This patch prints HTTPS failure reasons to stderr. Quoth Nick: > It would be a lot more useful if there was a way of seeing reasons > for https failure, but that isn't really do-able with libsoup. I > recommend not verifying this for yourself, lest your eyes melt in > the 'majesty' of libsoup.
I decided to verify this, and found I was wrong, at least with newer versions of libsoup. This patch will only work with libsoup-2.34 and up. Which I don't have, so it's untested, and may well not quite work. If someone could test it, that'd be swell. I don't know of a good way of checking the libsoup version number, so unless someone else does we should probably not merge for a while (maybe when the next release of Debian comes along.) I'm not sure what a good interface for showing https errors would be. Printing to stderr isn't too great for something like a browser, as I wouldn't expect people to have the terminal it was run from around. Having more than 2 colours for the status bar to represent statuses is pretty unusable too. Anybody have any thoughts on a sane approach? Maybe a string of text in the bottom right corner of the window? Love from Nick
diff -r 5596ef69d425 surf.c
--- a/surf.c Thu Jul 12 12:41:56 2012 +0200
+++ b/surf.c Mon Jul 16 10:58:04 2012 +0100
@@ -387,6 +387,8 @@
WebKitWebDataSource *src;
WebKitNetworkRequest *request;
SoupMessage *msg;
+ GTlsCertificate *cert;
+ GTlsCertificateFlags certerrs;
char *uri;
switch(webkit_web_view_get_load_status (c->view)) {
@@ -399,6 +401,27 @@
msg = webkit_network_request_get_message(request);
c->sslfailed = soup_message_get_flags(msg)
^ SOUP_MESSAGE_CERTIFICATE_TRUSTED;
+ if(c->sslfailed) {
+ fprintf(stderr, "Certificate failure for %s: ", uri);
+ /* needs libsoup 2.34+ */
+ if(soup_message_get_https_flags(msg, &cert, &certerrs)) {
+ if(certerrs & G_TLS_CERTIFICATE_UNKNOWN_CA)
+ fprintf(stderr, ":unknown ca: ");
+ if(certerrs & G_TLS_CERTIFICATE_BAD_IDENITY)
+ fprintf(stderr, ":wrong identity: ");
+ if(certerrs & G_TLS_CERTIFICATE_NOT_ACTIVATED)
+ fprintf(stderr, ":active date in future: ");
+ if(certerrs & G_TLS_CERTIFICATE_EXPIRED)
+ fprintf(stderr, ":expired: ");
+ if(certerrs & G_TLS_CERTIFICATE_REVOKED)
+ fprintf(stderr, ":revoked: ");
+ if(certerrs & G_TLS_CERTIFICATE_INSECURE)
+ fprintf(stderr, ":insecure algorithm: ");
+ if(certerrs & G_TLS_GENERIC_ERROR)
+ fprintf(stderr, ":unknown error: ");
+ fputc('\n', stderr);
+ }
+ }
}
setatom(c, AtomUri, uri);
break;
signature.asc
Description: Digital signature
