From 9eda6f5dd556552c29dd43095dd5a9bf026a8a5f Mon Sep 17 00:00:00 2001 From: Quentin Rameau Date: Sat, 29 Apr 2017 14:56:02 +0200 Subject: Add a keybinding to show current TLS certificate --- surf.c | 41 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 3 deletions(-) (limited to 'surf.c') diff --git a/surf.c b/surf.c index 40f514f..ba95063 100644 --- a/surf.c +++ b/surf.c @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -106,9 +107,10 @@ typedef struct Client { WebKitWebInspector *inspector; WebKitFindController *finder; WebKitHitTestResult *mousepos; + GTlsCertificate *cert, *failedcert; GTlsCertificateFlags tlserr; Window xid; - int progress, fullscreen, https, insecure; + int progress, fullscreen, https, insecure, errorpage; const char *title, *overtitle, *targeturi; const char *needle; struct Client *next; @@ -216,6 +218,7 @@ static void destroywin(GtkWidget* w, Client *c); static void pasteuri(GtkClipboard *clipboard, const char *text, gpointer d); static void reload(Client *c, const Arg *a); static void print(Client *c, const Arg *a); +static void showcert(Client *c, const Arg *a); static void clipboard(Client *c, const Arg *a); static void zoom(Client *c, const Arg *a); static void scroll(Client *c, const Arg *a); @@ -1294,7 +1297,9 @@ loadfailedtls(WebKitWebView *v, gchar *uri, GTlsCertificate *cert, GString *errmsg = g_string_new(NULL); gchar *html, *pem; + c->failedcert = g_object_ref(cert); c->tlserr = err; + c->errorpage = 1; if (err & G_TLS_CERTIFICATE_UNKNOWN_CA) g_string_append(errmsg, @@ -1322,7 +1327,9 @@ loadfailedtls(WebKitWebView *v, gchar *uri, GTlsCertificate *cert, g_object_get(cert, "certificate-pem", &pem, NULL); html = g_strdup_printf("

Could not validate TLS for ā€œ%sā€
%s

" - "

%s

", uri, errmsg->str, pem); + "

You can inspect the following certificate " + "with Ctrl+Shift+x (default keybinding).

" + "

%s

", uri, errmsg->str, pem); g_free(pem); g_string_free(errmsg, TRUE); @@ -1344,6 +1351,10 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) c->title = title; c->https = c->insecure = 0; seturiparameters(c, geturi(c)); + if (c->errorpage) + c->errorpage = 0; + else + g_clear_object(&c->failedcert); break; case WEBKIT_LOAD_REDIRECTED: setatom(c, AtomUri, title); @@ -1351,7 +1362,7 @@ loadchanged(WebKitWebView *v, WebKitLoadEvent e, Client *c) seturiparameters(c, geturi(c)); break; case WEBKIT_LOAD_COMMITTED: - c->https = webkit_web_view_get_tls_info(c->view, NULL, + c->https = webkit_web_view_get_tls_info(c->view, &c->cert, &c->tlserr); break; case WEBKIT_LOAD_FINISHED: @@ -1604,6 +1615,30 @@ print(Client *c, const Arg *a) GTK_WINDOW(c->win)); } +void +showcert(Client *c, const Arg *a) +{ + GTlsCertificate *cert = c->failedcert ? c->failedcert : c->cert; + GcrCertificate *gcrt; + GByteArray *crt; + GtkWidget *win; + GcrCertificateWidget *wcert; + + if (!cert) + return; + + g_object_get(cert, "certificate", &crt, NULL); + gcrt = gcr_simple_certificate_new(crt->data, crt->len); + g_byte_array_unref(crt); + + win = gtk_window_new(GTK_WINDOW_TOPLEVEL); + wcert = gcr_certificate_widget_new(gcrt); + g_object_unref(gcrt); + + gtk_container_add(GTK_CONTAINER(win), GTK_WIDGET(wcert)); + gtk_widget_show_all(win); +} + void clipboard(Client *c, const Arg *a) { -- cgit v1.2.3