netsurf: branch master updated. release/3.9-377-g3a8317f

Tue, 03 Dec 2019 01:46:22 -0800 

Gitweb links:

...log 
http://git.netsurf-browser.org/netsurf.git/shortlog/3a8317fddb979f95ff7ae3a6c2f44f95fe1723c1
...commit 
http://git.netsurf-browser.org/netsurf.git/commit/3a8317fddb979f95ff7ae3a6c2f44f95fe1723c1
...tree 
http://git.netsurf-browser.org/netsurf.git/tree/3a8317fddb979f95ff7ae3a6c2f44f95fe1723c1

The branch, master has been updated
       via  3a8317fddb979f95ff7ae3a6c2f44f95fe1723c1 (commit)
       via  6f105c41c202c570a37cc0cca2ab15172b2dbbaf (commit)
       via  24dd16ddff6a284a98c1abb30dacbf23d8895f4f (commit)
      from  f1e6690b25eacac268686b5ebf02a5f31ca918af (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commitdiff 
http://git.netsurf-browser.org/netsurf.git/commit/?id=3a8317fddb979f95ff7ae3a6c2f44f95fe1723c1
commit 3a8317fddb979f95ff7ae3a6c2f44f95fe1723c1
Author: Daniel Silverstone <dsilv...@digital-scurf.org>
Commit: Daniel Silverstone <dsilv...@digital-scurf.org>

    fetch_curl_report_certs_upstream: Use new SSL_CERT_ERR_CERT_MISSING
    
    Signed-off-by: Daniel Silverstone <dsilv...@digital-scurf.org>

diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index cb09ece..0be33ae 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -482,7 +482,11 @@ fetch_curl_report_certs_upstream(struct curl_fetch_info *f)
        memset(ssl_certs, 0, sizeof(ssl_certs));
 
        for (depth = 0; depth <= f->cert_depth; depth++) {
-               assert(certs[depth].cert != NULL);
+               if (certs[depth].cert == NULL) {
+                       /* This certificate is missing, skip it */
+                       ssl_certs[depth].err = SSL_CERT_ERR_CERT_MISSING;
+                       continue;
+               }
 
                /* get certificate version */
                ssl_certs[depth].version = X509_get_version(certs[depth].cert);


commitdiff 
http://git.netsurf-browser.org/netsurf.git/commit/?id=6f105c41c202c570a37cc0cca2ab15172b2dbbaf
commit 6f105c41c202c570a37cc0cca2ab15172b2dbbaf
Author: Daniel Silverstone <dsilv...@digital-scurf.org>
Commit: Daniel Silverstone <dsilv...@digital-scurf.org>

    Add certificate-missing error code
    
    Signed-off-by: Daniel Silverstone <dsilv...@digital-scurf.org>

diff --git a/include/netsurf/ssl_certs.h b/include/netsurf/ssl_certs.h
index dcd644e..0444678 100644
--- a/include/netsurf/ssl_certs.h
+++ b/include/netsurf/ssl_certs.h
@@ -42,6 +42,7 @@ typedef enum {
        SSL_CERT_ERR_CHAIN_SELF_SIGNED, /**< This certificate chain is self 
signed */
        SSL_CERT_ERR_REVOKED,   /**< This certificate has been revoked */
        SSL_CERT_ERR_HOSTNAME_MISMATCH, /**< This certificate host did not 
match the server */
+       SSL_CERT_ERR_CERT_MISSING, /**< This certificate was missing from the 
chain, its data is useless */
 } ssl_cert_err;
 
 /** Always the max known ssl certificate error type */
diff --git a/resources/FatMessages b/resources/FatMessages
index f1cb870..c5cfd3e 100644
--- a/resources/FatMessages
+++ b/resources/FatMessages
@@ -1085,6 +1085,7 @@ en.all.SSLCertErrSelfSigned:The certificate is self 
signed.
 en.all.SSLCertErrChainSelfSigned:The certificate chain is self signed.
 en.all.SSLCertErrRevoked:The certificate has been revoked by the issuer.
 en.all.SSLCertErrHostnameMismatch:The certificate is for a different host than 
the server
+en.all.SSLCertErrCertMissing:The certificate was missing from the chain.
 
 
 # Timeout error interface
diff --git a/utils/messages.c b/utils/messages.c
index 5525e18..418276e 100644
--- a/utils/messages.c
+++ b/utils/messages.c
@@ -445,6 +445,10 @@ const char *messages_get_sslcode(ssl_cert_err code)
                /* Common name is invalid */
                return messages_get_ctx("SSLCertErrHostnameMismatch", 
messages_hash);
 
+       case SSL_CERT_ERR_CERT_MISSING:
+               /* Common name is invalid */
+               return messages_get_ctx("SSLCertErrCertMissing", messages_hash);
+
        }
 
        /* The switch has no default, so the compiler should tell us when we


commitdiff 
http://git.netsurf-browser.org/netsurf.git/commit/?id=24dd16ddff6a284a98c1abb30dacbf23d8895f4f
commit 24dd16ddff6a284a98c1abb30dacbf23d8895f4f
Author: Daniel Silverstone <dsilv...@digital-scurf.org>
Commit: Daniel Silverstone <dsilv...@digital-scurf.org>

    fetch_curl_verify_callback: Do depth update after check
    
    Signed-off-by: Daniel Silverstone <dsilv...@digital-scurf.org>

diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index a1d7ee1..cb09ece 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -662,11 +662,6 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX 
*x509_ctx)
        depth = X509_STORE_CTX_get_error_depth(x509_ctx);
        fetch = X509_STORE_CTX_get_app_data(x509_ctx);
 
