TLS error in-page and Trust/ Revoke in details dialog
This commit is contained in:
parent
301bb89dd3
commit
c096b46ff3
2 changed files with 81 additions and 24 deletions
|
@ -1143,7 +1143,7 @@ midori_map_add_message (SoupMessage* message)
|
|||
g_hash_table_insert (message_map, g_strdup (uri->host), g_object_ref (message));
|
||||
}
|
||||
|
||||
static SoupMessage*
|
||||
SoupMessage*
|
||||
midori_map_get_message (SoupMessage* message)
|
||||
{
|
||||
SoupURI* uri = soup_message_get_uri (message);
|
||||
|
@ -1154,9 +1154,60 @@ midori_map_get_message (SoupMessage* message)
|
|||
return full;
|
||||
}
|
||||
|
||||
#if HAVE_GCR
|
||||
typedef enum {
|
||||
MIDORI_CERT_TRUST,
|
||||
MIDORI_CERT_REVOKE,
|
||||
} MidoriCertTrust;
|
||||
|
||||
static void
|
||||
midori_location_action_cert_response_cb (GtkWidget* dialog,
|
||||
gint response,
|
||||
GcrCertificate* gcr_cert)
|
||||
{
|
||||
gchar* peer = g_object_get_data (G_OBJECT (gcr_cert), "peer");
|
||||
GError* error = NULL;
|
||||
if (response == MIDORI_CERT_TRUST)
|
||||
gcr_trust_add_pinned_certificate (gcr_cert, GCR_PURPOSE_SERVER_AUTH, peer, NULL, &error);
|
||||
else if (response == MIDORI_CERT_REVOKE)
|
||||
gcr_trust_remove_pinned_certificate (gcr_cert, GCR_PURPOSE_SERVER_AUTH, peer, NULL, &error);
|
||||
if (error != NULL)
|
||||
{
|
||||
g_warning ("Error %s trust: %s", response == MIDORI_CERT_TRUST ?
|
||||
"granting" : "revoking", error->message);
|
||||
g_error_free (error);
|
||||
}
|
||||
gtk_widget_destroy (dialog);
|
||||
}
|
||||
#endif
|
||||
|
||||
const gchar*
|
||||
midori_location_action_tls_flags_to_string (GTlsCertificateFlags tls_flags)
|
||||
{
|
||||
const gchar* tls_error;
|
||||
if (tls_flags & G_TLS_CERTIFICATE_UNKNOWN_CA)
|
||||
tls_error = _("The signing certificate authority is not known.");
|
||||
else if (tls_flags & G_TLS_CERTIFICATE_BAD_IDENTITY)
|
||||
tls_error = _("The certificate does not match the expected identity of the site that it was retrieved from.");
|
||||
else if(tls_flags & G_TLS_CERTIFICATE_NOT_ACTIVATED)
|
||||
tls_error = _("The certificate's activation time is still in the future.");
|
||||
else if (tls_flags & G_TLS_CERTIFICATE_EXPIRED)
|
||||
tls_error = _("The certificate has expired");
|
||||
else if (tls_flags & G_TLS_CERTIFICATE_REVOKED)
|
||||
tls_error = _("The certificate has been revoked according to the GTlsConnection's certificate revocation list.");
|
||||
else if (tls_flags & G_TLS_CERTIFICATE_INSECURE)
|
||||
tls_error = _("The certificate's algorithm is considered insecure.");
|
||||
else if (tls_flags & G_TLS_CERTIFICATE_GENERIC_ERROR)
|
||||
tls_error = _("Some other error occurred validating the certificate.");
|
||||
else
|
||||
tls_error = "Unknown GTLSCertificateFlags value";
|
||||
return tls_error;
|
||||
}
|
||||
|
||||
void
|
||||
midori_location_action_show_page_info (GtkWidget* widget,
|
||||
GtkBox* box)
|
||||
GtkBox* box,
|
||||
GtkWidget* dialog)
|
||||
{
|
||||
MidoriBrowser* browser = midori_browser_get_for_widget (widget);
|
||||
MidoriView* view = MIDORI_VIEW (midori_browser_get_current_tab (browser));
|
||||
|
@ -1178,38 +1229,31 @@ midori_location_action_show_page_info (GtkWidget* widget,
|
|||
GByteArray* der_cert;
|
||||
GcrCertificate* gcr_cert;
|
||||
GtkWidget* details;
|
||||
SoupURI* uri = soup_message_get_uri (message);
|
||||
|
||||
g_object_get (tls_cert, "certificate", &der_cert, NULL);
|
||||
gcr_cert = gcr_simple_certificate_new (
|
||||
der_cert->data, der_cert->len);
|
||||
g_byte_array_unref (der_cert);
|
||||
g_object_unref (tls_cert);
|
||||
details = (GtkWidget*)gcr_certificate_details_widget_new (gcr_cert);
|
||||
gtk_widget_show (details);
|
||||
gtk_container_add (GTK_CONTAINER (box), details);
|
||||
if (gcr_trust_is_certificate_pinned (gcr_cert, GCR_PURPOSE_SERVER_AUTH, uri->host, NULL, NULL))
|
||||
gtk_dialog_add_buttons (GTK_DIALOG (dialog),
|
||||
("_Don't trust this website"), MIDORI_CERT_REVOKE, NULL);
|
||||
