Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | fix: Make it OK if the chain isn't avilable during bad-ssl querying | Daniel Silverstone | 2020-05-23 | 1 | -8/+16 |
| | | | | Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | fetchers/curl: Move report_certs function outside WITH_OPENSSL | Daniel Silverstone | 2020-05-22 | 1 | -21/+22 |
| | | | | Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | query/ssl: Include link to view certificate details | Daniel Silverstone | 2020-05-22 | 1 | -1/+9 |
| | | | | Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | about: Rework freeing the san_names structure | Daniel Silverstone | 2020-05-19 | 1 | -1/+11 |
| | | | | | | | | | AmiSSL's approach to replacing 90% of OpenSSL calls with assembly means that the official way to pop_free a stack type won't work. As such, we open-code it here. Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | add subject alternative names to certificate viewer | Vincent Sanders | 2020-05-18 | 1 | -0/+103 |
| | |||||
* | Page info: Improve certificate fault display style. | Michael Drake | 2020-05-18 | 1 | -6/+9 |
| | |||||
* | Display errors properly in certificate window | Vincent Sanders | 2020-05-18 | 1 | -5/+19 |
| | |||||
* | Improve certificate page styling. | Michael Drake | 2020-05-17 | 1 | -7/+35 |
| | |||||
* | add fingerprints to the certificate viewer | Vincent Sanders | 2020-05-17 | 1 | -0/+115 |
| | |||||
* | split out public key table formatted output | Vincent Sanders | 2020-05-17 | 1 | -55/+68 |
| | |||||
* | use entity for colon in certificate hex values to allow netsurf to break ↵ | Vincent Sanders | 2020-05-17 | 1 | -2/+10 |
| | | | | properly | ||||
* | get the sign right on the certificate openssl compatability interface | Vincent Sanders | 2020-05-17 | 1 | -2/+2 |
| | |||||
* | fix typo in certificate openssl compatability | Vincent Sanders | 2020-05-17 | 1 | -1/+1 |
| | |||||
* | add openssl compatability to certificate decode | Vincent Sanders | 2020-05-17 | 1 | -12/+91 |
| | |||||
* | make about handler ssenddataf cope with longer data | Vincent Sanders | 2020-05-16 | 1 | -2/+24 |
| | |||||
* | improve certificate viewer | Vincent Sanders | 2020-05-16 | 1 | -77/+593 |
| | |||||
* | curl: Pass cert chain on even if we get no headers | Daniel Silverstone | 2020-05-04 | 1 | -0/+4 |
| | | | | Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | About pages: Update presentation using nscolour. | Michael Drake | 2020-04-07 | 1 | -100/+95 |
| | |||||
* | about fetcher: Add about:nscolour.css generated colour stylesheet. | Michael Drake | 2020-04-07 | 1 | -0/+46 |
| | |||||
* | about: Add handling for unknown about: page | Daniel Silverstone | 2020-03-22 | 1 | -2/+28 |
| | | | | Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | Internal content: Restyle certificate viewer page. | Michael Drake | 2020-02-24 | 1 | -7/+43 |
| | |||||
* | about scheme certificate viewer initial implementation | Vincent Sanders | 2020-02-24 | 1 | -1/+279 |
| | |||||
* | Curl fetcher: Guard against read of uninitialised value. | Michael Drake | 2020-02-24 | 1 | -0/+3 |
| | | | | | | | Fixes Coverity issue: CID 1419830: Memory - illegal accesses (UNINIT) >>> Using uninitialized value "buf[depth]". | ||||
* | Curl fetcher: Squash coverity warning. | Michael Drake | 2020-02-24 | 1 | -3/+2 |
| | | | | | CID 1419832: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "goto out;". | ||||
* | fetchers: Rework the about, data, file, and resource fetcher poll loop | Daniel Silverstone | 2020-02-24 | 4 | -123/+50 |
| | | | | | | | This simplifies the poll loops a little more and makes me less worried that some other corner case will bite us in the future. Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | About fetches resources: Drop maps resource. | Michael Drake | 2020-02-24 | 2 | -30/+0 |
| | | | | It had bitrotted. | ||||
* | fetchers: Apply cleaner ring handling mechanic to other fetchers | Daniel Silverstone | 2020-02-24 | 3 | -3/+48 |
| | | | | Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | about: Correct handling of ring in fetch_about_poll | Daniel Silverstone | 2020-02-24 | 1 | -1/+16 |
| | | | | Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | curl: Implement SSL chain cache in cURL fetcher | Daniel Silverstone | 2020-02-23 | 1 | -8/+150 |
| | | | | | | | | | | | Because cURL can do connection caching behind the scenes, we need to have a cache for the SSL certificate chains which we send onward on first header back from cURL. This uses the new hashmap implementation to mean that we cache chains on a hostname:port basis. Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | Keep the complete certificate chain from a fetch | Vincent Sanders | 2020-02-23 | 1 | -120/+57 |
