Commit Graph

269 Commits

Author SHA1 Message Date
Vincent Sanders
4b0c3f0efe add internal query handler for fetch errors
Any errors from the fetch which are not already handled are
  reported with an internal query page instead of a modal
  dialog.

This is much less invasive for the user and much more in
  keeping with how this is handled by other browsers.

The handler is similar to the timeout handler but the
  functionality is kept separate as it is intended timeout
  handling be extended in future.
2019-10-30 18:56:38 +00:00
Vincent Sanders
76eac19227 add internal query page for request timeouts 2019-10-29 22:29:22 +00:00
Daniel Silverstone
a5766db2b9 fetchers/curl: Restrict AUTH to BASIC
cURL will prevent channel reuse if NTLM auth is enabled because
NTLM authenticates a channel not a request.  As such we were
unable to reuse curl handles since we handed off connection
reuse to curl instead of our own handle cache.  This mitigates
the effect, though curl authors are looking at fixing it upstream
too.

Fixes: #2707

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-10-21 10:03:46 +01:00
Vincent Sanders
c9296f79a8 Use curl API (versions after 7.56.0) to determine if openssl is in use 2019-10-01 21:23:35 +01:00
Vincent Sanders
0a3786fed2 Allow the curl fetcher to be built without openssl.
The curl fetcher can operate without openssl library being
 available, additionaly curl itself may be compiled with a
 different TLS library.

In either case this will simply cause the "unknown" error to be
 reported for all TLS failiures and page information to lack any
 certificate information.
2019-09-30 23:57:49 +01:00
Daniel Silverstone
44f3846727 SSL Error: Enable OpenSSL hostname verification
Since OpenSSL 1.0.2 there has been hostname verification support
which cURL doesn't turn on for some reason.  Turn it on so that
we get better hostname verification handling.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-14 20:11:11 +01:00
Vincent Sanders
820fb0e7ff add English message text for ssl errors 2019-08-10 12:51:46 +01:00
Vincent Sanders
98f4525073 add common name ssl certificate error
This adds an ssl faliure code and explanation why curl fetcher
 does not currently set it.
2019-08-10 12:50:23 +01:00
Michael Drake
c6a2c76867 About: Tweak the new about query page renderng. 2019-08-09 13:20:08 +01:00
Vincent Sanders
3a23e944dd rework about scheme handlers to be consistant with output buffer handling 2019-08-08 17:12:42 +01:00
Vincent Sanders
746010a757 apply tlsa styling improvements to about scheme query pages 2019-08-07 16:05:45 +01:00
Vincent Sanders
1b030bd8de add basic styling to about scheme privacy query page 2019-08-07 14:19:37 +01:00
Vincent Sanders
8cec045cb7 Improve the about scheme query page generation be be bounds safe 2019-08-06 13:16:20 +01:00
Daniel Silverstone
1cf1ec55bc Support SSL verification through new about: handler
In doing this, also propagate why the certificates were bad
so that the page can display a reason.  We will need FatMessages
for all these.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-06 13:15:23 +01:00
Vincent Sanders
9c9c26a308 futher refinement on about scheme query styling 2019-08-06 10:51:31 +01:00
Vincent Sanders
6a1c64ff7b improve css formatting in about scheme query handlers 2019-08-06 10:07:35 +01:00
Vincent Sanders
ea549da8df fix url reference counting in about scheme query handlers 2019-08-06 10:07:35 +01:00
Vincent Sanders
c238325b12 add about scheme query handlers 2019-08-06 08:45:56 +01:00
Vincent Sanders
a888922612 Improve about scheme doc comments and formatting 2019-08-05 22:29:14 +01:00
Daniel Silverstone
ddfa76b1fc curl.c: Don't use OpenSSL 1.1 only serialNumber fetcher
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-05 22:03:42 +01:00
Daniel Silverstone
bfb1bb1192 Migrate SSL certificate storage to the browser window
* Fetchers now provide the certificates before headers
* This is propagated all the way to the browser window
* When a query occurs, we retrieve it from there and fire
  the query with those stored certificates.
* The serial number is a bignum, store it as hex.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-05 18:12:47 +01:00
Daniel Silverstone
1f24336d6c curl: Change where we lodge inside_curl
Because we need to be slightly more careful now, lodge ourselves
`inside_curl` whenever we might be processing via the cURL messages
or similar.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-02 15:02:45 +01:00
Daniel Silverstone
c9384d65f6 curl: Immediately abort fetchers when we can
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-02 14:38:54 +01:00
Daniel Silverstone
3d80e825e1 content/fetchers/curl.c: Defer fetch start if inside cURL
In order to cope better with modern cURL which prevents making
cURL calls when inside a callback from within cURL, defer fetch
start when we are processing in `fetch_curl_data()`.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-06-05 19:51:47 +01:00
Vincent Sanders
13a5b8f74a make curl fetcher log debug using NSLOG
stop curl fetcher logging being special case to standard error and
 use the fetch catagory at DEBUG level instead.

