[Xfce4-commits] <midori:master> Unify certificate checks during load

Christian Dywan noreply at xfce.org
Sat Apr 6 23:14:04 CEST 2013


Updating branch refs/heads/master
         to 1f430e6eaa48832f384d6076b2c00f94e528cce9 (commit)
       from 6ff427549112a18a19bf0719346278915d329d34 (commit)

commit 1f430e6eaa48832f384d6076b2c00f94e528cce9
Author: Christian Dywan <christian at twotoasts.de>
Date:   Sat Apr 6 23:02:50 2013 +0200

    Unify certificate checks during load

 midori/midori-locationaction.c |    7 +++++++
 midori/midori-session.c        |    2 +-
 midori/midori-view.c           |   34 +++++++++++++++++-----------------
 3 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/midori/midori-locationaction.c b/midori/midori-locationaction.c
index 63e8e83..c956fef 100644
--- a/midori/midori-locationaction.c
+++ b/midori/midori-locationaction.c
@@ -1283,6 +1283,7 @@ midori_location_action_focus_out_event_cb (GtkWidget*   widget,
 #endif
 
 #if defined (HAVE_LIBSOUP_2_34_0)
+#ifndef HAVE_WEBKIT2
 static GHashTable* message_map = NULL;
 void
 midori_map_add_message (SoupMessage* message)
@@ -1300,10 +1301,13 @@ midori_map_get_message (SoupMessage* message)
     SoupURI* uri = soup_message_get_uri (message);
     SoupMessage* full;
     g_return_val_if_fail (uri && uri->host, message);
+    if (message_map == NULL)
+        message_map = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, g_object_unref);
     full = g_hash_table_lookup (message_map, uri->host);
     g_return_val_if_fail (full, message);
     return full;
 }
+#endif
 
 #ifdef HAVE_GCR
 typedef enum {
@@ -1398,7 +1402,10 @@ midori_location_action_show_page_info (GtkWidget* widget,
     #endif
     midori_view_get_tls_info (view, request, &tls_cert, &tls_flags, &hostname);
     if (tls_cert == NULL)
+    {
+        g_free (hostname);
         return;
+    }
 
     #ifdef HAVE_GCR
     GByteArray* der_cert;
diff --git a/midori/midori-session.c b/midori/midori-session.c
index f485a21..8e6c48a 100644
--- a/midori/midori-session.c
+++ b/midori/midori-session.c
@@ -102,7 +102,7 @@ soup_session_settings_notify_first_party_cb (MidoriWebSettings* settings,
 }
 #endif
 
-#if defined (HAVE_LIBSOUP_2_34_0)
+#if !defined (HAVE_WEBKIT2) && defined (HAVE_LIBSOUP_2_34_0)
 /* Implemented in MidoriLocationAction */
 void
 midori_map_add_message (SoupMessage* message);
diff --git a/midori/midori-view.c b/midori/midori-view.c
index 7a41d66..2ebffc4 100644
--- a/midori/midori-view.c
+++ b/midori/midori-view.c
@@ -30,9 +30,11 @@
     #define GCR_API_SUBJECT_TO_CHANGE
     #include <gcr/gcr.h>
 
+#ifndef HAVE_WEBKIT2
 SoupMessage*
 midori_map_get_message (SoupMessage* message);
 #endif
+#endif
 
 #include <string.h>
 #include <stdlib.h>
@@ -923,52 +925,50 @@ midori_view_load_committed (MidoriView* view)
 
     if (!strncmp (uri, "https", 5))
     {
+        #if defined (HAVE_LIBSOUP_2_29_91)
         #ifdef HAVE_WEBKIT2
-        /* Not implemented */
-        #elif defined (HAVE_LIBSOUP_2_29_91)
+        void* request = NULL;
+        #else
         WebKitWebFrame* web_frame = webkit_web_view_get_main_frame (WEBKIT_WEB_VIEW (view->web_view));
         WebKitWebDataSource* source = webkit_web_frame_get_data_source (web_frame);
         WebKitNetworkRequest* request = webkit_web_data_source_get_request (source);
-        SoupMessage* message = webkit_network_request_get_message (request);
-
-        if (message
-         && soup_message_get_flags (message) & SOUP_MESSAGE_CERTIFICATE_TRUSTED)
+        #endif
+        GTlsCertificate* tls_cert;
+        GTlsCertificateFlags tls_flags;
+        gchar* hostname; /* FIXME leak */
+        if (midori_view_get_tls_info (view, request, &tls_cert, &tls_flags, &hostname))
             midori_tab_set_security (MIDORI_TAB (view), MIDORI_SECURITY_TRUSTED);
         #ifdef HAVE_GCR
-        else if (!midori_tab_get_special (MIDORI_TAB (view)) && message != NULL)
+        else if (!midori_tab_get_special (MIDORI_TAB (view)) && tls_cert != NULL)
         {
-            GTlsCertificate* tls_cert;
             GcrCertificate* gcr_cert;
             GByteArray* der_cert;
-            SoupURI* soup_uri;
 
-            message = midori_map_get_message (message);
-            g_object_get (message, "tls-certificate", &tls_cert, NULL);
-            g_return_if_fail (tls_cert != NULL);
             g_object_get (tls_cert, "certificate", &der_cert, NULL);
             gcr_cert = gcr_simple_certificate_new (der_cert->data, der_cert->len);
             g_byte_array_unref (der_cert);
-            soup_uri = soup_message_get_uri (message);
-            if (gcr_trust_is_certificate_pinned (gcr_cert, GCR_PURPOSE_SERVER_AUTH, soup_uri->host, NULL, NULL))
+            if (gcr_trust_is_certificate_pinned (gcr_cert, GCR_PURPOSE_SERVER_AUTH, hostname, NULL, NULL))
                 midori_tab_set_security (MIDORI_TAB (view), MIDORI_SECURITY_TRUSTED);
             else
             {
-                GTlsCertificateFlags tls_flags;
                 midori_tab_set_security (MIDORI_TAB (view), MIDORI_SECURITY_UNKNOWN);
-                g_object_get (message, "tls-errors", &tls_flags, NULL);
                 midori_tab_stop_loading (MIDORI_TAB (view));
                 midori_view_display_error (view, NULL, NULL, _("Security unknown"),
                     midori_location_action_tls_flags_to_string (tls_flags),
                     _("Trust this website"),
                     NULL);
             }
-            g_object_unref (tls_cert);
             g_object_unref (gcr_cert);
         }
         #endif
         else
         #endif
             midori_tab_set_security (MIDORI_TAB (view), MIDORI_SECURITY_UNKNOWN);
+        #if defined (HAVE_LIBSOUP_2_29_91)
+        if (tls_cert != NULL)
+            g_object_unref (tls_cert);
+        g_free (hostname);
+        #endif
     }
     else
         midori_tab_set_security (MIDORI_TAB (view), MIDORI_SECURITY_NONE);


More information about the Xfce4-commits mailing list