lwc_string_isequal(hostname1, hostname2, &iseq) != lwc_error_ok)
+ goto out;
+ if (!iseq)
+ goto out;
+
+ iseq = false;
+ if (lwc_string_isequal(port1, port2, &iseq) != lwc_error_ok)
+ goto out;
+
+out:
+ lwc_string_unref(hostname1);
+ lwc_string_unref(hostname2);
+ lwc_string_unref(port1);
+ lwc_string_unref(port2);
+
+ return iseq;
+}
+
+static void *
+curl_fetch_ssl_value_alloc(void *key)
+{
+ struct cert_chain *out;
+
+ if (cert_chain_alloc(0, &out) != NSERROR_OK) {
+ return NULL;
+ }
+
+ return out;
+}
+
+static void
+curl_fetch_ssl_value_destroy(void *value)
+{
+ struct cert_chain *chain = value;
+ if (cert_chain_free(chain) != NSERROR_OK) {
+ NSLOG(netsurf, WARNING, "Problem freeing SSL certificate
chain");
+ }
+}
+
+static hashmap_parameters_t curl_fetch_ssl_hashmap_parameters = {
+ .key_clone = (hashmap_key_clone_t)nsurl_ref,
+ .key_destroy = (hashmap_key_destroy_t)nsurl_unref,
+ .key_eq = curl_fetch_ssl_key_eq,
+ .key_hash = curl_fetch_ssl_key_hash,
+ .value_alloc = curl_fetch_ssl_value_alloc,
+ .value_destroy = curl_fetch_ssl_value_destroy,
+};
+
+static hashmap_t *curl_fetch_ssl_hashmap = NULL;
/** SSL certificate info */
struct cert_info {
@@ -132,6 +221,7 @@ struct cert_info {
struct curl_fetch_info {
struct fetch *fetch_handle; /**< The fetch handle we're parented by. */
CURL * curl_handle; /**< cURL handle if being fetched, or 0. */
+ bool sent_ssl_chain; /**< Have we tried to send the SSL chain */
bool had_headers; /**< Headers have been processed. */
bool abort; /**< Abort requested. */
bool stopped; /**< Download stopped on purpose. */
@@ -224,6 +314,10 @@ static void fetch_curl_finalise(lwc_string *scheme)
"curl_multi_cleanup failed: ignoring");
curl_global_cleanup();
+
+ NSLOG(netsurf, DEBUG, "Cleaning up SSL cert chain hashmap");
+ hashmap_destroy(curl_fetch_ssl_hashmap);
+ curl_fetch_ssl_hashmap = NULL;
}
/* Free anything remaining in the cached curl handle ring */
@@ -373,6 +467,7 @@ fetch_curl_setup(struct fetch *parent_fetch,
/* construct a new fetch structure */
fetch->curl_handle = NULL;
+ fetch->sent_ssl_chain = false;
fetch->had_headers = false;
fetch->abort = false;
fetch->stopped = false;
@@ -466,16 +561,31 @@ failed:
#ifdef WITH_OPENSSL
/**
+ * Retrieve the ssl cert chain for the fetch, creating a blank one if needed
+ */
+static struct cert_chain *
+fetch_curl_get_cached_chain(struct curl_fetch_info *f)
+{
+ struct cert_chain *chain;
+
+ chain = hashmap_lookup(curl_fetch_ssl_hashmap, f->url);
+ if (chain == NULL) {
+ chain = hashmap_insert(curl_fetch_ssl_hashmap, f->url);
+ }
+
+ return chain;
+}
+
+/**
* Report the certificate information in the fetch to the users
*/
static void
-fetch_curl_report_certs_upstream(struct curl_fetch_info *f)
+fetch_curl_store_certs_in_cache(struct curl_fetch_info *f)
{
size_t depth;
BIO *mem;
BUF_MEM *buf[MAX_CERT_DEPTH];
- struct cert_chain chain;
- fetch_msg msg;
+ struct cert_chain chain, *cached_chain;
struct cert_info *certs;
memset(&chain, 0, sizeof(chain));
@@ -558,10 +668,12 @@ fetch_curl_report_certs_upstream(struct curl_fetch_info
*f)
chain.certs[depth].der_length = buf[depth]->length;
}
- msg.type = FETCH_CERTS;
- msg.data.chain = &chain;
-
- fetch_send_callback(&msg, f->fetch_handle);
+ /* Now dup that chain into the cache */
+ cached_chain = fetch_curl_get_cached_chain(f);
+ if (cert_chain_dup_into(&chain, cached_chain) != NSERROR_OK) {
+ /* Something went wrong storing the chain, give up */
