aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorGravatar Paweł Zuzelski <pawelz@pld-linux.org>2010-06-21 17:40:28 +0200
committerGravatar Brendan Taylor <whateley@gmail.com>2011-11-23 19:08:50 -0700
commite1d2e58570d620f25425e8f1c01131a426d9818e (patch)
tree7941f1af4ef365b85e442a7dffb5fcde35f667ee
parentfd7cbacdf11d3c54f0e1ce72b43bdd2b9b2387f9 (diff)
ssl certs verification
Introduced config variables: (string) ssl_ca_file (int) ssl_verify ssl_ca_file is openssl-style CAfile containing trusted root certificates. ssl_verify value controls whether to verify remote certs. If it is set to non-zero, uzbl won't connect to remote https site unless it validates cert.
Diffstat
-rw-r--r--README3
-rw-r--r--examples/config/config8
-rw-r--r--src/uzbl-core.h6
-rw-r--r--src/variables.c27
4 files changed, 44 insertions, 0 deletions
diff --git a/README b/README
index 2cdc0cd..928a7bd 100644
--- a/README
+++ b/README
@@ -373,6 +373,9 @@ file).
access the contents of other `file://` URIs. (default 0).
* `follow_hint_keys`: keys for keyboard-based navigation and link
highlighting
+* `ssl_ca_file`: File that contains CA certificates.
+* `ssl_verify`: If set to 1, uzbl won't connect to "https" url unless it can
+ validate certificate presented by remote server against `ssl_ca_file`.
#### Constants (not dumpable or writeable)
diff --git a/examples/config/config b/examples/config/config
index 389e7c6..fe1e236 100644
--- a/examples/config/config
+++ b/examples/config/config
@@ -144,6 +144,14 @@ set useragent = Uzbl (Webkit @{WEBKIT_MAJOR}.@{WEBKIT_MINOR}) (@(+uname
# Drop google analytics tracking cookies (applied after whitelists if any)
#request BLACKLIST_COOKIE name '^__utm.$'
+# === SSL related configuration ==============================================
+
+# Set it to certificates store of your distribution, or your own CAfile.
+# set ssl_ca_file = /etc/certs/ca-certificates.crt
+# set ssl_verify = 1
+# Command to toggle ssl_verify value:
+@cbind !ssl = sh 'echo "set ssl_verify=$((!\@ssl_verify))" > "$4"; echo "set uri = \\\\\\\@uri" > "$4"'
+
# === Key binding configuration ==============================================
# --- Internal modmapping and ignoring ---------------------------------------
diff --git a/src/uzbl-core.h b/src/uzbl-core.h
index aa88feb..c0d7583 100644
--- a/src/uzbl-core.h
+++ b/src/uzbl-core.h
@@ -130,6 +130,11 @@ typedef struct {
gint max_conns_host;
} Network;
+/* ssl */
+typedef struct {
+ gchar *ca_file;
+ gchar *verify_cert;
+} Ssl;
/* Behaviour */
typedef struct {
@@ -185,6 +190,7 @@ typedef struct {
GUI gui;
State state;
Network net;
+ Ssl ssl;
Behaviour behave;
Communication comm;
Info info;
diff --git a/src/variables.c b/src/variables.c
index 7158faa..2d952ac 100644
--- a/src/variables.c
+++ b/src/variables.c
@@ -371,6 +371,30 @@ set_http_debug(int debug) {
SOUP_SESSION_FEATURE(uzbl.net.soup_logger));
}
+void
+set_ca_file(gchar *path) {
+ g_object_set (uzbl.net.soup_session, "ssl-ca-file", path, NULL);
+}
+
+gchar *
+get_ca_file() {
+ gchar *path;
+ g_object_get (uzbl.net.soup_session, "ssl-ca-file", &path, NULL);
+ return path;
+}
+
+void
+set_verify_cert(int strict) {
+ g_object_set (uzbl.net.soup_session, "ssl-strict", strict, NULL);
+}
+
+int
+get_verify_cert() {
+ int strict;
+ g_object_get (uzbl.net.soup_session, "ssl-strict", &strict, NULL);
+ return strict;
+}
+
#define EXPOSE_WEBKIT_VIEW_SETTINGS(SYM, PROPERTY, TYPE) \
void set_##SYM(TYPE val) { \
g_object_set(view_settings(), (PROPERTY), val, NULL); \
@@ -742,6 +766,9 @@ const struct var_name_to_ptr_t {
{ "view_source", PTR_V_INT(uzbl.behave.view_source, 0, set_view_source)},
+ { "ssl_ca_file", PTR_V_STR_GETSET(ca_file)},
+ { "ssl_verify", PTR_V_INT_GETSET(verify_cert)},
+
/* exported WebKitWebSettings properties */
{ "javascript_windows", PTR_V_INT_GETSET(javascript_windows)},
{ "zoom_level", PTR_V_FLOAT_GETSET(zoom_level)},
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 07:00:10 +0000