diff options
| author | Gustavo Noronha Silva <gns@gnome.org> | 2010-02-19 00:30:49 +0800 |
|---|---|---|
| committer | Gustavo Noronha Silva <gns@gnome.org> | 2010-02-23 02:57:11 +0800 |
| commit | 3e0f7dea754381c5ad11a06ccc62eb153382b498 (patch) | |
| tree | 35942df25ac30024cf38d1e5c73961db128f40d9 /embed | |
| parent | a5858387b3bba793a65d8bd262e122604529045f (diff) | |
| download | gsoc2013-epiphany-3e0f7dea754381c5ad11a06ccc62eb153382b498.tar gsoc2013-epiphany-3e0f7dea754381c5ad11a06ccc62eb153382b498.tar.gz gsoc2013-epiphany-3e0f7dea754381c5ad11a06ccc62eb153382b498.tar.bz2 gsoc2013-epiphany-3e0f7dea754381c5ad11a06ccc62eb153382b498.tar.lz gsoc2013-epiphany-3e0f7dea754381c5ad11a06ccc62eb153382b498.tar.xz gsoc2013-epiphany-3e0f7dea754381c5ad11a06ccc62eb153382b498.tar.zst gsoc2013-epiphany-3e0f7dea754381c5ad11a06ccc62eb153382b498.zip | |
Report broken certs through the padlock icon
This uses a new feature in libsoup that reports through a
SoupMessageFlag whether the message is talking to a server that has a
trusted server.
Bug #600663
Diffstat (limited to 'embed')
| -rw-r--r-- | embed/ephy-embed-single.c | 15 | ||||
| -rw-r--r-- | embed/ephy-embed.c | 29 |
2 files changed, 36 insertions, 8 deletions
diff --git a/embed/ephy-embed-single.c b/embed/ephy-embed-single.c index 44efecaed..8c05532df 100644 --- a/embed/ephy-embed-single.c +++ b/embed/ephy-embed-single.c @@ -39,6 +39,7 @@ #endif #include <webkit/webkit.h> +#include <glib/gi18n.h> #include <libsoup/soup-gnome.h> #include <gnome-keyring.h> @@ -481,6 +482,20 @@ ephy_embed_single_initialize (EphyEmbedSingle *single) session = webkit_get_default_session (); +#ifdef GTLS_SYSTEM_CA_FILE + /* Check SSL certificates */ + + if (g_file_test (GTLS_SYSTEM_CA_FILE, G_FILE_TEST_EXISTS)) { + g_object_set (session, + SOUP_SESSION_SSL_CA_FILE, GTLS_SYSTEM_CA_FILE, + "ignore-ssl-cert-errors", TRUE, + NULL); + } else { + g_warning (_("CA Certificates file we should use was not found, "\ + "all SSL sites will be considered to have a broken certificate.")); + } +#endif + /* Store cookies in moz-compatible SQLite format */ filename = g_build_filename (ephy_dot_dir (), "cookies.sqlite", NULL); jar = soup_cookie_jar_sqlite_new (filename, FALSE); diff --git a/embed/ephy-embed.c b/embed/ephy-embed.c index 7d2af54d2..acc4e94f5 100644 --- a/embed/ephy-embed.c +++ b/embed/ephy-embed.c @@ -220,15 +220,28 @@ load_status_changed_cb (WebKitWebView *view, FALSE, FALSE); - /* - * FIXME: as a temporary workaround while soup lacks the needed - * security API, determine security level based on the existence of - * a 'https' prefix for the URI - */ - if (uri && g_str_has_prefix (uri, "https")) - security_level = EPHY_WEB_VIEW_STATE_IS_SECURE_HIGH; - else +#ifdef GTLS_SYSTEM_CA_FILE + if (uri && g_str_has_prefix (uri, "https")) { + WebKitWebFrame *frame; + WebKitWebDataSource *source; + WebKitNetworkRequest *request; + SoupMessage *message; + + frame = webkit_web_view_get_main_frame (view); + source = webkit_web_frame_get_data_source (frame); + request = webkit_web_data_source_get_request (source); + message = webkit_network_request_get_message (request); + + if (message && + (soup_message_get_flags (message) & SOUP_MESSAGE_CERTIFICATE_TRUSTED)) + security_level = EPHY_WEB_VIEW_STATE_IS_SECURE_HIGH; + else + security_level = EPHY_WEB_VIEW_STATE_IS_BROKEN; + } else security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN; +#else + security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN; +#endif ephy_web_view_set_security_level (EPHY_WEB_VIEW (view), security_level); } else if (status == WEBKIT_LOAD_PROVISIONAL || status == WEBKIT_LOAD_FINISHED) { |