From 442f4936dc05db1d57dc12a2067e1af1220c4d66 Mon Sep 17 00:00:00 2001 From: Witold Filipczyk Date: Sun, 23 Jul 2017 18:59:05 +0200 Subject: [PATCH] Use blacklist to skip verification of certificates --- src/network/connection.c | 1 - src/network/socket.c | 5 ++++- src/network/ssl/socket.c | 1 + src/protocol/http/blacklist.h | 1 + src/session/session.c | 7 +++---- src/session/session.h | 2 -- 6 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/network/connection.c b/src/network/connection.c index 096ef40b..9b761a17 100644 --- a/src/network/connection.c +++ b/src/network/connection.c @@ -1019,7 +1019,6 @@ load_uri(struct uri *uri, struct uri *referrer, struct download *download, if (download) { download->progress = conn->progress; download->conn = conn; - conn->socket->verify = ((struct session *)download->data)->verify; download->cached = NULL; download->state = connection_state(S_OK); add_to_list(conn->downloads, download); diff --git a/src/network/socket.c b/src/network/socket.c index 4fc655d1..3426b681 100644 --- a/src/network/socket.c +++ b/src/network/socket.c @@ -146,7 +146,6 @@ init_socket(void *conn, struct socket_operations *ops) socket->fd = -1; socket->conn = conn; socket->ops = ops; - socket->verify = 1; return socket; } @@ -261,6 +260,7 @@ make_connection(struct socket *socket, struct uri *uri, unsigned char *host = get_uri_string(uri, URI_DNS_HOST); struct connect_info *connect_info; enum dns_result result; + enum blacklist_flags verify; socket->ops->set_timeout(socket, connection_state(0)); @@ -286,6 +286,9 @@ make_connection(struct socket *socket, struct uri *uri, socket->set_no_tls = 1; } + verify = get_blacklist_flags(uri); + socket->verify = ((verify & SERVER_BLACKLIST_NO_CERT_VERIFY) == 0); + debug_transfer_log("\nCONNECTION: ", -1); debug_transfer_log(host, -1); debug_transfer_log("\n", -1); diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c index a19ffd4f..23273046 100644 --- a/src/network/ssl/socket.c +++ b/src/network/ssl/socket.c @@ -405,6 +405,7 @@ ssl_connect(struct socket *socket) /* TODO: Recode server_name to UTF-8. */ server_name = get_uri_string(conn->proxied_uri, URI_HOST); + if (!server_name) { socket->ops->done(socket, connection_state(S_OUT_OF_MEM)); return -1; diff --git a/src/protocol/http/blacklist.h b/src/protocol/http/blacklist.h index 28465cfa..32fc3d26 100644 --- a/src/protocol/http/blacklist.h +++ b/src/protocol/http/blacklist.h @@ -9,6 +9,7 @@ enum blacklist_flags { SERVER_BLACKLIST_HTTP10 = 1, SERVER_BLACKLIST_NO_CHARSET = 2, SERVER_BLACKLIST_NO_TLS = 4, + SERVER_BLACKLIST_NO_CERT_VERIFY = 8, }; void add_blacklist_entry(struct uri *, enum blacklist_flags); diff --git a/src/session/session.c b/src/session/session.c index 76641aa9..11f67dbd 100644 --- a/src/session/session.c +++ b/src/session/session.c @@ -31,6 +31,7 @@ #include "network/connection.h" #include "network/state.h" #include "osdep/newwin.h" +#include "protocol/http/blacklist.h" #include "protocol/protocol.h" #include "protocol/uri.h" #ifdef CONFIG_SCRIPTING_SPIDERMONKEY @@ -263,7 +264,7 @@ retry_connection_without_verification(void *data) struct delayed_open *deo = (struct delayed_open *)data; if (deo) { - deo->ses->verify = 0; + add_blacklist_entry(deo->uri, SERVER_BLACKLIST_NO_CERT_VERIFY); goto_uri(deo->ses, deo->uri); done_uri(deo->uri); mem_free(deo); @@ -299,7 +300,7 @@ print_error_dialog(struct session *ses, struct connection_state state, add_to_string(&msg, get_state_message(state, ses->tab->term)); - if (!ses->verify || !uri) { + if (!uri) { info_box(ses->tab->term, MSGBOX_FREE_TEXT, N_("Error"), ALIGN_CENTER, msg.source); @@ -919,8 +920,6 @@ init_session(struct session *base_session, struct terminal *term, return NULL; } - ses->verify = 1; - ses->option = copy_option(config_options, CO_SHALLOW | CO_NO_LISTBOX_ITEM); create_history(&ses->history); diff --git a/src/session/session.h b/src/session/session.h index 9f77b141..b4da2ae8 100644 --- a/src/session/session.h +++ b/src/session/session.h @@ -229,8 +229,6 @@ struct session { /** The info for status displaying */ struct session_status status; - /** Verify SSL */ - unsigned int verify:1; /** @} */ };