The special suppress_curl_debug option is currently still obeyed
2019-05-28 11:16:49 +01:00
Michael Drake
65b16f4c54 Curl fetcher: Force HTTP1.1 to fix HTTP2 crash.
On ubuntu 19.4, curl is built with HTTP2 support, and we
segfault.

==18174== Invalid read of size 1
==18174==    at 0x4ACCE7D: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0)
==18174==    by 0x4B054B1: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0)
==18174==    by 0x4AD398A: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0)
==18174==    by 0x4AD7A0B: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0)
==18174==    by 0x4AE93EE: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0)
==18174==    by 0x4AEA8A8: curl_multi_perform (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0)
==18174==    by 0x1F2EF7: fetch_curl_poll (curl.c:1209)
==18174==    by 0x1EEC5C: fetcher_poll (fetch.c:271)
==18174==    by 0x2A1ED4: schedule_run (schedule.c:160)
==18174==    by 0x15F941: framebuffer_run (gui.c:596)
==18174==    by 0x15F941: main (gui.c:2206)
==18174==  Address 0x9de95a8 is 3,224 bytes inside a block of size 6,304 free'd
==18174==    at 0x483997B: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==18174==    by 0x4AD497B: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0)
==18174==    by 0x4AE158C: curl_easy_cleanup (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0)
==18174==    by 0x1F30DE: fetch_curl_cache_handle (curl.c:761)
==18174==    by 0x1F30DE: fetch_curl_stop (curl.c:840)
==18174==    by 0x1F30DE: fetch_curl_done (curl.c:1122)
==18174==    by 0x1F30DE: fetch_curl_poll (curl.c:1223)
==18174==    by 0x1EEC5C: fetcher_poll (fetch.c:271)
==18174==    by 0x2A1ED4: schedule_run (schedule.c:160)
==18174==    by 0x15F941: framebuffer_run (gui.c:596)
==18174==    by 0x15F941: main (gui.c:2206)
==18174==  Block was alloc'd at
==18174==    at 0x483AB35: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==18174==    by 0x4AE165F: curl_easy_duphandle (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0)
==18174==    by 0x1F15EB: fetch_curl_get_handle (curl.c:738)
==18174==    by 0x1F15EB: fetch_curl_start (curl.c:750)
==18174==    by 0x1EEB22: fetch_dispatch_job (fetch.c:156)
==18174==    by 0x1EEB22: fetch_choose_and_dispatch (fetch.c:187)
==18174==    by 0x1EEB22: fetch_dispatch_jobs (fetch.c:247)
==18174==    by 0x1EF1BB: fetch_start (fetch.c:573)
==18174==    by 0x26C779: llcache_object_refetch (llcache.c:916)
==18174==    by 0x26D5E4: llcache_object_fetch (llcache.c:979)
==18174==    by 0x26D5E4: llcache_object_retrieve_from_cache (llcache.c:1767)
==18174==    by 0x26D5E4: llcache_object_retrieve (llcache.c:1865)
==18174==    by 0x26E42C: llcache_fetch_redirect (llcache.c:2110)
==18174==    by 0x26E42C: llcache_fetch_callback (llcache.c:2810)
==18174==    by 0x1F1295: fetch_curl_process_headers (curl.c:922)
==18174==    by 0x1F13A0: fetch_curl_data (curl.c:1324)
==18174==    by 0x4ACD4C3: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0)
==18174==    by 0x4AE00DA: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.5.0)
2019-05-06 17:12:14 +01:00
Michael Drake
5e1f4c406d data url handler: drop logging to DEEPDEBUG. 2019-05-05 20:39:26 +01:00
Michael Drake
fb1d9862f9 data url handler: Keep nsurl to avoid copy. 2019-05-05 20:36:19 +01:00
Michael Drake
47e47244a9 data url handling: avoid needless allocation / copy. 2019-05-05 20:23:25 +01:00
Michael Drake
c76b5ef4d5 data URL handler: constify some string pointers. 2019-05-05 20:11:21 +01:00
Michael Drake
97f9e2d9f5 Curl fetcher: Jiggle logging levels. 2018-08-09 16:43:37 +01:00
Michael Drake
ca0514ea92 Curl fetcher: Move poll logging from INFO to DEEPDEBUG. 2018-08-09 14:58:49 +01:00
John-Mark Bell
a8bf9b05aa HTTPS: restrict ciphersuites 2018-04-22 12:54:23 +00:00
John-Mark Bell
7d4349035d Explicitly re-enable TLS session tickets.
Libcurl disables this by default.
2018-04-22 12:24:56 +00:00
Daniel Silverstone
70b6ca4376 Force SSL session caching on, Ubuntu seems to have it off by default 2018-04-22 13:04:21 +01:00
Daniel Silverstone
5efc6407d3 Revert "Disable SSL session ID caching."
This reverts commit debe0e345b.
2018-04-22 12:58:39 +01:00
Vincent Sanders
75018632a9 Use coccinelle to change logging macro calls in c files
for F in $(git ls-files '*.c');do spatch --sp-file foo.cocci --in-place ${F};done

