From 1cf1ec55bc7647e737d7ec41bfe1def721269c02 Mon Sep 17 00:00:00 2001 From: Daniel Silverstone Date: Tue, 6 Aug 2019 13:15:23 +0100 Subject: Support SSL verification through new about: handler In doing this, also propagate why the certificates were bad so that the page can display a reason. We will need FatMessages for all these. Signed-off-by: Daniel Silverstone --- include/netsurf/ssl_certs.h | 61 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 include/netsurf/ssl_certs.h (limited to 'include') diff --git a/include/netsurf/ssl_certs.h b/include/netsurf/ssl_certs.h new file mode 100644 index 000000000..a73dc604c --- /dev/null +++ b/include/netsurf/ssl_certs.h @@ -0,0 +1,61 @@ +/* + * Copyright 2019 Daniel Silverstone + * + * This file is part of NetSurf, http://www.netsurf-browser.org/ + * + * NetSurf is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; version 2 of the License. + * + * NetSurf is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/** + * \file + * + * SSL related types and values + */ + +#ifndef NETSURF_SSL_CERTS_H_ +#define NETSURF_SSL_CERTS_H_ + +/** + * ssl certificate error status + */ +typedef enum { + SSL_CERT_ERR_OK, /**< Nothing wrong with this certificate */ + SSL_CERT_ERR_UNKNOWN, /**< Unknown error */ + SSL_CERT_ERR_BAD_ISSUER, /**< Bad issuer */ + SSL_CERT_ERR_BAD_SIG, /**< Bad signature on this certificate */ + SSL_CERT_ERR_TOO_YOUNG, /**< This certificate is not yet valid */ + SSL_CERT_ERR_TOO_OLD, /**< This certificate is no longer valid */ + SSL_CERT_ERR_SELF_SIGNED, /**< This certificate (or the chain) is self signed */ + SSL_CERT_ERR_CHAIN_SELF_SIGNED, /**< This certificate chain is self signed */ + SSL_CERT_ERR_REVOKED, /**< This certificate has been revoked */ +} ssl_cert_err; + +/** + * ssl certificate information for certificate error message + */ +struct ssl_cert_info { + long version; /**< Certificate version */ + char not_before[32]; /**< Valid from date */ + char not_after[32]; /**< Valid to date */ + int sig_type; /**< Signature type */ + char serialnum[64]; /**< Serial number */ + char issuer[256]; /**< Issuer details */ + char subject[256]; /**< Subject details */ + int cert_type; /**< Certificate type */ + ssl_cert_err err; /**< Whatever is wrong with this certificate */ +}; + +/** maximum number of X509 certificates in chain for TLS connection */ +#define MAX_SSL_CERTS 10 + +#endif /* NETSURF_SSL_CERTS_H_ */ -- cgit v1.2.3