From e1d2e58570d620f25425e8f1c01131a426d9818e Mon Sep 17 00:00:00 2001 From: Paweł Zuzelski Date: Mon, 21 Jun 2010 17:40:28 +0200 Subject: ssl certs verification Introduced config variables: (string) ssl_ca_file (int) ssl_verify ssl_ca_file is openssl-style CAfile containing trusted root certificates. ssl_verify value controls whether to verify remote certs. If it is set to non-zero, uzbl won't connect to remote https site unless it validates cert. --- README | 3 +++ examples/config/config | 8 ++++++++ src/uzbl-core.h | 6 ++++++ src/variables.c | 27 +++++++++++++++++++++++++++ 4 files changed, 44 insertions(+) diff --git a/README b/README index 2cdc0cd..928a7bd 100644 --- a/README +++ b/README @@ -373,6 +373,9 @@ file). access the contents of other `file://` URIs. (default 0). * `follow_hint_keys`: keys for keyboard-based navigation and link highlighting +* `ssl_ca_file`: File that contains CA certificates. +* `ssl_verify`: If set to 1, uzbl won't connect to "https" url unless it can + validate certificate presented by remote server against `ssl_ca_file`. #### Constants (not dumpable or writeable) diff --git a/examples/config/config b/examples/config/config index 389e7c6..fe1e236 100644 --- a/examples/config/config +++ b/examples/config/config @@ -144,6 +144,14 @@ set useragent = Uzbl (Webkit @{WEBKIT_MAJOR}.@{WEBKIT_MINOR}) (@(+uname # Drop google analytics tracking cookies (applied after whitelists if any) #request BLACKLIST_COOKIE name '^__utm.$' +# === SSL related configuration ============================================== + +# Set it to certificates store of your distribution, or your own CAfile. +# set ssl_ca_file = /etc/certs/ca-certificates.crt +# set ssl_verify = 1 +# Command to toggle ssl_verify value: +@cbind !ssl = sh 'echo "set ssl_verify=$((!\@ssl_verify))" > "$4"; echo "set uri = \\\\\\\@uri" > "$4"' + # === Key binding configuration ============================================== # --- Internal modmapping and ignoring --------------------------------------- diff --git a/src/uzbl-core.h b/src/uzbl-core.h index aa88feb..c0d7583 100644 --- a/src/uzbl-core.h +++ b/src/uzbl-core.h @@ -130,6 +130,11 @@ typedef struct { gint max_conns_host; } Network; +/* ssl */ +typedef struct { + gchar *ca_file; + gchar *verify_cert; +} Ssl; /* Behaviour */ typedef struct { @@ -185,6 +190,7 @@ typedef struct { GUI gui; State state; Network net; + Ssl ssl; Behaviour behave; Communication comm; Info info; diff --git a/src/variables.c b/src/variables.c index 7158faa..2d952ac 100644 --- a/src/variables.c +++ b/src/variables.c @@ -371,6 +371,30 @@ set_http_debug(int debug) { SOUP_SESSION_FEATURE(uzbl.net.soup_logger)); } +void +set_ca_file(gchar *path) { + g_object_set (uzbl.net.soup_session, "ssl-ca-file", path, NULL); +} + +gchar * +get_ca_file() { + gchar *path; + g_object_get (uzbl.net.soup_session, "ssl-ca-file", &path, NULL); + return path; +} + +void +set_verify_cert(int strict) { + g_object_set (uzbl.net.soup_session, "ssl-strict", strict, NULL); +} + +int +get_verify_cert() { + int strict; + g_object_get (uzbl.net.soup_session, "ssl-strict", &strict, NULL); + return strict; +} + #define EXPOSE_WEBKIT_VIEW_SETTINGS(SYM, PROPERTY, TYPE) \ void set_##SYM(TYPE val) { \ g_object_set(view_settings(), (PROPERTY), val, NULL); \ @@ -742,6 +766,9 @@ const struct var_name_to_ptr_t { { "view_source", PTR_V_INT(uzbl.behave.view_source, 0, set_view_source)}, + { "ssl_ca_file", PTR_V_STR_GETSET(ca_file)}, + { "ssl_verify", PTR_V_INT_GETSET(verify_cert)}, + /* exported WebKitWebSettings properties */ { "javascript_windows", PTR_V_INT_GETSET(javascript_windows)}, { "zoom_level", PTR_V_FLOAT_GETSET(zoom_level)}, -- cgit v1.2.3