diff options
| author | corvid <devnull@localhost> | 2015-06-29 15:36:46 +0000 |
|---|---|---|
| committer | corvid <devnull@localhost> | 2015-06-29 15:36:46 +0000 |
| commit | 41f2b84001bb63d705c7981492a9637d4d48f5f7 (patch) | |
| tree | f7b95cb6c4a8a04e59f62a43c3b432ea1bfe569d /src/IO | |
| parent | b3b8727a42e89d8702c9702226d1140836f1146e (diff) | |
HTTP Strict Transport Security
I'm not including the preload file yet.
Diffstat (limited to 'src/IO')
| -rw-r--r-- | src/IO/tls.c | 25 | ||||
| -rw-r--r-- | src/IO/tls.h | 2 |
2 files changed, 20 insertions, 7 deletions
diff --git a/src/IO/tls.c b/src/IO/tls.c index 89ad7989..dfe76744 100644 --- a/src/IO/tls.c +++ b/src/IO/tls.c @@ -64,7 +64,7 @@ void a_Tls_init() #define CERT_STATUS_NONE 0 #define CERT_STATUS_RECEIVING 1 -#define CERT_STATUS_GOOD 2 +#define CERT_STATUS_CLEAN 2 #define CERT_STATUS_BAD 3 #define CERT_STATUS_USER_ACCEPTED 4 @@ -402,18 +402,29 @@ int a_Tls_connect_ready(const DilloUrl *url) return ret; } +static int Tls_cert_status(const DilloUrl *url) +{ + Server_t *s = dList_find_sorted(servers, url, Tls_servers_by_url_cmp); + + return s ? s->cert_status : CERT_STATUS_NONE; +} + /* * Did we find problems with the certificate, and did the user proceed to * reject the connection? */ static int Tls_user_said_no(const DilloUrl *url) { - Server_t *s = dList_find_sorted(servers, url, Tls_servers_by_url_cmp); - - if (!s) - return FALSE; + return Tls_cert_status(url) == CERT_STATUS_BAD; +} - return s->cert_status == CERT_STATUS_BAD; +/* + * Did everything seem proper with the certificate -- no warnings to + * click through? + */ +int a_Tls_certificate_is_clean(const DilloUrl *url) +{ + return Tls_cert_status(url) == CERT_STATUS_CLEAN; } /******************** BEGINNING OF STUFF DERIVED FROM wget-1.16.3 */ @@ -894,7 +905,7 @@ static int Tls_examine_certificate(SSL *ssl, Server_t *srv,const char *host) if (choice == 2) srv->cert_status = CERT_STATUS_BAD; else if (choice == -1) - srv->cert_status = CERT_STATUS_GOOD; + srv->cert_status = CERT_STATUS_CLEAN; else srv->cert_status = CERT_STATUS_USER_ACCEPTED; diff --git a/src/IO/tls.h b/src/IO/tls.h index e3892cb2..9bc89de5 100644 --- a/src/IO/tls.h +++ b/src/IO/tls.h @@ -15,6 +15,7 @@ void a_Tls_init(); #ifdef ENABLE_SSL +int a_Tls_certificate_is_clean(const DilloUrl *url); int a_Tls_connect_ready(const DilloUrl *url); void a_Tls_reset_server_state(const DilloUrl *url); @@ -30,6 +31,7 @@ int a_Tls_read(void *conn, void *buf, size_t len); int a_Tls_write(void *conn, void *buf, size_t len); #else +#define a_Tls_certificate_is_clean(host) 0 #define a_Tls_connect_ready(url) TLS_CONNECT_NEVER #define a_Tls_reset_server_state(url) ; #define a_Tls_handshake(fd, url) ; |