aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJorge Arellano Cid <jcid@dillo.org>2011-07-29 15:59:11 -0400
committerJorge Arellano Cid <jcid@dillo.org>2011-07-29 15:59:11 -0400
commitf35df545841fc10b0a61b33901002e401b3dd487 (patch)
tree8b8c76e28e1971489f6cebcf4c94fae28bb7c74b
parentccd39b8804cba58206d254944c8e7c3bb8e02cdf (diff)
Workaround: request to only check the root URL's certificate (https).
This avoids the dialog bombing that stems from loading multiple https images/resources in a single page. A proper fix would take either to implement the https-dpi as a server (with state), or to move back https handling into dillo.
Diffstat
-rw-r--r--ChangeLog1
-rw-r--r--dpi/https.c11
-rw-r--r--src/capi.c17
3 files changed, 22 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index e787ba61..768ddead 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,7 @@ dillo-3.0 [August ??, 2011]
- Remove 'fullscreen' key action.
- Fixed a border case in URL resolver: empty path + {query|fragment} (BUG#948)
- Avoid double draw after going Back or Forward (it takes half the time now!).
+ - Avoid a certificate dialog storm on some HTTPS sites (BUG#868).
Patches: Jorge Arellano Cid
+- Remove --enable-ansi configure option.
- Limit saved cookie size.
diff --git a/dpi/https.c b/dpi/https.c
index 71b0c0f9..68572ac2 100644
--- a/dpi/https.c
+++ b/dpi/https.c
@@ -130,7 +130,7 @@ static void yes_ssl_support(void)
SSL * ssl_connection = NULL;
char *dpip_tag = NULL, *cmd = NULL, *url = NULL, *http_query = NULL,
- *proxy_url = NULL, *proxy_connect = NULL;
+ *proxy_url = NULL, *proxy_connect = NULL, *check_cert = NULL;
char buf[4096];
int ret = 0;
int network_socket = -1;
@@ -200,8 +200,12 @@ static void yes_ssl_support(void)
a_Dpip_get_attr(dpip_tag, "proxy_connect");
url = a_Dpip_get_attr(dpip_tag, "url");
http_query = a_Dpip_get_attr(dpip_tag, "query");
+ if (!(check_cert = a_Dpip_get_attr(dpip_tag, "check_cert"))) {
+ /* allow older dillo versions use this dpi */
+ check_cert = dStrdup("true");
+ }
- if (cmd == NULL || url == NULL || http_query == NULL){
+ if (!cmd || !url || !http_query) {
MSG("***Value of cmd, url or http_query is NULL"
" - cannot continue\n");
exit_error = 1;
@@ -288,7 +292,8 @@ static void yes_ssl_support(void)
/*Use handle error function to decide what to do*/
if (exit_error == 0){
- if (handle_certificate_problem(ssl_connection) < 0){
+ if (strcmp(check_cert, "true") == 0 &&
+ handle_certificate_problem(ssl_connection) < 0){
MSG("Certificate verification error\n");
exit_error = 1;
}
diff --git a/src/capi.c b/src/capi.c
index 867083b5..885b4eb8 100644
--- a/src/capi.c
+++ b/src/capi.c
@@ -302,15 +302,24 @@ static char *Capi_dpi_build_cmd(DilloWeb *web, char *server)
char *proxy_connect = a_Http_make_connect_str(web->url);
Dstr *http_query = a_Http_make_query_str(web->url, FALSE);
/* BUG: embedded NULLs in query data will truncate message */
+
+ /* BUG: WORKAROUND: request to only check the root URL's certificate.
+ * This avoids the dialog bombing that stems from loading multiple
+ * https images/resources in a single page. A proper fix would take
+ * either to implement the https-dpi as a server (with state),
+ * or to move back https handling into dillo. */
if (proxy_connect) {
const char *proxy_urlstr = a_Http_get_proxy_urlstr();
cmd = a_Dpip_build_cmd("cmd=%s proxy_url=%s proxy_connect=%s "
- "url=%s query=%s", "open_url", proxy_urlstr,
+ "url=%s query=%s check_cert=%s",
+ "open_url", proxy_urlstr,
proxy_connect, URL_STR(web->url),
- http_query->str);
+ http_query->str,
+ (web->flags & WEB_RootUrl) ? "true" : "false");
} else {
- cmd = a_Dpip_build_cmd("cmd=%s url=%s query=%s",
- "open_url", URL_STR(web->url),http_query->str);
+ cmd = a_Dpip_build_cmd("cmd=%s url=%s query=%s check_cert=%s",
+ "open_url", URL_STR(web->url),http_query->str,
+ (web->flags & WEB_RootUrl) ? "true" : "false");
}
dFree(proxy_connect);
dStr_free(http_query, 1);