else if (tls_flags > 0)
|
||||
gtk_dialog_add_buttons (GTK_DIALOG (dialog),
|
||||
("_Trust this website"), MIDORI_CERT_TRUST, NULL);
|
||||
g_object_set_data_full (G_OBJECT (gcr_cert), "peer", g_strdup (uri->host), (GDestroyNotify)g_free);
|
||||
g_object_set_data_full (G_OBJECT (dialog), "gcr-cert", gcr_cert, (GDestroyNotify)g_object_unref);
|
||||
g_signal_connect (dialog, "response",
|
||||
G_CALLBACK (midori_location_action_cert_response_cb), gcr_cert);
|
||||
#else
|
||||
const gchar* tls_error;
|
||||
const gchar* tls_error = midori_location_action_tls_flags_to_string (tls_clags);
|
||||
|
||||
if (!g_tls_certificate_get_issuer (tls_cert))
|
||||
gtk_box_pack_start (box, gtk_label_new (_("Self-signed")), FALSE, FALSE, 0);
|
||||
|
||||
if (tls_flags & G_TLS_CERTIFICATE_UNKNOWN_CA)
|
||||
tls_error = _("The signing certificate authority is not known.");
|
||||
else if (tls_flags & G_TLS_CERTIFICATE_BAD_IDENTITY)
|
||||
tls_error = _("The certificate does not match the expected identity of the site that it was retrieved from.");
|
||||
else if(tls_flags & G_TLS_CERTIFICATE_NOT_ACTIVATED)
|
||||
tls_error = _("The certificate's activation time is still in the future.");
|
||||
else if (tls_flags & G_TLS_CERTIFICATE_EXPIRED)
|
||||
tls_error = _("The certificate has expired");
|
||||
else if (tls_flags & G_TLS_CERTIFICATE_REVOKED)
|
||||
tls_error = _("The certificate has been revoked according to the GTlsConnection's certificate revocation list.");
|
||||
else if (tls_flags & G_TLS_CERTIFICATE_INSECURE)
|
||||
tls_error = _("The certificate's algorithm is considered insecure.");
|
||||
else if (tls_flags & G_TLS_CERTIFICATE_GENERIC_ERROR)
|
||||
tls_error = _("Some other error occurred validating the certificate.");
|
||||
else
|
||||
tls_error = "Unknown GTLSCertificateFlags value";
|
||||
|
||||
gtk_box_pack_start (box, gtk_label_new (tls_error), FALSE, FALSE, 0);
|
||||
#endif
|
||||
|
||||
|
@ -1262,7 +1306,7 @@ midori_location_action_icon_released_cb (GtkWidget* widget,
|
|||
gtk_label_new (gtk_icon_entry_get_tooltip (GTK_ICON_ENTRY (widget), icon_pos)), FALSE, FALSE, 0);
|
||||
gtk_box_pack_start (GTK_BOX (content_area), hbox, FALSE, FALSE, 0);
|
||||
#if defined (HAVE_LIBSOUP_2_34_0)
|
||||
midori_location_action_show_page_info (widget, GTK_BOX (content_area));
|
||||
midori_location_action_show_page_info (widget, GTK_BOX (content_area), dialog);
|
||||
#endif
|
||||
gtk_widget_show_all (dialog);
|
||||
}
|
||||
|
|
|
@ -998,6 +998,14 @@ midori_view_display_error (MidoriView* view,
|
|||
const gchar* try_again,
|
||||
WebKitWebFrame* web_frame);
|
||||
|
||||
#if HAVE_GCR
|
||||
const gchar*
|
||||
midori_location_action_tls_flags_to_string (GTlsCertificateFlags flags);
|
||||
|
||||
SoupMessage*
|
||||
midori_map_get_message (SoupMessage* message);
|
||||
#endif
|
||||
|
||||
static void
|
||||
webkit_web_view_load_committed_cb (WebKitWebView* web_view,
|
||||
WebKitWebFrame* web_frame,
|
||||
|
@ -1050,17 +1058,22 @@ webkit_web_view_load_committed_cb (WebKitWebView* web_view,
|
|||
if (message
|
||||
&& soup_message_get_flags (message) & SOUP_MESSAGE_CERTIFICATE_TRUSTED)
|
||||
view->security = MIDORI_SECURITY_TRUSTED;
|
||||
else if (!view->special)
|
||||
#if HAVE_GCR
|
||||
else if (!view->special && message != NULL)
|
||||
{
|
||||
GTlsCertificateFlags tls_flags;
|
||||
message = midori_map_get_message (message);
|
||||
g_object_get (message, "tls-errors", &tls_flags, NULL);
|
||||
view->security = MIDORI_SECURITY_UNKNOWN;
|
||||
midori_view_stop_loading (view);
|
||||
midori_view_display_error (
|
||||
view, view->uri, view->title ? view->title : view->uri,
|
||||
_("Security unknown"),
|
||||
_("The certificate is invalid or unknown"),
|
||||
midori_location_action_tls_flags_to_string (tls_flags),
|
||||
_("Load Page"),
|
||||
NULL);
|
||||
}
|
||||
#endif
|
||||
else
|
||||
#endif
|
||||
view->security = MIDORI_SECURITY_UNKNOWN;
|
||||
|
|
Loading…
Reference in a new issue