-       /* record the max depth */
-       if (depth > fetch->cert_depth) {
-               fetch->cert_depth = depth;
-       }
-
        /* certificate chain is excessively deep so fail verification */
        if (depth >= MAX_SSL_CERTS) {
                X509_STORE_CTX_set_error(x509_ctx,
@@ -674,6 +669,11 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX 
*x509_ctx)
                return 0;
        }
 
+       /* record the max depth */
+       if (depth > fetch->cert_depth) {
+               fetch->cert_depth = depth;
+       }
+
        /* save the certificate by incrementing the reference count and
         * keeping a pointer.
         */


-----------------------------------------------------------------------

Summary of changes:
 content/fetchers/curl.c     |   16 ++++++++++------
 include/netsurf/ssl_certs.h |    1 +
 resources/FatMessages       |    1 +
 utils/messages.c            |    4 ++++
 4 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/content/fetchers/curl.c b/content/fetchers/curl.c
index a1d7ee1..0be33ae 100644
--- a/content/fetchers/curl.c
+++ b/content/fetchers/curl.c
@@ -482,7 +482,11 @@ fetch_curl_report_certs_upstream(struct curl_fetch_info *f)
        memset(ssl_certs, 0, sizeof(ssl_certs));
 
        for (depth = 0; depth <= f->cert_depth; depth++) {
-               assert(certs[depth].cert != NULL);
+               if (certs[depth].cert == NULL) {
+                       /* This certificate is missing, skip it */
+                       ssl_certs[depth].err = SSL_CERT_ERR_CERT_MISSING;
+                       continue;
+               }
 
                /* get certificate version */
                ssl_certs[depth].version = X509_get_version(certs[depth].cert);
@@ -662,11 +666,6 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX 
*x509_ctx)
        depth = X509_STORE_CTX_get_error_depth(x509_ctx);
        fetch = X509_STORE_CTX_get_app_data(x509_ctx);
 
-       /* record the max depth */
-       if (depth > fetch->cert_depth) {
-               fetch->cert_depth = depth;
-       }
-
        /* certificate chain is excessively deep so fail verification */
        if (depth >= MAX_SSL_CERTS) {
                X509_STORE_CTX_set_error(x509_ctx,
@@ -674,6 +673,11 @@ fetch_curl_verify_callback(int verify_ok, X509_STORE_CTX 
*x509_ctx)
                return 0;
        }
 
+       /* record the max depth */
+       if (depth > fetch->cert_depth) {
+               fetch->cert_depth = depth;
+       }
+
        /* save the certificate by incrementing the reference count and
         * keeping a pointer.
         */
diff --git a/include/netsurf/ssl_certs.h b/include/netsurf/ssl_certs.h
index dcd644e..0444678 100644
--- a/include/netsurf/ssl_certs.h
+++ b/include/netsurf/ssl_certs.h
@@ -42,6 +42,7 @@ typedef enum {
        SSL_CERT_ERR_CHAIN_SELF_SIGNED, /**< This certificate chain is self 
signed */
        SSL_CERT_ERR_REVOKED,   /**< This certificate has been revoked */
        SSL_CERT_ERR_HOSTNAME_MISMATCH, /**< This certificate host did not 
match the server */
+       SSL_CERT_ERR_CERT_MISSING, /**< This certificate was missing from the 
chain, its data is useless */
 } ssl_cert_err;
 
 /** Always the max known ssl certificate error type */
diff --git a/resources/FatMessages b/resources/FatMessages
index f1cb870..c5cfd3e 100644
--- a/resources/FatMessages
+++ b/resources/FatMessages
@@ -1085,6 +1085,7 @@ en.all.SSLCertErrSelfSigned:The certificate is self 
signed.
 en.all.SSLCertErrChainSelfSigned:The certificate chain is self signed.
 en.all.SSLCertErrRevoked:The certificate has been revoked by the issuer.
 en.all.SSLCertErrHostnameMismatch:The certificate is for a different host than 
the server
+en.all.SSLCertErrCertMissing:The certificate was missing from the chain.
 
 
 # Timeout error interface
diff --git a/utils/messages.c b/utils/messages.c
index 5525e18..418276e 100644
--- a/utils/messages.c
+++ b/utils/messages.c
@@ -445,6 +445,10 @@ const char *messages_get_sslcode(ssl_cert_err code)
                /* Common name is invalid */
                return messages_get_ctx("SSLCertErrHostnameMismatch", 
messages_hash);
 
+       case SSL_CERT_ERR_CERT_MISSING:
+               /* Common name is invalid */
+               return messages_get_ctx("SSLCertErrCertMissing", messages_hash);
+
        }
 
        /* The switch has no default, so the compiler should tell us when we


-- 
NetSurf Browser

_______________________________________________
netsurf-commits mailing list
netsurf-commits@netsurf-browser.org
http://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/netsurf-commits-netsurf-browser.org

Reply via email to