Commit Graph

296 Commits

Author SHA1 Message Date
Michael Drake
15342b5f5b About pages: Update presentation using nscolour. 2020-04-07 21:32:28 +01:00
Michael Drake
0e04059f53 about fetcher: Add about:nscolour.css generated colour stylesheet. 2020-04-07 21:32:27 +01:00
Daniel Silverstone
4cbdcc4aae
about: Add handling for unknown about: page
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2020-03-22 14:09:09 +00:00
Michael Drake
0e6ba162b2 Internal content: Restyle certificate viewer page. 2020-02-24 21:54:54 +00:00
Vincent Sanders
f172a21df9 about scheme certificate viewer initial implementation 2020-02-24 16:59:18 +00:00
Michael Drake
0140d1e5b1 Curl fetcher: Guard against read of uninitialised value.
Fixes Coverity issue:

CID 1419830:  Memory - illegal accesses  (UNINIT)
>>>     Using uninitialized value "buf[depth]".
2020-02-24 14:58:16 +00:00
Michael Drake
b8dc537bf8 Curl fetcher: Squash coverity warning.
CID 1419832:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "goto out;".
2020-02-24 14:31:02 +00:00
Daniel Silverstone
bb5d72410b
fetchers: Rework the about, data, file, and resource fetcher poll loop
This simplifies the poll loops a little more and makes me less worried
that some other corner case will bite us in the future.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2020-02-24 14:25:37 +00:00
Michael Drake
a47270c93e About fetches resources: Drop maps resource.
It had bitrotted.
2020-02-24 14:21:27 +00:00
Daniel Silverstone
5cfe0dfffc
fetchers: Apply cleaner ring handling mechanic to other fetchers
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2020-02-24 09:51:44 +00:00
Daniel Silverstone
89e468422d
about: Correct handling of ring in fetch_about_poll
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2020-02-24 09:46:59 +00:00
Daniel Silverstone
e6a5c090c9
curl: Implement SSL chain cache in cURL fetcher
Because cURL can do connection caching behind the scenes, we
need to have a cache for the SSL certificate chains which we
send onward on first header back from cURL.

This uses the new hashmap implementation to mean that we cache
chains on a hostname:port basis.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2020-02-23 22:31:58 +00:00
Vincent Sanders
0c34d06494 Keep the complete certificate chain from a fetch
Instead of extracting information from the X509 certificate chain in
the fetcher the entire chain is propagated in Distinguished Encoding
Rules (DER) format.

This allows all the information contained in a certificate chain to be
retained which can subsequently be presented to the user
2020-02-23 16:23:50 +00:00
Daniel Silverstone
3a8317fddb
fetch_curl_report_certs_upstream: Use new SSL_CERT_ERR_CERT_MISSING
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-12-03 09:42:14 +00:00
Daniel Silverstone
24dd16ddff
fetch_curl_verify_callback: Do depth update after check
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-12-03 09:35:51 +00:00
Michael Drake
82d4a2265b Data fetcher: Include stdarg.h header. 2019-11-12 19:16:07 +00:00
Michael Drake
db7f1f01a9 Data fetcher: Squash BSD warning. 2019-11-11 21:54:04 +00:00
Michael Drake
c14f01ea44 File fetcher: Optimise HTTP header generation. 2019-11-10 14:37:36 +00:00
Michael Drake
8d652f1ff4 Resource fetcher: Optimise HTTP header generation. 2019-11-10 14:37:34 +00:00
Michael Drake
66401b7fa6 Resource fetcher: Add Cache-Control header with max-age of a year.
Resource URLs can't change, we want to assume they're fresh for
as long as we can.
2019-11-10 14:36:40 +00:00
Michael Drake
ab4eab5706 Data fetcher: Add Cache-Control header with max-age of a year.
Data URLs can't change, we want to assume they're fresh for
as long as we can.
2019-11-10 14:36:40 +00:00
Michael Drake
0dfbc80587 Data fetcher: Split header emitting out into helper. 2019-11-10 14:36:40 +00:00
Michael Drake
58094ffaa5 Data fetcher: Move fetch_data_send_callback towards top of file. 2019-11-10 11:58:38 +00:00
Michael Drake
b15cbb72ac File fetcher: Avoid atoi for If-None-Match value parse.
The file fetcher emits FETCH_NOTMODIFIED if the file is unchanged.
2019-11-09 17:06:04 +00:00
Michael Drake
c92b31babe Resource fetcher: Fix ETag handling.
* Changed ETag storage to be time_t, rather than int.
* Changed `If-None-Match` value parsing to use proper
  time_t parsing, rather than `atoi`.

