diff options
| -rw-r--r-- | ChangeLog | 1 | ||||
| -rw-r--r-- | dpi/https.c | 11 | ||||
| -rw-r--r-- | src/capi.c | 17 |
3 files changed, 22 insertions, 7 deletions
@@ -14,6 +14,7 @@ dillo-3.0 [August ??, 2011] - Remove 'fullscreen' key action. - Fixed a border case in URL resolver: empty path + {query|fragment} (BUG#948) - Avoid double draw after going Back or Forward (it takes half the time now!). + - Avoid a certificate dialog storm on some HTTPS sites (BUG#868). Patches: Jorge Arellano Cid +- Remove --enable-ansi configure option. - Limit saved cookie size. diff --git a/dpi/https.c b/dpi/https.c index 71b0c0f9..68572ac2 100644 --- a/dpi/https.c +++ b/dpi/https.c @@ -130,7 +130,7 @@ static void yes_ssl_support(void) SSL * ssl_connection = NULL; char *dpip_tag = NULL, *cmd = NULL, *url = NULL, *http_query = NULL, - *proxy_url = NULL, *proxy_connect = NULL; + *proxy_url = NULL, *proxy_connect = NULL, *check_cert = NULL; char buf[4096]; int ret = 0; int network_socket = -1; @@ -200,8 +200,12 @@ static void yes_ssl_support(void) a_Dpip_get_attr(dpip_tag, "proxy_connect"); url = a_Dpip_get_attr(dpip_tag, "url"); http_query = a_Dpip_get_attr(dpip_tag, "query"); + if (!(check_cert = a_Dpip_get_attr(dpip_tag, "check_cert"))) { + /* allow older dillo versions use this dpi */ + check_cert = dStrdup("true"); + } - if (cmd == NULL || url == NULL || http_query == NULL){ + if (!cmd || !url || !http_query) { MSG("***Value of cmd, url or http_query is NULL" " - cannot continue\n"); exit_error = 1; @@ -288,7 +292,8 @@ static void yes_ssl_support(void) /*Use handle error function to decide what to do*/ if (exit_error == 0){ - if (handle_certificate_problem(ssl_connection) < 0){ + if (strcmp(check_cert, "true") == 0 && + handle_certificate_problem(ssl_connection) < 0){ MSG("Certificate verification error\n"); exit_error = 1; } @@ -302,15 +302,24 @@ static char *Capi_dpi_build_cmd(DilloWeb *web, char *server) char *proxy_connect = a_Http_make_connect_str(web->url); Dstr *http_query = a_Http_make_query_str(web->url, FALSE); /* BUG: embedded NULLs in query data will truncate message */ + + /* BUG: WORKAROUND: request to only check the root URL's certificate. + * This avoids the dialog bombing that stems from loading multiple + * https images/resources in a single page. A proper fix would take + * either to implement the https-dpi as a server (with state), + * or to move back https handling into dillo. */ if (proxy_connect) { const char *proxy_urlstr = a_Http_get_proxy_urlstr(); cmd = a_Dpip_build_cmd("cmd=%s proxy_url=%s proxy_connect=%s " - "url=%s query=%s", "open_url", proxy_urlstr, + "url=%s query=%s check_cert=%s", + "open_url", proxy_urlstr, proxy_connect, URL_STR(web->url), - http_query->str); + http_query->str, + (web->flags & WEB_RootUrl) ? "true" : "false"); } else { - cmd = a_Dpip_build_cmd("cmd=%s url=%s query=%s", - "open_url", URL_STR(web->url),http_query->str); + cmd = a_Dpip_build_cmd("cmd=%s url=%s query=%s check_cert=%s", + "open_url", URL_STR(web->url),http_query->str, + (web->flags & WEB_RootUrl) ? "true" : "false"); } dFree(proxy_connect); dStr_free(http_query, 1); |