+ hashmap_remove(curl_fetch_ssl_hashmap, f->url);
+ }
/* release the openssl memory buffer */
for (depth = 0; depth < chain.depth; depth++) {
@@ -571,6 +683,26 @@ fetch_curl_report_certs_upstream(struct curl_fetch_info *f)
}
}
+/**
+ * Report the certificate information in the fetch to the users
+ */
+static void
+fetch_curl_report_certs_upstream(struct curl_fetch_info *f)
+{
+ fetch_msg msg;
+ struct cert_chain *chain;
+
+ chain = hashmap_lookup(curl_fetch_ssl_hashmap, f->url);
+
+ if (chain != NULL) {
+ msg.type = FETCH_CERTS;
+ msg.data.chain = chain;
+
+ fetch_send_callback(&msg, f->fetch_handle);
+ }
+
+ f->sent_ssl_chain = true;
+}
/**
* OpenSSL Certificate verification callback
@@ -673,7 +805,7 @@ static int fetch_curl_cert_verify_callback(X509_STORE_CTX
*x509_ctx, void *parm)
ok = X509_verify_cert(x509_ctx);
}
- fetch_curl_report_certs_upstream(f);
+ fetch_curl_store_certs_in_cache(f);
return ok;
}
@@ -1430,6 +1562,10 @@ fetch_curl_header(char *data, size_t size, size_t nmemb,
void *_f)
return 0;
}
+ if (f->sent_ssl_chain == false) {
+ fetch_curl_report_certs_upstream(f);
+ }
+
msg.type = FETCH_HEADER;
msg.data.header_or_data.buf = (const uint8_t *) data;
msg.data.header_or_data.len = size;
@@ -1653,6 +1789,12 @@ nserror fetch_curl_register(void)
data = curl_version_info(CURLVERSION_NOW);
+ curl_fetch_ssl_hashmap =
hashmap_create(&curl_fetch_ssl_hashmap_parameters);
+ if (curl_fetch_ssl_hashmap == NULL) {
+ NSLOG(netsurf, CRITICAL, "Unable to initialise SSL certificate
hashmap");
+ return NSERROR_NOMEM;
+ }
+
for (i = 0; data->protocols[i]; i++) {
if (strcmp(data->protocols[i], "http") == 0) {
scheme = lwc_string_ref(corestring_lwc_http);
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=af53312b838b1caca59fb0279daa606089c03b02
commit af53312b838b1caca59fb0279daa606089c03b02
Author: Daniel Silverstone <[email protected]>
Commit: Daniel Silverstone <[email protected]>
corestrings: add '443'
Signed-off-by: Daniel Silverstone <[email protected]>
diff --git a/utils/corestringlist.h b/utils/corestringlist.h
index c9d0749..02689fc 100644
--- a/utils/corestringlist.h
+++ b/utils/corestringlist.h
@@ -139,6 +139,7 @@ CORESTRING_LWC_STRING(_blank);
CORESTRING_LWC_STRING(_parent);
CORESTRING_LWC_STRING(_self);
CORESTRING_LWC_STRING(_top);
+CORESTRING_LWC_STRING(443);
/* unusual lwc strings */
CORESTRING_LWC_VALUE(shortcut_icon, "shortcut icon");
commitdiff
http://git.netsurf-browser.org/netsurf.git/commit/?id=5a5670410b2cf3c90f5ef8534c48feb0c97532bb
commit 5a5670410b2cf3c90f5ef8534c48feb0c97532bb
Author: Daniel Silverstone <[email protected]>
Commit: Daniel Silverstone <[email protected]>
ssl_certs: Add dup_into
Signed-off-by: Daniel Silverstone <[email protected]>
diff --git a/include/netsurf/ssl_certs.h b/include/netsurf/ssl_certs.h
index 1aaf485..b5e79ab 100644
--- a/include/netsurf/ssl_certs.h
+++ b/include/netsurf/ssl_certs.h
@@ -87,6 +87,18 @@ struct cert_chain {
nserror cert_chain_alloc(size_t depth, struct cert_chain **chain_out);
/**
+ * duplicate a certificate chain into an existing chain
+ *
+ * \param src The certificate chain to copy from
+ * \param dst The chain to overwrite with a copy of src
+ * \return NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion
+ *
+ * NOTE: if this returns NSERROR_NOMEM then the destination chain will have
+ * some amount of content and should be cleaned up with cert_chain_free.