We emit FETCH_NOTMODIFIED if the resource hasn't changed.
2019-11-09 16:59:26 +00:00
Vincent Sanders
78aa34e5d7 remove user warnings from hotlist load and curl poll 2019-11-05 00:07:06 +00:00
Vincent Sanders
4eb06ad2cf move the fallback text for about handler into messages handler 2019-10-30 21:33:27 +00:00
Vincent Sanders
4b0c3f0efe add internal query handler for fetch errors
Any errors from the fetch which are not already handled are
  reported with an internal query page instead of a modal
  dialog.

This is much less invasive for the user and much more in
  keeping with how this is handled by other browsers.

The handler is similar to the timeout handler but the
  functionality is kept separate as it is intended timeout
  handling be extended in future.
2019-10-30 18:56:38 +00:00
Vincent Sanders
76eac19227 add internal query page for request timeouts 2019-10-29 22:29:22 +00:00
Daniel Silverstone
a5766db2b9 fetchers/curl: Restrict AUTH to BASIC
cURL will prevent channel reuse if NTLM auth is enabled because
NTLM authenticates a channel not a request.  As such we were
unable to reuse curl handles since we handed off connection
reuse to curl instead of our own handle cache.  This mitigates
the effect, though curl authors are looking at fixing it upstream
too.

Fixes: #2707

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-10-21 10:03:46 +01:00
Vincent Sanders
c9296f79a8 Use curl API (versions after 7.56.0) to determine if openssl is in use 2019-10-01 21:23:35 +01:00
Vincent Sanders
0a3786fed2 Allow the curl fetcher to be built without openssl.
The curl fetcher can operate without openssl library being
 available, additionaly curl itself may be compiled with a
 different TLS library.

In either case this will simply cause the "unknown" error to be
 reported for all TLS failiures and page information to lack any
 certificate information.
2019-09-30 23:57:49 +01:00
Daniel Silverstone
44f3846727 SSL Error: Enable OpenSSL hostname verification
Since OpenSSL 1.0.2 there has been hostname verification support
which cURL doesn't turn on for some reason.  Turn it on so that
we get better hostname verification handling.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-14 20:11:11 +01:00
Vincent Sanders
820fb0e7ff add English message text for ssl errors 2019-08-10 12:51:46 +01:00
Vincent Sanders
98f4525073 add common name ssl certificate error
This adds an ssl faliure code and explanation why curl fetcher
 does not currently set it.
2019-08-10 12:50:23 +01:00
Michael Drake
c6a2c76867 About: Tweak the new about query page renderng. 2019-08-09 13:20:08 +01:00
Vincent Sanders
3a23e944dd rework about scheme handlers to be consistant with output buffer handling 2019-08-08 17:12:42 +01:00
Vincent Sanders
746010a757 apply tlsa styling improvements to about scheme query pages 2019-08-07 16:05:45 +01:00
Vincent Sanders
1b030bd8de add basic styling to about scheme privacy query page 2019-08-07 14:19:37 +01:00
Vincent Sanders
8cec045cb7 Improve the about scheme query page generation be be bounds safe 2019-08-06 13:16:20 +01:00
Daniel Silverstone
1cf1ec55bc Support SSL verification through new about: handler
In doing this, also propagate why the certificates were bad
so that the page can display a reason.  We will need FatMessages
for all these.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-06 13:15:23 +01:00
Vincent Sanders
9c9c26a308 futher refinement on about scheme query styling 2019-08-06 10:51:31 +01:00
Vincent Sanders
6a1c64ff7b improve css formatting in about scheme query handlers 2019-08-06 10:07:35 +01:00
Vincent Sanders
ea549da8df fix url reference counting in about scheme query handlers 2019-08-06 10:07:35 +01:00
Vincent Sanders
c238325b12 add about scheme query handlers 2019-08-06 08:45:56 +01:00
Vincent Sanders
a888922612 Improve about scheme doc comments and formatting 2019-08-05 22:29:14 +01:00
Daniel Silverstone
ddfa76b1fc curl.c: Don't use OpenSSL 1.1 only serialNumber fetcher
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-05 22:03:42 +01:00
Daniel Silverstone
bfb1bb1192 Migrate SSL certificate storage to the browser window
* Fetchers now provide the certificates before headers
* This is propagated all the way to the browser window
* When a query occurs, we retrieve it from there and fire
  the query with those stored certificates.
* The serial number is a bignum, store it as hex.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-05 18:12:47 +01:00
Daniel Silverstone
1f24336d6c curl: Change where we lodge inside_curl
Because we need to be slightly more careful now, lodge ourselves
`inside_curl` whenever we might be processing via the cURL messages
or similar.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-02 15:02:45 +01:00
Daniel Silverstone
c9384d65f6 curl: Immediately abort fetchers when we can
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
2019-08-02 14:38:54 +01:00