aboutsummaryrefslogtreecommitdiffstats
path: root/embed
diff options
context:
space:
mode:
authorGustavo Noronha Silva <gns@gnome.org>2010-02-19 00:30:49 +0800
committerGustavo Noronha Silva <gns@gnome.org>2010-02-23 02:57:11 +0800
commit3e0f7dea754381c5ad11a06ccc62eb153382b498 (patch)
tree35942df25ac30024cf38d1e5c73961db128f40d9 /embed
parenta5858387b3bba793a65d8bd262e122604529045f (diff)
downloadgsoc2013-epiphany-3e0f7dea754381c5ad11a06ccc62eb153382b498.tar.gz
gsoc2013-epiphany-3e0f7dea754381c5ad11a06ccc62eb153382b498.tar.zst
gsoc2013-epiphany-3e0f7dea754381c5ad11a06ccc62eb153382b498.zip
Report broken certs through the padlock icon
This uses a new feature in libsoup that reports through a SoupMessageFlag whether the message is talking to a server that has a trusted server. Bug #600663
Diffstat (limited to 'embed')
-rw-r--r--embed/ephy-embed-single.c15
-rw-r--r--embed/ephy-embed.c29
2 files changed, 36 insertions, 8 deletions
diff --git a/embed/ephy-embed-single.c b/embed/ephy-embed-single.c
index 44efecaed..8c05532df 100644
--- a/embed/ephy-embed-single.c
+++ b/embed/ephy-embed-single.c
@@ -39,6 +39,7 @@
#endif
#include <webkit/webkit.h>
+#include <glib/gi18n.h>
#include <libsoup/soup-gnome.h>
#include <gnome-keyring.h>
@@ -481,6 +482,20 @@ ephy_embed_single_initialize (EphyEmbedSingle *single)
session = webkit_get_default_session ();
+#ifdef GTLS_SYSTEM_CA_FILE
+ /* Check SSL certificates */
+
+ if (g_file_test (GTLS_SYSTEM_CA_FILE, G_FILE_TEST_EXISTS)) {
+ g_object_set (session,
+ SOUP_SESSION_SSL_CA_FILE, GTLS_SYSTEM_CA_FILE,
+ "ignore-ssl-cert-errors", TRUE,
+ NULL);
+ } else {
+ g_warning (_("CA Certificates file we should use was not found, "\
+ "all SSL sites will be considered to have a broken certificate."));
+ }
+#endif
+
/* Store cookies in moz-compatible SQLite format */
filename = g_build_filename (ephy_dot_dir (), "cookies.sqlite", NULL);
jar = soup_cookie_jar_sqlite_new (filename, FALSE);
diff --git a/embed/ephy-embed.c b/embed/ephy-embed.c
index 7d2af54d2..acc4e94f5 100644
--- a/embed/ephy-embed.c
+++ b/embed/ephy-embed.c
@@ -220,15 +220,28 @@ load_status_changed_cb (WebKitWebView *view,
FALSE,
FALSE);
- /*
- * FIXME: as a temporary workaround while soup lacks the needed
- * security API, determine security level based on the existence of
- * a 'https' prefix for the URI
- */
- if (uri && g_str_has_prefix (uri, "https"))
- security_level = EPHY_WEB_VIEW_STATE_IS_SECURE_HIGH;
- else
+#ifdef GTLS_SYSTEM_CA_FILE
+ if (uri && g_str_has_prefix (uri, "https")) {
+ WebKitWebFrame *frame;
+ WebKitWebDataSource *source;
+ WebKitNetworkRequest *request;
+ SoupMessage *message;
+
+ frame = webkit_web_view_get_main_frame (view);
+ source = webkit_web_frame_get_data_source (frame);
+ request = webkit_web_data_source_get_request (source);
+ message = webkit_network_request_get_message (request);
+
+ if (message &&
+ (soup_message_get_flags (message) & SOUP_MESSAGE_CERTIFICATE_TRUSTED))
+ security_level = EPHY_WEB_VIEW_STATE_IS_SECURE_HIGH;
+ else
+ security_level = EPHY_WEB_VIEW_STATE_IS_BROKEN;
+ } else
security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN;
+#else
+ security_level = EPHY_WEB_VIEW_STATE_IS_UNKNOWN;
+#endif
ephy_web_view_set_security_level (EPHY_WEB_VIEW (view), security_level);
} else if (status == WEBKIT_LOAD_PROVISIONAL || status == WEBKIT_LOAD_FINISHED) {