+ */
+nserror cert_chain_dup_into(const struct cert_chain *src, struct cert_chain
*dst);
+
+/**
* duplicate a certificate chain
*
* \param src The certificate chain to copy from
diff --git a/utils/ssl_certs.c b/utils/ssl_certs.c
index 7154561..09500a4 100644
--- a/utils/ssl_certs.c
+++ b/utils/ssl_certs.c
@@ -54,6 +54,43 @@ cert_chain_alloc(size_t depth, struct cert_chain **chain_out)
/*
+ * duplicate certificate chain into existing chain
+ *
+ * exported interface documented in netsurf/ssl_certs.h
+ */
+nserror
+cert_chain_dup_into(const struct cert_chain *src, struct cert_chain *dst)
+{
+ size_t depth;
+ for (depth = 0; depth < dst->depth; depth++) {
+ if (dst->certs[depth].der != NULL) {
+ free(dst->certs[depth].der);
+ dst->certs[depth].der = NULL;
+ }
+ }
+
+ dst->depth = src->depth;
+
+ for (depth = 0; depth < src->depth; depth++) {
+ dst->certs[depth].err = src->certs[depth].err;
+ dst->certs[depth].der_length = src->certs[depth].der_length;
+ if (src->certs[depth].der != NULL) {
+ dst->certs[depth].der =
malloc(src->certs[depth].der_length);
+ if (dst->certs[depth].der == NULL) {
+ return NSERROR_NOMEM;
+ }
+ memcpy(dst->certs[depth].der,
+ src->certs[depth].der,
+ src->certs[depth].der_length);
+ }
+
+ }
+
+ return NSERROR_OK;
+}
+
+
+/*
* duplicate certificate chain
*
* exported interface documented in netsurf/ssl_certs.h
-----------------------------------------------------------------------
Summary of changes:
content/fetchers/curl.c | 158 ++++++++++++++++++++++++++++++++++++++++---
desktop/browser_window.c | 15 +++-
include/netsurf/ssl_certs.h | 12 ++++
utils/corestringlist.h | 1 +
utils/ssl_certs.c | 37 ++++++++++
5 files changed, 213 insertions(+), 10 deletions(-)
diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index 83e92d8..39759cf 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -43,6 +43,7 @@
#include <nsutils/time.h>
#include "utils/corestrings.h"
+#include "utils/hashmap.h"
#include "utils/nsoption.h"
#include "utils/log.h"
#include "utils/messages.h"
@@ -121,6 +122,94 @@ static void ns_X509_free(X509 *cert)
#endif /* WITH_OPENSSL */
+/* SSL certificate chain cache */
+
+/* We're only interested in the hostname and port */
+static uint32_t
+curl_fetch_ssl_key_hash(void *key)
+{
+ nsurl *url = key;
+ lwc_string *hostname = nsurl_get_component(url, NSURL_HOST);
+ lwc_string *port = nsurl_get_component(url, NSURL_PORT);
+ uint32_t hash;
+
+ if (port == NULL)
+ port = lwc_string_ref(corestring_lwc_443);
+
+ hash = lwc_string_hash_value(hostname) ^ lwc_string_hash_value(port);
+
+ lwc_string_unref(hostname);
+ lwc_string_unref(port);
+
+ return hash;
+}
+
+/* We only compare the hostname and port */
+static bool
+curl_fetch_ssl_key_eq(void *key1, void *key2)
+{
+ nsurl *url1 = key1;
+ nsurl *url2 = key2;
+ lwc_string *hostname1 = nsurl_get_component(url1, NSURL_HOST);
+ lwc_string *hostname2 = nsurl_get_component(url2, NSURL_HOST);
+ lwc_string *port1 = nsurl_get_component(url1, NSURL_PORT);
+ lwc_string *port2 = nsurl_get_component(url2, NSURL_PORT);
+ bool iseq = false;
+
+ if (port1 == NULL)
+ port1 = lwc_string_ref(corestring_lwc_443);
