diff options
| author | Daniel Silverstone <dsilvers@digital-scurf.org> | 2019-08-06 13:15:23 +0100 |
|---|---|---|
| committer | Daniel Silverstone <dsilvers@digital-scurf.org> | 2019-08-06 13:15:23 +0100 |
| commit | 1cf1ec55bc7647e737d7ec41bfe1def721269c02 (patch) | |
| tree | 7fd4c9bdfe1d14789dbbe3eba696bba761dabf74 /include | |
| parent | 75349e79d82c43b9731b9349364f467c81fce94b (diff) | |
| download | netsurf-1cf1ec55bc7647e737d7ec41bfe1def721269c02.tar.gz netsurf-1cf1ec55bc7647e737d7ec41bfe1def721269c02.tar.bz2 | |
Support SSL verification through new about: handler
In doing this, also propagate why the certificates were bad
so that the page can display a reason. We will need FatMessages
for all these.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/netsurf/ssl_certs.h | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/include/netsurf/ssl_certs.h b/include/netsurf/ssl_certs.h new file mode 100644 index 000000000..a73dc604c --- /dev/null +++ b/include/netsurf/ssl_certs.h @@ -0,0 +1,61 @@ +/* + * Copyright 2019 Daniel Silverstone <dsilvers@netsurf-browser.org> + * + * This file is part of NetSurf, http://www.netsurf-browser.org/ + * + * NetSurf is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * NetSurf is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +/** + * \file + * + * SSL related types and values + */ + +#ifndef NETSURF_SSL_CERTS_H_ +#define NETSURF_SSL_CERTS_H_ + +/** + * ssl certificate error status + */ +typedef enum { + SSL_CERT_ERR_OK, /**< Nothing wrong with this certificate */ + SSL_CERT_ERR_UNKNOWN, /**< Unknown error */ + SSL_CERT_ERR_BAD_ISSUER, /**< Bad issuer */ + SSL_CERT_ERR_BAD_SIG, /**< Bad signature on this certificate */ + SSL_CERT_ERR_TOO_YOUNG, /**< This certificate is not yet valid */ + SSL_CERT_ERR_TOO_OLD, /**< This certificate is no longer valid */ + SSL_CERT_ERR_SELF_SIGNED, /**< This certificate (or the chain) is self signed */ + SSL_CERT_ERR_CHAIN_SELF_SIGNED, /**< This certificate chain is self signed */ + SSL_CERT_ERR_REVOKED, /**< This certificate has been revoked */ +} ssl_cert_err; + +/** + * ssl certificate information for certificate error message + */ +struct ssl_cert_info { + long version; /**< Certificate version */ + char not_before[32]; /**< Valid from date */ + char not_after[32]; /**< Valid to date */ + int sig_type; /**< Signature type */ + char serialnum[64]; /**< Serial number */ + char issuer[256]; /**< Issuer details */ + char subject[256]; /**< Subject details */ + int cert_type; /**< Certificate type */ + ssl_cert_err err; /**< Whatever is wrong with this certificate */ +}; + +/** maximum number of X509 certificates in chain for TLS connection */ +#define MAX_SSL_CERTS 10 + +#endif /* NETSURF_SSL_CERTS_H_ */ |