mirrors/netsurf
1
0
Fork 0
mirror of https://github.com/netsurf-browser/netsurf synced 2025-02-16 22:43:58 +03:00
Code Issues Packages Projects Releases Wiki Activity
14,805 Commits 6 Branches 12 Tags
Commit Graph

351 Commits

Author SHA1 Message Date
John-Mark Bell
e3a6ad7173 Fetch/curl: expose socket open/close via fetch vtable 
This allows frontends to customise the behaviour of sockets. The
default implementation simply maps to socket(2)/close(2).
 2024-03-13 23:03:34 +00:00
John-Mark Bell
3be91870a4 fetchers: drop support for ancient OpenSSL 
We now require 1.1.1 or later (and, preferably, 3.x).

Also take the opportunity to add support for LibreSSL 3.5.0 or
later (we still support ancient versions of this because 3.5.0 is
still relatively modern -- give it a few more years and support
for old LibreSSL can go, too)
 2024-03-13 21:26:01 +00:00
John-Mark Bell
2a37e5e64c Revert "fetchers: drop support for ancient OpenSSL" 
ciworker{8,12} (respectively: FreeBSD, aarch64 Linux) are running
obsolete OS versions. Disappointment ensues.

This reverts commit 6bb70e88108c904d67e9af7c8e5b273f6cd6854f.
 2024-02-11 19:06:07 +00:00
John-Mark Bell
6bb70e8810 fetchers: drop support for ancient OpenSSL 
We now require 1.1.1 or later (and, preferably, 3.x).

