From 1cf1ec55bc7647e737d7ec41bfe1def721269c02 Mon Sep 17 00:00:00 2001 From: Daniel Silverstone Date: Tue, 6 Aug 2019 13:15:23 +0100 Subject: Support SSL verification through new about: handler In doing this, also propagate why the certificates were bad so that the page can display a reason. We will need FatMessages for all these. Signed-off-by: Daniel Silverstone --- utils/corestringlist.h | 1 + utils/messages.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ utils/messages.h | 9 +++++++++ 3 files changed, 58 insertions(+) (limited to 'utils') diff --git a/utils/corestringlist.h b/utils/corestringlist.h index e6530c506..82fffe263 100644 --- a/utils/corestringlist.h +++ b/utils/corestringlist.h @@ -147,6 +147,7 @@ CORESTRING_LWC_VALUE(max_age, "max-age"); CORESTRING_LWC_VALUE(no_cache, "no-cache"); CORESTRING_LWC_VALUE(no_store, "no-store"); CORESTRING_LWC_VALUE(query_auth, "query/auth"); +CORESTRING_LWC_VALUE(query_ssl, "query/ssl"); /* mime types */ CORESTRING_LWC_VALUE(multipart_form_data, "multipart/form-data"); diff --git a/utils/messages.c b/utils/messages.c index 5beeba38d..29443f99e 100644 --- a/utils/messages.c +++ b/utils/messages.c @@ -343,6 +343,54 @@ const char *messages_get_errorcode(nserror code) return messages_get_ctx("Unknown", messages_hash); } +/* exported function documented in utils/messages.h */ +const char *messages_get_sslcode(ssl_cert_err code) +{ + switch (code) { + case SSL_CERT_ERR_OK: + /* Nothing wrong with this certificate */ + return messages_get_ctx("SSLCertErrOk", messages_hash); + + case SSL_CERT_ERR_UNKNOWN: + /* Unknown error */ + return messages_get_ctx("SSLCertErrUnknown", messages_hash); + + case SSL_CERT_ERR_BAD_ISSUER: + /* Bad issuer */ + return messages_get_ctx("SSLCertErrBadIssuer", messages_hash); + + case SSL_CERT_ERR_BAD_SIG: + /* Bad signature on this certificate */ + return messages_get_ctx("SSLCertErrBadSig", messages_hash); + + case SSL_CERT_ERR_TOO_YOUNG: + /* This certificate is not yet valid */ + return messages_get_ctx("SSLCertErrTooYoung", messages_hash); + + case SSL_CERT_ERR_TOO_OLD: + /* This certificate is no longer valid */ + return messages_get_ctx("SSLCertErrTooOld", messages_hash); + + case SSL_CERT_ERR_SELF_SIGNED: + /* This certificate is self signed */ + return messages_get_ctx("SSLCertErrSelfSigned", messages_hash); + + case SSL_CERT_ERR_CHAIN_SELF_SIGNED: + /* This certificate chain is self signed */ + return messages_get_ctx("SSLCertErrChainSelfSigned", messages_hash); + + case SSL_CERT_ERR_REVOKED: + /* This certificate has been revoked */ + return messages_get_ctx("SSLCertErrRevoked", messages_hash); + } + + /* The switch has no default, so the compiler should tell us when we + * forget to add messages for new error codes. As such, we should + * never get here. + */ + assert(0); + return messages_get_ctx("Unknown", messages_hash); +} /* exported function documented in utils/messages.h */ void messages_destroy(void) diff --git a/utils/messages.h b/utils/messages.h index 4024f7e77..635d6e8e4 100644 --- a/utils/messages.h +++ b/utils/messages.h @@ -36,6 +36,7 @@ #include #include "utils/errors.h" +#include "netsurf/ssl_certs.h" /** * Read keys and values from messages file into the standard Messages hash. @@ -78,6 +79,14 @@ const char *messages_get(const char *key); */ const char *messages_get_errorcode(nserror code); +/** + * lookup of a message by SSL error code from the standard Messages hash. + * + * \param code ssl error code + * \return message text + */ +const char *messages_get_sslcode(ssl_cert_err code); + /** * Formatted message from a key in the global message hash. * -- cgit v1.2.3