+ if (port2 == NULL)
+ port2 = lwc_string_ref(corestring_lwc_443);
+
+ if (lwc_string_isequal(hostname1, hostname2, &iseq) != lwc_error_ok)
+ goto out;
+ if (!iseq)
+ goto out;
+
+ iseq = false;
+ if (lwc_string_isequal(port1, port2, &iseq) != lwc_error_ok)
+ goto out;
+
+out:
+ lwc_string_unref(hostname1);
+ lwc_string_unref(hostname2);
+ lwc_string_unref(port1);
+ lwc_string_unref(port2);
+
+ return iseq;
+}
+
+static void *
+curl_fetch_ssl_value_alloc(void *key)
+{
+ struct cert_chain *out;
+
+ if (cert_chain_alloc(0, &out) != NSERROR_OK) {
+ return NULL;
+ }
+
+ return out;
+}
+
+static void
+curl_fetch_ssl_value_destroy(void *value)
+{
+ struct cert_chain *chain = value;
+ if (cert_chain_free(chain) != NSERROR_OK) {
+ NSLOG(netsurf, WARNING, "Problem freeing SSL certificate
chain");
+ }
+}
+
+static hashmap_parameters_t curl_fetch_ssl_hashmap_parameters = {
+ .key_clone = (hashmap_key_clone_t)nsurl_ref,
+ .key_destroy = (hashmap_key_destroy_t)nsurl_unref,
+ .key_eq = curl_fetch_ssl_key_eq,
+ .key_hash = curl_fetch_ssl_key_hash,
+ .value_alloc = curl_fetch_ssl_value_alloc,
+ .value_destroy = curl_fetch_ssl_value_destroy,
+};
+
+static hashmap_t *curl_fetch_ssl_hashmap = NULL;
/** SSL certificate info */
struct cert_info {
@@ -132,6 +221,7 @@ struct cert_info {
struct curl_fetch_info {
struct fetch *fetch_handle; /**< The fetch handle we're parented by. */
CURL * curl_handle; /**< cURL handle if being fetched, or 0. */
+ bool sent_ssl_chain; /**< Have we tried to send the SSL chain */
bool had_headers; /**< Headers have been processed. */
bool abort; /**< Abort requested. */
bool stopped; /**< Download stopped on purpose. */
@@ -224,6 +314,10 @@ static void fetch_curl_finalise(lwc_string *scheme)
"curl_multi_cleanup failed: ignoring");
curl_global_cleanup();
+
+ NSLOG(netsurf, DEBUG, "Cleaning up SSL cert chain hashmap");
+ hashmap_destroy(curl_fetch_ssl_hashmap);
+ curl_fetch_ssl_hashmap = NULL;
}
/* Free anything remaining in the cached curl handle ring */
@@ -373,6 +467,7 @@ fetch_curl_setup(struct fetch *parent_fetch,
/* construct a new fetch structure */
fetch->curl_handle = NULL;
+ fetch->sent_ssl_chain = false;
fetch->had_headers = false;
fetch->abort = false;
fetch->stopped = false;
@@ -466,16 +561,31 @@ failed:
#ifdef WITH_OPENSSL
/**
+ * Retrieve the ssl cert chain for the fetch, creating a blank one if needed
+ */
+static struct cert_chain *
+fetch_curl_get_cached_chain(struct curl_fetch_info *f)
+{
+ struct cert_chain *chain;
+
+ chain = hashmap_lookup(curl_fetch_ssl_hashmap, f->url);
+ if (chain == NULL) {
+ chain = hashmap_insert(curl_fetch_ssl_hashmap, f->url);
+ }
+
+ return chain;
+}
+
+/**
* Report the certificate information in the fetch to the users
*/
static void
-fetch_curl_report_certs_upstream(struct curl_fetch_info *f)
+fetch_curl_store_certs_in_cache(struct curl_fetch_info *f)
{
size_t depth;
BIO *mem;
BUF_MEM *buf[MAX_CERT_DEPTH];
- struct cert_chain chain;
- fetch_msg msg;
+ struct cert_chain chain, *cached_chain;
struct cert_info *certs;
memset(&chain, 0, sizeof(chain));
@@ -558,10 +668,12 @@ fetch_curl_report_certs_upstream(struct curl_fetch_info