Also take the opportunity to add support for LibreSSL 3.5.0 or
later (we still support ancient versions of this because 3.5.0 is
still relatively modern -- give it a few more years and support
for old LibreSSL can go, too)
 2024-02-08 20:29:31 +00:00
John-Mark Bell
2ee5e21b09 fetchers/curl: modernise TLS 1.2 cipher suites 
* Drop support for DHE completely (logjam plus compat woes
    caused other browsers to do this some time ago)
  * Minimise CBC-mode suites
  * Fall back to non-PFS RSA suites if really necessary (we treat
    this as a protocol downgrade as anything modern should either
    be using TLS 1.3 or have support for the ECDHE suites)
 2024-02-04 18:52:02 +00:00
Vincent Sanders
188f6dd5c0 Fix use of uninitialised code variable in error reporting 2023-12-13 13:52:22 +00:00
Vincent Sanders
7f8ea62269 Attempt to fix maybe uninitialised error 2023-12-13 13:41:15 +00:00
Vincent Sanders
aa050729b4 Resolve progress function deprication in curl later than 7.32.0 2023-12-12 08:53:16 +00:00
Vincent Sanders
da4a1a4561 Remove use of depricated API after libcurl 7.56 2023-12-12 08:53:16 +00:00
DeltaVonNeumann
a16d5ff10b Avoid integer types with platform dependent size 2023-06-17 10:29:39 +01:00
John-Mark Bell
a8ff4ab228 fetchers/curl: tolerate lack of TLS1.3 
If we are building against a modern version of libcurl, but it was
built against a version of OpenSSL that does not support TLS1.3,
then attempting to configure TLS1.3 ciphersuites will fail with
CURLE_NOT_BUILT_IN. Tolerate this scenario by treating such a
return code as non-fatal in this case.
 2023-03-05 21:37:22 +00:00
Daniel Silverstone
651deffcf7 (curl): Add extra logging to fetcher initialisation 
Signed-off-by: Daniel Silverstone <daniel.silverstone@codethink.co.uk>
 2022-12-15 10:40:22 +00:00
John-Mark Bell
20f5599514 fetchers/curl: drop non-PFS fallback ciphersuite 2022-11-05 12:49:01 +00:00
John-Mark Bell
85da9873f7 fetchers/curl: disable TLS1.0 and TLS1.1 support 2022-11-05 12:42:15 +00:00
John-Mark Bell
53e92ed57b fetchers/curl: explicitly configure TLS1.3 ciphersuites 
These currently match the defaults, so no functional change.
 2022-11-05 12:42:15 +00:00
John-Mark Bell
a9eecb30a7 About/Cert: get EC key details using OpenSSL 3 APIs 
Replace the fetching and poking around inside the low-level EC
object with appropriate calls to EVP_PKEY_get_(octet|utf8)_string_param()
and add a compatibility layer for old versions of OpenSSL.
 2022-05-28 16:00:10 +01:00
John-Mark Bell
09b39f2dc7 About/Cert: get RSA n/e using OpenSSL 3 APIs 
Replace the fetching and poking around inside the low-level RSA
object with appropriate calls to EVP_PKEY_get_bn_param() and
add a compatibility layer for old versions of OpenSSL.
 2022-05-28 15:04:25 +01:00
John-Mark Bell
cd7ed847d4 About/Cert: use EVP_PKEY_bits to get key size 2022-05-28 14:30:28 +01:00
John-Mark Bell
2c42b1898c About/Cert: contain pkey inspection in type methods 
Use of the low-level key types is deprecated in OpenSSL 3. Prepare
to stop using them by removing them from function calls.
 2022-05-28 14:19:00 +01:00
John-Mark Bell
7d32feecc0 about(chart): include config.h to silence warning 
This file uses strndup, so needs config.h including to define it.
 2022-05-27 15:09:48 +01:00
Michael Drake
8ad21395be About: Chart: Squash implicit declaration of strndup. 2022-03-28 11:06:16 +01:00
Vincent Sanders
5a2f69388c hoist the Referer header generation logic up to the low level cache 
This removes the need for the fetchers to have any interaction with
 the Referer header. It has not been completely removed from the
 fetch interface as fetch.c:fetch_set_cookie() still uses it for
 unverifiable cookie decision logic. (There is an anchient todo here)
 2021-03-25 23:36:41 +00:00
Vincent Sanders
06c721c5bb add simple chart generator and use it from the imagecache 2020-10-05 23:01:24 +01:00
Daniel Silverstone
926e560716
about: Check senddata return in blank handler 
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
 2020-10-03 14:04:38 +01:00
Vincent Sanders
44225f1b34 split out about scheme handler for nscolours css 2020-09-29 22:50:08 +01:00
Vincent Sanders
7e45969993 split out about scheme query fetcherror handler 2020-09-29 22:50:08 +01:00
Vincent Sanders
f0b7955d3d split out about scheme query timeout page 2020-09-29 22:50:08 +01:00
Vincent Sanders
746affa782 split out about scheme query auth handler 2020-09-29 22:50:04 +01:00
Vincent Sanders
b1844cbf2a split out about scheme query private handler 2020-09-27 23:09:56 +01:00
Vincent Sanders
ff3b948ac0 split out choices about scheme handler 2020-09-27 13:46:39 +01:00
Vincent Sanders
86ecde9a47 split out about handler config handler 2020-09-27 00:37:32 +01:00
Vincent Sanders
da7904554c split out about scheme testament handler 2020-09-23 08:48:17 +01:00
Vincent Sanders
dd541886fe split out about scheme certificate viewer generator 2020-09-21 12:53:39 +01:00
Vincent Sanders
4cbc8f16b6 split out blank handler for about scheme 2020-09-21 08:25:56 +01:00
Vincent Sanders
5207ecf308 split out the about scheme imagecache page generator 2020-09-20 16:36:01 +01:00
Vincent Sanders
c74509cdf5 move about fetcher into its own directory 2020-09-20 10:54:48 +01:00
Vincent Sanders
0908925ca6 move the file fetcher sources into a single directory 2020-07-03 18:07:21 +01:00
Vincent Sanders
912aa6359d remove incorrect colour rule from unternal.css 2020-06-29 09:04:10 +01:00
Daniel Silverstone
dd43748676
fix: Make it OK if the chain isn't avilable during bad-ssl querying 
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
 2020-05-23 09:38:51 +01:00
Daniel Silverstone
1a836c9bc4
fetchers/curl: Move report_certs function outside WITH_OPENSSL 
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
 2020-05-22 10:45:19 +01:00
Daniel Silverstone
b28d3c2675
query/ssl: Include link to view certificate details 
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
 2020-05-22 10:37:27 +01:00
Daniel Silverstone
20d46406ed
about: Rework freeing the san_names structure 
AmiSSL's approach to replacing 90% of OpenSSL calls with assembly
means that the official way to pop_free a stack type won't work.

As such, we open-code it here.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
 2020-05-19 13:39:07 +01:00
Vincent Sanders
3ab21dbaa4 add subject alternative names to certificate viewer 2020-05-18 23:16:56 +01:00
Michael Drake
e201597a8d Page info: Improve certificate fault display style. 2020-05-18 21:53:28 +01:00
Vincent Sanders
c50b19469e Display errors properly in certificate window 2020-05-18 18:32:01 +01:00
Michael Drake
09accc91e9 Improve certificate page styling. 2020-05-17 17:29:27 +01:00
Vincent Sanders
181777791b add fingerprints to the certificate viewer 2020-05-17 16:43:01 +01:00
Vincent Sanders
e09ea43dbb split out public key table formatted output 2020-05-17 15:48:15 +01:00
Vincent Sanders
aaa507b09f use entity for colon in certificate hex values to allow netsurf to break properly 2020-05-17 15:20:30 +01:00
Vincent Sanders
6002efff27 get the sign right on the certificate openssl compatability interface 2020-05-17 13:40:59 +01:00