aniani/elinks
1
0
Fork 0
mirror of https://github.com/rkd77/elinks.git synced 2025-05-18 00:48:57 -04:00
Code

Let users retry connection in case of error. Especially SSL error.

Browse Source 
Also verify ssl certificates by default.
It has some weak points, for example in load_uri not always data
is a session.
This commit is contained in:
Witold Filipczyk 2017-07-23 14:33:40 +02:00
parent b1d1e4a15b
commit f43f5714e8
7 changed files with 45 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/network/connection.c
View File

@ -1019,6 +1019,7 @@ load_uri(struct uri *uri, struct uri *referrer, struct download *download,
if (download) { if (download) {
download->progress = conn->progress; download->progress = conn->progress;
download->conn = conn; download->conn = conn;
conn->socket->verify = ((struct session *)download->data)->verify;
download->cached = NULL; download->cached = NULL;
download->state = connection_state(S_OK); download->state = connection_state(S_OK);
add_to_list(conn->downloads, download); add_to_list(conn->downloads, download);

1
src/network/socket.c
View File

@ -146,6 +146,7 @@ init_socket(void *conn, struct socket_operations *ops)
socket->fd = -1; socket->fd = -1;
socket->conn = conn; socket->conn = conn;
socket->ops = ops; socket->ops = ops;
socket->verify = 1;
return socket; return socket;
} }

1
src/network/socket.h
View File

@ -99,6 +99,7 @@ struct socket {
unsigned int no_tls:1; /* Internal SSL flag. */ unsigned int no_tls:1; /* Internal SSL flag. */
unsigned int set_no_tls:1; /* Was the blacklist checked yet? */ unsigned int set_no_tls:1; /* Was the blacklist checked yet? */
unsigned int duplex:1; /* Allow simultaneous reads & writes. */ unsigned int duplex:1; /* Allow simultaneous reads & writes. */
unsigned int verify:1; /* Whether to verify certificates */
}; };
#define EL_PF_INET 0 #define EL_PF_INET 0

7
src/network/ssl/socket.c
View File

@ -374,7 +374,7 @@ ssl_want_read(struct socket *socket)
switch (ssl_do_connect(socket)) { switch (ssl_do_connect(socket)) {
case SSL_ERROR_NONE: case SSL_ERROR_NONE:
#ifdef CONFIG_GNUTLS #ifdef CONFIG_GNUTLS
if (get_opt_bool("connection.ssl.cert_verify", NULL) if (socket->verify && get_opt_bool("connection.ssl.cert_verify", NULL)
&& verify_certificates(socket)) { && verify_certificates(socket)) {
socket->ops->retry(socket, connection_state(S_SSL_ERROR)); socket->ops->retry(socket, connection_state(S_SSL_ERROR));
return; return;
@ -428,7 +428,7 @@ ssl_connect(struct socket *socket)
#ifdef USE_OPENSSL #ifdef USE_OPENSSL
SSL_set_fd(socket->ssl, socket->fd); SSL_set_fd(socket->ssl, socket->fd);
if (get_opt_bool("connection.ssl.cert_verify", NULL)) if (socket->verify && get_opt_bool("connection.ssl.cert_verify", NULL))
SSL_set_verify(socket->ssl, SSL_VERIFY_PEER SSL_set_verify(socket->ssl, SSL_VERIFY_PEER
| SSL_VERIFY_FAIL_IF_NO_PEER_CERT, | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback); verify_callback);
@ -490,7 +490,7 @@ ssl_connect(struct socket *socket)
case SSL_ERROR_NONE: case SSL_ERROR_NONE:
#ifdef CONFIG_GNUTLS #ifdef CONFIG_GNUTLS
if (!get_opt_bool("connection.ssl.cert_verify", NULL)) if (!socket->verify || !get_opt_bool("connection.ssl.cert_verify", NULL))
break; break;
if (!verify_certificates(socket)) if (!verify_certificates(socket))
@ -502,7 +502,6 @@ ssl_connect(struct socket *socket)
/* DBG("sslerr %s", gnutls_strerror(ret)); */ /* DBG("sslerr %s", gnutls_strerror(ret)); */
socket->no_tls = !socket->no_tls; socket->no_tls = !socket->no_tls;
} }
connect_socket(socket, connection_state(S_SSL_ERROR)); connect_socket(socket, connection_state(S_SSL_ERROR));
return -1; return -1;
} }

2
src/network/ssl/ssl.c
View File

@ -114,7 +114,7 @@ done_openssl(struct module *module)
static union option_info openssl_options[] = { static union option_info openssl_options[] = {
INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"), INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
"cert_verify", 0, 0, "cert_verify", 0, 1,
N_("Verify the peer's SSL certificate. Note that this " N_("Verify the peer's SSL certificate. Note that this "
"needs extensive configuration of OpenSSL by the user.")), "needs extensive configuration of OpenSSL by the user.")),

39
src/session/session.c
View File

@ -257,6 +257,19 @@ get_current_download(struct session *ses)
return download; return download;
} }
static void
retry_connection_without_verification(void *data)
{
struct delayed_open *deo = (struct delayed_open *)data;
if (deo) {
deo->ses->verify = 0;
goto_uri(deo->ses, deo->uri);
done_uri(deo->uri);
mem_free(deo);
}
}
void void
print_error_dialog(struct session *ses, struct connection_state state, print_error_dialog(struct session *ses, struct connection_state state,
struct uri *uri, enum connection_priority priority) struct uri *uri, enum connection_priority priority)
@ -286,9 +299,27 @@ print_error_dialog(struct session *ses, struct connection_state state,
add_to_string(&msg, get_state_message(state, ses->tab->term)); add_to_string(&msg, get_state_message(state, ses->tab->term));
info_box(ses->tab->term, MSGBOX_FREE_TEXT, if (!ses->verify || !uri) {
N_("Error"), ALIGN_CENTER, info_box(ses->tab->term, MSGBOX_FREE_TEXT,
msg.source); N_("Error"), ALIGN_CENTER,
msg.source);
} else {
struct delayed_open *deo = mem_calloc(1, sizeof(*deo));
if (!deo) return;
add_to_string(&msg, "\n\n");
add_to_string(&msg, N_("Retry without verification?"));
deo->ses = ses;
deo->uri = get_uri_reference(uri);
msg_box(ses->tab->term, NULL, MSGBOX_FREE_TEXT,
N_("Error"), ALIGN_CENTER,
msg.source,
deo, 2,
MSG_BOX_BUTTON(N_("~Yes"), retry_connection_without_verification, B_ENTER),
MSG_BOX_BUTTON(N_("~No"), NULL, B_ESC));
}
/* TODO: retry */ /* TODO: retry */
} }
@ -888,6 +919,8 @@ init_session(struct session *base_session, struct terminal *term,
return NULL; return NULL;
} }
ses->verify = 1;
ses->option = copy_option(config_options, ses->option = copy_option(config_options,
CO_SHALLOW | CO_NO_LISTBOX_ITEM); CO_SHALLOW | CO_NO_LISTBOX_ITEM);
create_history(&ses->history); create_history(&ses->history);

2
src/session/session.h
View File

@ -229,6 +229,8 @@ struct session {
/** The info for status displaying */ /** The info for status displaying */
struct session_status status; struct session_status status;
/** Verify SSL */
unsigned int verify:1;
/** @} */ /** @} */
}; };