diff options
author | Josh Rickmar <jrick@devio.us> | 2012-08-15 15:55:28 -0400 |
---|---|---|
committer | Josh Rickmar <jrick@devio.us> | 2012-08-15 15:55:28 -0400 |
commit | bdcc74ccbecc617774bc6e5af9d0e4a11ad00137 (patch) | |
tree | acc64c32bad11e0d70f30102567dbde98348040d /xombrero.c | |
parent | 88275e2ea86b2feebf85395c9f2b3f1debcd826a (diff) | |
download | xombrero-bdcc74ccbecc617774bc6e5af9d0e4a11ad00137.tar.gz |
Add more info and features to about:secviolation
This adds the full url to the about:secviolation warning page, as well as implementing a new link to show the local cached cert instead of only the new remote one.
Diffstat (limited to 'xombrero.c')
-rw-r--r-- | xombrero.c | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/xombrero.c b/xombrero.c index 53b68f3..cd24a6d 100644 --- a/xombrero.c +++ b/xombrero.c @@ -2000,6 +2000,51 @@ done: return (rv); } +gnutls_x509_crt_t * +get_local_cert_chain(const char *uri, size_t *ncerts, const char **error_str, + const char *dir) +{ + SoupURI *su; + unsigned char cert_buf[64 * 1024] = {0}; + gnutls_datum_t data; + unsigned int len = UINT_MAX; + int bytes_read; + char file[PATH_MAX]; + FILE *f; + gnutls_x509_crt_t *certs; + + if ((su = soup_uri_new(uri)) == NULL) { + *error_str = "Invalid URI"; + return (NULL); + } + + snprintf(file, sizeof file, "%s" PS "%s", dir, su->host); + if ((f = fopen(file, "r")) == NULL) { + *error_str = "Could not read local cert"; + return (NULL); + } + + bytes_read = fread(cert_buf, sizeof *cert_buf, sizeof cert_buf, f); + if (bytes_read == 0) { + *error_str = "Could not read local cert"; + return (NULL); + } + + data.data = cert_buf; + data.size = bytes_read; + certs = g_malloc(sizeof *certs); + *ncerts = INT_MAX; + if (gnutls_x509_crt_list_import(certs, &len, &data, + GNUTLS_X509_FMT_PEM, 0) < 0) { + *error_str = "Error reading local cert chain"; + return (NULL); + } + + *ncerts = len; + return (certs); +} + + int cert_cmd(struct tab *t, struct karg *args) { @@ -2024,6 +2069,23 @@ cert_cmd(struct tab *t, struct karg *args) return (1); } + /* + * if we're only showing the local certs, don't open a socket and get + * the remote certs + */ + if (args->i & XT_SHOW && args->i & XT_CACHE) { + certs = get_local_cert_chain(uri, &cert_count, &error_str, + certs_cache_dir); + if (error_str == NULL) { + show_certs(t, certs, cert_count, "Certificate Chain"); + free_connection_certs(certs, cert_count); + } else { + show_oops(t, "%s", error_str); + return (1); + } + return (0); + } + if ((s = connect_socket_from_uri(uri, &error_str, domain, sizeof domain)) == -1) { show_oops(t, "%s", error_str); |