*f)
chain.certs[depth].der_length = buf[depth]->length;
}
- msg.type = FETCH_CERTS;
- msg.data.chain = &chain;
-
- fetch_send_callback(&msg, f->fetch_handle);
+ /* Now dup that chain into the cache */
+ cached_chain = fetch_curl_get_cached_chain(f);
+ if (cert_chain_dup_into(&chain, cached_chain) != NSERROR_OK) {
+ /* Something went wrong storing the chain, give up */
+ hashmap_remove(curl_fetch_ssl_hashmap, f->url);
+ }
/* release the openssl memory buffer */
for (depth = 0; depth < chain.depth; depth++) {
@@ -571,6 +683,26 @@ fetch_curl_report_certs_upstream(struct curl_fetch_info *f)
}
}
+/**
+ * Report the certificate information in the fetch to the users
+ */
+static void
+fetch_curl_report_certs_upstream(struct curl_fetch_info *f)
+{
+ fetch_msg msg;
+ struct cert_chain *chain;
+
+ chain = hashmap_lookup(curl_fetch_ssl_hashmap, f->url);
+
+ if (chain != NULL) {
+ msg.type = FETCH_CERTS;
+ msg.data.chain = chain;
+
+ fetch_send_callback(&msg, f->fetch_handle);
+ }
+
+ f->sent_ssl_chain = true;
+}
/**
* OpenSSL Certificate verification callback
@@ -673,7 +805,7 @@ static int fetch_curl_cert_verify_callback(X509_STORE_CTX
*x509_ctx, void *parm)
ok = X509_verify_cert(x509_ctx);
}
- fetch_curl_report_certs_upstream(f);
+ fetch_curl_store_certs_in_cache(f);
return ok;
}
@@ -1430,6 +1562,10 @@ fetch_curl_header(char *data, size_t size, size_t nmemb,
void *_f)
return 0;
}
+ if (f->sent_ssl_chain == false) {
+ fetch_curl_report_certs_upstream(f);
+ }
+
msg.type = FETCH_HEADER;
msg.data.header_or_data.buf = (const uint8_t *) data;
msg.data.header_or_data.len = size;
@@ -1653,6 +1789,12 @@ nserror fetch_curl_register(void)
data = curl_version_info(CURLVERSION_NOW);
+ curl_fetch_ssl_hashmap =
hashmap_create(&curl_fetch_ssl_hashmap_parameters);
+ if (curl_fetch_ssl_hashmap == NULL) {
+ NSLOG(netsurf, CRITICAL, "Unable to initialise SSL certificate
hashmap");
+ return NSERROR_NOMEM;
+ }
+
for (i = 0; data->protocols[i]; i++) {
if (strcmp(data->protocols[i], "http") == 0) {
scheme = lwc_string_ref(corestring_lwc_http);
diff --git a/desktop/browser_window.c b/desktop/browser_window.c
index 59ab73d..bdf48b3 100644
--- a/desktop/browser_window.c
+++ b/desktop/browser_window.c
@@ -3590,17 +3590,28 @@ navigate_internal_query_ssl(struct browser_window *bw,
struct browser_fetch_parameters *params)
{
bool is_proceed = false, is_back = false;
+ const char *siteurl = NULL;
+ nsurl *siteurl_ns;
assert(params->post_multipart != NULL);
is_proceed = fetch_multipart_data_find(params->post_multipart,
"proceed") != NULL;
is_back = fetch_multipart_data_find(params->post_multipart, "back") !=
NULL;
+ siteurl = fetch_multipart_data_find(params->post_multipart, "siteurl");
- if (!(is_proceed || is_back)) {
+ if (!(is_proceed || is_back) || siteurl == NULL) {
/* This is a request, so pass it on */
return navigate_internal_real(bw, params);
}
+ if (nsurl_create(siteurl, &siteurl_ns) != NSERROR_OK) {
+ NSLOG(netsurf, ERROR, "Unable to reset ssl loading parameters");
+ } else {
+ /* In order that we may proceed, replace the loading parameters
*/
+ nsurl_unref(bw->loading_parameters.url);