@@ expression E; @@
-LOG(E);
+NSLOG(netsurf, INFO, E);
@@ expression E, E1; @@
-LOG(E, E1);
+NSLOG(netsurf, INFO, E, E1);
@@ expression E, E1, E2; @@
-LOG(E, E1, E2);
+NSLOG(netsurf, INFO, E, E1, E2);
@@ expression E, E1, E2, E3; @@
-LOG(E, E1, E2, E3);
+NSLOG(netsurf, INFO, E, E1, E2, E3);
@@ expression E, E1, E2, E3, E4; @@
-LOG(E, E1, E2, E3, E4);
+NSLOG(netsurf, INFO, E, E1, E2, E3, E4);
@@ expression E, E1, E2, E3, E4, E5; @@
-LOG(E, E1, E2, E3, E4, E5);
+NSLOG(netsurf, INFO, E, E1, E2, E3, E4, E5);
@@ expression E, E1, E2, E3, E4, E5, E6; @@
-LOG(E, E1, E2, E3, E4, E5, E6);
+NSLOG(netsurf, INFO, E, E1, E2, E3, E4, E5, E6);
@@ expression E, E1, E2, E3, E4, E5, E6, E7; @@
-LOG(E, E1, E2, E3, E4, E5, E6, E7);
+NSLOG(netsurf, INFO, E, E1, E2, E3, E4, E5, E6, E7);
2017-09-06 18:45:27 +01:00
Vincent Sanders
6075feb487 create netsurf inttypes header to have portable integer formatting macros 2017-01-21 14:20:55 +00:00
Vincent Sanders
3f88c12315 Fix OpenSSL X509 cert API detection
LibreSSL defines a OPENSSL_VERSION_NUMBER of 2.1 but only provides the
old OpenSSL 1.0.x API.
2016-11-21 18:29:23 +00:00
Vincent Sanders
e8a9e37445 fix openSSL 1.1.0 X509 certificate handling 2016-11-20 12:15:31 +00:00
Vincent Sanders
61a00c3832 fix unecessary base64 header include 2016-11-19 17:11:23 +00:00
Daniel Silverstone
1fb06929d9 Remove internal BASE64 in favour of nsutils' one 2016-11-19 14:40:10 +00:00
Vincent Sanders
fa1af79e7c document file fetcher being locale dependant 2016-09-10 23:05:24 +01:00
Michael Drake
fe00eac8cb Buildsystem: Make curl/openssl usage build-time options. 2016-08-13 13:31:07 +01:00
Michael Drake
fa2e3b7784 URL unescape: return the new length to the caller.
The avoids situations were we threw away the length, only for
the caller to have to strlen the returned string.

Note, there seems to be a case of the amiga front end writing
beyond end of allocation.  Added a TODO for now.
2016-07-24 14:03:16 +01:00
Michael Drake
7202ff2f64 Data URL handling: Use url_unescape rather than curl. 2016-07-24 12:23:42 +01:00
Michael Drake
f9870c41f5 Whitespace: Convert spaces to tab for indent. 2016-07-24 12:07:31 +01:00
Daniel Silverstone
a468b40990 Refactor the fdset acquisition into the fetchers to stop fetch.c including curl.h 2016-06-27 21:00:58 +01:00
Vincent Sanders
ab6c03f311 Fix handling of certificate chains
When processing a x509 certificate chain from openssl it is necessary
to allow teh entire chain to be processed rather than halting
processing at the first certificate with an error. This allows errors
with a certificate authority to be examined.
2016-06-27 13:39:07 +01:00
Vincent Sanders
8861923455 Allow include directories to be added by sub makefiles 2016-06-06 14:47:27 +01:00