| | | | | | | | | | Instead of extracting information from the X509 certificate chain in the fetcher the entire chain is propagated in Distinguished Encoding Rules (DER) format. This allows all the information contained in a certificate chain to be retained which can subsequently be presented to the user | ||||
* | fetch_curl_report_certs_upstream: Use new SSL_CERT_ERR_CERT_MISSING | Daniel Silverstone | 2019-12-03 | 1 | -1/+5 |
| | | | | Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | fetch_curl_verify_callback: Do depth update after check | Daniel Silverstone | 2019-12-03 | 1 | -5/+5 |
| | | | | Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | Data fetcher: Include stdarg.h header. | Michael Drake | 2019-11-12 | 1 | -0/+1 |
| | |||||
* | Data fetcher: Squash BSD warning. | Michael Drake | 2019-11-11 | 1 | -4/+3 |
| | |||||
* | File fetcher: Optimise HTTP header generation. | Michael Drake | 2019-11-10 | 1 | -6/+8 |
| | |||||
* | Resource fetcher: Optimise HTTP header generation. | Michael Drake | 2019-11-10 | 1 | -6/+8 |
| | |||||
* | Resource fetcher: Add Cache-Control header with max-age of a year. | Michael Drake | 2019-11-10 | 1 | -0/+5 |
| | | | | | Resource URLs can't change, we want to assume they're fresh for as long as we can. | ||||
* | Data fetcher: Add Cache-Control header with max-age of a year. | Michael Drake | 2019-11-10 | 1 | -0/+6 |
| | | | | | Data URLs can't change, we want to assume they're fresh for as long as we can. | ||||
* | Data fetcher: Split header emitting out into helper. | Michael Drake | 2019-11-10 | 1 | -15/+26 |
| | |||||
* | Data fetcher: Move fetch_data_send_callback towards top of file. | Michael Drake | 2019-11-10 | 1 | -8/+8 |
| | |||||
* | File fetcher: Avoid atoi for If-None-Match value parse. | Michael Drake | 2019-11-09 | 1 | -12/+21 |
| | | | | The file fetcher emits FETCH_NOTMODIFIED if the file is unchanged. | ||||
* | Resource fetcher: Fix ETag handling. | Michael Drake | 2019-11-09 | 1 | -10/+19 |
| | | | | | | | | * Changed ETag storage to be time_t, rather than int. * Changed `If-None-Match` value parsing to use proper time_t parsing, rather than `atoi`. We emit FETCH_NOTMODIFIED if the resource hasn't changed. | ||||
* | remove user warnings from hotlist load and curl poll | Vincent Sanders | 2019-11-05 | 1 | -2/+2 |
| | |||||
* | move the fallback text for about handler into messages handler | Vincent Sanders | 2019-10-30 | 1 | -88/+38 |
| | |||||
* | add internal query handler for fetch errors | Vincent Sanders | 2019-10-30 | 1 | -0/+136 |
| | | | | | | | | | | | | | Any errors from the fetch which are not already handled are reported with an internal query page instead of a modal dialog. This is much less invasive for the user and much more in keeping with how this is handled by other browsers. The handler is similar to the timeout handler but the functionality is kept separate as it is intended timeout handling be extended in future. | ||||
* | add internal query page for request timeouts | Vincent Sanders | 2019-10-29 | 1 | -6/+147 |
| | |||||
* | fetchers/curl: Restrict AUTH to BASIC | Daniel Silverstone | 2019-10-21 | 1 | -1/+1 |
| | | | | | | | | | | | | | cURL will prevent channel reuse if NTLM auth is enabled because NTLM authenticates a channel not a request. As such we were unable to reuse curl handles since we handed off connection reuse to curl instead of our own handle cache. This mitigates the effect, though curl authors are looking at fixing it upstream too. Fixes: #2707 Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> | ||||
* | Use curl API (versions after 7.56.0) to determine if openssl is in use | Vincent Sanders | 2019-10-01 | 1 | -4/+23 |
| | |||||
* | Allow the curl fetcher to be built without openssl. | Vincent Sanders | 2019-09-30 | 1 | -30/+61 |
| | | | | | | | | | | The curl fetcher can operate without openssl library being available, additionaly curl itself may be compiled with a different TLS library. In either case this will simply cause the "unknown" error to be reported for all TLS failiures and page information to lack any certificate information. | ||||
* | SSL Error: Enable OpenSSL hostname verification | Daniel Silverstone | 2019-08-14 | 1 | -16/+19 |
| | | | | | | | | Since OpenSSL 1.0.2 there has been hostname verification support which cURL doesn't turn on for some reason. Turn it on so that we get better hostname verification handling. Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org> |