+ bw->loading_parameters.url = siteurl_ns;
+ }
+
return browser_window__handle_ssl_query_response(is_proceed, bw);
}
@@ -4693,7 +4704,7 @@ browser_window_page_info_state
browser_window_get_page_info_state(
lwc_string_unref(scheme);
/* Did we have to override this SSL setting? */
- if (urldb_get_cert_permissions(bw->current_parameters.url)) {
+ if
(urldb_get_cert_permissions(hlcache_handle_get_url(bw->current_content))) {
return PAGE_STATE_SECURE_OVERRIDE;
}
diff --git a/include/netsurf/ssl_certs.h b/include/netsurf/ssl_certs.h
index 1aaf485..b5e79ab 100644
--- a/include/netsurf/ssl_certs.h
+++ b/include/netsurf/ssl_certs.h
@@ -87,6 +87,18 @@ struct cert_chain {
nserror cert_chain_alloc(size_t depth, struct cert_chain **chain_out);
/**
+ * duplicate a certificate chain into an existing chain
+ *
+ * \param src The certificate chain to copy from
+ * \param dst The chain to overwrite with a copy of src
+ * \return NSERROR_OK on success or NSERROR_NOMEM on memory exhaustion
+ *
+ * NOTE: if this returns NSERROR_NOMEM then the destination chain will have
+ * some amount of content and should be cleaned up with cert_chain_free.
+ */
+nserror cert_chain_dup_into(const struct cert_chain *src, struct cert_chain
*dst);
+
+/**
* duplicate a certificate chain
*
* \param src The certificate chain to copy from
diff --git a/utils/corestringlist.h b/utils/corestringlist.h
index c9d0749..02689fc 100644
--- a/utils/corestringlist.h
+++ b/utils/corestringlist.h
@@ -139,6 +139,7 @@ CORESTRING_LWC_STRING(_blank);
CORESTRING_LWC_STRING(_parent);
CORESTRING_LWC_STRING(_self);
CORESTRING_LWC_STRING(_top);
+CORESTRING_LWC_STRING(443);
/* unusual lwc strings */
CORESTRING_LWC_VALUE(shortcut_icon, "shortcut icon");
diff --git a/utils/ssl_certs.c b/utils/ssl_certs.c
index 7154561..09500a4 100644
--- a/utils/ssl_certs.c
+++ b/utils/ssl_certs.c
@@ -54,6 +54,43 @@ cert_chain_alloc(size_t depth, struct cert_chain **chain_out)
/*
+ * duplicate certificate chain into existing chain
+ *
+ * exported interface documented in netsurf/ssl_certs.h
+ */
+nserror
+cert_chain_dup_into(const struct cert_chain *src, struct cert_chain *dst)
+{
+ size_t depth;
+ for (depth = 0; depth < dst->depth; depth++) {
+ if (dst->certs[depth].der != NULL) {
+ free(dst->certs[depth].der);
+ dst->certs[depth].der = NULL;
+ }
+ }
+
+ dst->depth = src->depth;
+
+ for (depth = 0; depth < src->depth; depth++) {
+ dst->certs[depth].err = src->certs[depth].err;
+ dst->certs[depth].der_length = src->certs[depth].der_length;
+ if (src->certs[depth].der != NULL) {
+ dst->certs[depth].der =
malloc(src->certs[depth].der_length);
+ if (dst->certs[depth].der == NULL) {
+ return NSERROR_NOMEM;
+ }
+ memcpy(dst->certs[depth].der,
+ src->certs[depth].der,
+ src->certs[depth].der_length);
+ }
+
+ }
+
+ return NSERROR_OK;
+}
+
+
+/*
* duplicate certificate chain
*
* exported interface documented in netsurf/ssl_certs.h
--
NetSurf Browser
_______________________________________________
netsurf-commits mailing list
[email protected]
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/netsurf-commits-netsurf-browser.org
