aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-06-29prefs.http_strict_transport_securitycorvid
2015-06-29HTTP Strict Transport Securitycorvid
I'm not including the preload file yet.
2015-06-28MSGcorvid
2015-06-28cookies be careful with overflow with ridiculously huge Max-Age valuescorvid
...not that there's any obvious justification for storing cookies for decades.
2015-06-24add a tls test sitecorvid
2015-06-18use [IMG] placeholder even if prefs.load_images is truecorvid
2015-06-03web must be valid in order to continue in a_Http_connect_donecorvid
A site triggers this with a background image where the style is deleted upon </div>, and Capi_stop_client() finds that a_Cache_client_get_if_unique() is false, so nothing aborts the connection. And there's time for this to happen because we're doing TLS handshake. I don't know whether all of what triggered this is doing the right thing, but at least when it comes to capi, we can see that there's the idea of permitting it (with whether we ever actually want that in practice being yet another question). In any case, Http_make_query_str() definitely thinks the web is there. If we really decided that we wanted connections to continue without webs, we could stuff 1) what sort of thing are we requesting? 2) is this a third-party request? into the socket data. Making the query earlier is probably not advisable because we'd want the cookies available at the time that we send the query and not the cookies that were available somewhat earlier.
2015-06-03show certificate hash algorithm (and complain feebly if it's weak)corvid
2015-06-02Updated dw::Table documentation.Jeremy Henty, Sebastian Geerken
2015-06-02Remove dw::Table::_unused_calcColumnExtremes().Jeremy Henty
2015-06-01dillo man page datecorvid
2015-06-01NotSoSimpleVector: nicer imageSebastian Geerken
2015-06-01Split up user and developer documentation.Sebastian Geerken
2015-06-01Updated doc directory.Sebastian Geerken
2015-06-01constcorvid
2015-06-01url: rm unused flagscorvid
2015-06-01rm the old-style url alt stuffcorvid
2015-06-01TLS servers sortedcorvid
2015-06-01url: rm dead codecorvid
2015-05-31mergecorvid
2015-05-31rm MSGcorvid
2015-05-31rm MSGcorvid
2015-05-31fix up socket queuecorvid
2015-05-30fix warningcorvid
2015-05-30print certificate chaincorvid
2015-05-30let's not print tls alerts for 'close notify'corvid
2015-05-29print out TLS version and cipher agreed upon after first connection with servercorvid
2015-05-29documentation and not-currently-possible error casecorvid
2015-05-29some more information for TLS warning popupscorvid
2015-05-29_MSG_ERR unused, unneeded, because it doesn't make much sensecorvid
2015-05-28libpng 1.6 series works for mecorvid
2015-05-28cookies is_ssl -> is_tlscorvid
2015-05-28update docs a bitcorvid
2015-05-28'ssl' -> 'tls' where reasonable, given that ssl3 is dead and allcorvid
I used 'hg rename' and expected (at least hoped) that 'hg diff' would do what I would naturally want, but no.
2015-05-28make http_max_conns truly per server/proxy rather than hostcorvid
And separate http from https for safety while we're at it. We were checking this where we needed to, but it would be easy to forget about in the future. Not that very much happens when you try http://example.com:443 or https://example.com:80, but I'm being careful nevertheless.
2015-05-27Made view-source dpi use CSS formatting (it's shorter and cleaner)Jorge Arellano Cid
BTW, is there a point in using a monospaced font? Besides it looks like code printing (which is good), a proportional-spaced font may be easier to read.
2015-05-26ChangeLogcorvid
2015-05-26Fix view-source dpi to handle null characters correctlyJorge Arellano Cid
Although not allowed in text contexts, null characters should not stop/halt/fail dpi protocol, thus the patch. Test Example. Display a file with these contents: null padding^@^@ (two trailing null characters) and view source for it. Note that dillo will not _display_ the file completely correct, it will eat a char after each null, but this is not a problem in dpi nor dpip but in rendering, the cache gets it right. Adding code to correctly _display_ these anomalous pages is probably not worth the effort though.
2015-05-20more ChangeLogcorvid
2015-05-20ChangeLogcorvid
2015-05-20ChangeLogcorvid
2015-05-19http use-after-freecorvid
openbsd tripped over this for me
2015-05-18make it clearer that ssl popups are about security (well, if one's WM shows ↵corvid
titles) I've noticed how users on forums can be like "Oh, it must be something about bugs in dillo. But it manages to load the page". This is a degree of misunderstanding which I wouldn't expect from anyone interested in using dillo, but there it is, so I should deal with it.
2015-05-18let's add LibreSSL to the OpenSSL licensing linking exceptioncorvid
I tried dillo on openbsd and, unsurprisingly, it seems fine with libressl. I still would like it if some other TLS library would become the clear choice for dillo at some point...
2015-05-18let fltk wrap this dialog's textcorvid
2015-05-18clean up the SSL error dialog strings a littlecorvid
2015-05-18gain some space in a_Dialog_choicecorvid
2015-05-18not use strcpy herecorvid
I see that openbsd likes to complain when it's used, and we certainly don't have a deep need for it in this case.
2015-05-16dillorc: search urls duckduckgo and startpage always redirect to https, so ↵corvid
just specify https
2015-05-09ChangeLogcorvid