surf

surf browser, a WebKit based browser
git clone git://git.suckless.org/surf
Log | Files | Refs | README | LICENSE

commit 3c2c0a65250e1415124603cb8d91bff4a657d46a
parent eb32dd6eca5b6224bb5fb28cadef5bd035581ef3
Author: Quentin Rameau <quinq@fifth.space>
Date:   Fri, 28 Apr 2017 12:58:36 +0200

Add support for using custom certificates per url

Diffstat:
Mconfig.def.h | 11+++++++++++
Msurf.c | 55+++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 66 insertions(+), 0 deletions(-)

diff --git a/config.def.h b/config.def.h @@ -3,12 +3,14 @@ static int surfuseragent = 1; /* Append Surf version to default WebKit user static char *fulluseragent = ""; /* Or override the whole user agent string */ static char *scriptfile = "~/.surf/script.js"; static char *styledir = "~/.surf/styles/"; +static char *certdir = "~/.surf/certificates/"; static char *cachedir = "~/.surf/cache/"; static char *cookiefile = "~/.surf/cookies.txt"; /* Webkit default features */ static Parameter defconfig[ParameterLast] = { SETB(AcceleratedCanvas, 1), + SETB(Certificate, 0), SETB(CaretBrowsing, 0), SETV(CookiePolicies, "@Aa"), SETB(DiskCache, 1), @@ -95,6 +97,15 @@ static SiteSpecific styles[] = { { ".*", "default.css" }, }; +/* certificates */ +/* + * Provide custom certificate for urls + */ +static SiteSpecific certs[] = { + /* regexp file in $certdir */ + { "://suckless\\.org/", "suckless.org.crt" }, +}; + #define MODKEY GDK_CONTROL_MASK /* hotkeys */ diff --git a/surf.c b/surf.c @@ -60,6 +60,7 @@ enum { typedef enum { AcceleratedCanvas, CaretBrowsing, + Certificate, CookiePolicies, DiskCache, DNSPrefetch, @@ -162,6 +163,8 @@ static WebKitCookieAcceptPolicy cookiepolicy_get(void); static char cookiepolicy_set(const WebKitCookieAcceptPolicy p); static void seturiparameters(Client *c, const char *uri); static void setparameter(Client *c, int refresh, ParamName p, const Arg *a); +static const char *getcert(const char *uri); +static void setcert(Client *c, const char *file); static const char *getstyle(const char *uri); static void setstyle(Client *c, const char *file); static void runscript(Client *c); @@ -291,9 +294,19 @@ setup(void) cookiefile = buildfile(cookiefile); scriptfile = buildfile(scriptfile); cachedir = buildpath(cachedir); + certdir = buildpath(certdir); gdkkb = gdk_seat_get_keyboard(gdk_display_get_default_seat(gdpy)); + for (i = 0; i < LENGTH(certs); ++i) { + if (regcomp(&(certs[i].re), certs[i].regex, REG_EXTENDED)) { + fprintf(stderr, "Could not compile regex: %s\n", + certs[i].regex); + certs[i].regex = NULL; + } + certs[i].file = g_strconcat(certdir, "/", certs[i].file, NULL); + } + if (!stylefile) { styledir = buildpath(styledir); for (i = 0; i < LENGTH(styles); ++i) { @@ -642,6 +655,10 @@ setparameter(Client *c, int refresh, ParamName p, const Arg *a) webkit_settings_set_enable_caret_browsing(s, a->b); refresh = 0; break; + case Certificate: + if (a->b) + setcert(c, geturi(c)); + return; /* do not update */ case CookiePolicies: webkit_cookie_manager_set_accept_policy( webkit_web_context_get_cookie_manager( @@ -738,6 +755,44 @@ setparameter(Client *c, int refresh, ParamName p, const Arg *a) } const char * +getcert(const char *uri) +{ + int i; + + for (i = 0; i < LENGTH(certs); ++i) { + if (certs[i].regex && + !regexec(&(certs[i].re), uri, 0, NULL, 0)) + return certs[i].file; + } + + return NULL; +} + +void +setcert(Client *c, const char *uri) +{ + const char *file = getcert(uri); + char *host; + GTlsCertificate *cert; + + if (!file) + return; + + if (!(cert = g_tls_certificate_new_from_file(file, NULL))) { + fprintf(stderr, "Could not read certificate file: %s\n", file); + return; + } + + uri = strstr(uri, "://") + sizeof("://") - 1; + host = strndup(uri, strstr(uri, "/") - uri); + + webkit_web_context_allow_tls_certificate_for_host( + webkit_web_view_get_context(c->view), cert, host); + + free(host); +} + +const char * getstyle(const char *uri) { int i;