Instead of extracting information from the X509 certificate chain in
the fetcher the entire chain is propagated in Distinguished Encoding
Rules (DER) format.
This allows all the information contained in a certificate chain to be
retained which can subsequently be presented to the user
In order to support persisting SSL data we first have to store it
and support catching up new users.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
We now handle authentication requests via an `about:` page
which presents a nice form built into the browser window.
In order to do this, we add internal navigation as a concept
to the browser window and we strip the 401login support from all
frontends except monkey.
The 401login callback is now intended for password safe type support
rather than an immediately interactive prompt.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
In further preparation for the auth and cert queries being handled
as special contents from `about:` this excises the query pathway
from the llcache pretty much entirely.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
* Fetchers now provide the certificates before headers
* This is propagated all the way to the browser window
* When a query occurs, we retrieve it from there and fire
the query with those stored certificates.
* The serial number is a bignum, store it as hex.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
As a first step in refactoring query handling to be managed
by `browser_window`, this migrates the calling of the query
handler from the llcache object code up to the hlcache.
In theory this may result in multiple queries happening for one
object, but we mitigate multiple-responses in the llcache so
all should be well.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
In order to prevent a problem where iterating causes an abort
which causes an iteration which clears the iteratorness of a
user allowing it to delete itself causing a segfault, preserve
the iteratorness when iterating in send_message
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
When sending an If-Modified-Since header we should use the
`last_modified` rather than the `date` property of the cached
object in order to not incorrectly assume things have a modification
date when they do not.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
In order to help us debug shutting down with active fetches, this
will abort the process cleanly if we get a callback to an "active"
llcache handle after the abort process has actually killed them
all. This can happen with deferred fetcher aborts in the cURL
fetcher.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
If the server has defined a HSTS policy, then the user no longer
gets to click-through a garbage certificate. Additionally, if
the server has provided a HSTS policy, it should do TLS properly,
so don't permit client-driven TLS version downgrades in that case,
either.
currently NetSurf uses curl_getdate to convert textural date and time
strings into seconds since epoch. It is betetr to move this
functionality to a utility function so curl_getdate can easily be
replaced if required.
When the operations tables were created the browser table was renamed
to miscellaneous except the actual rename patch was never applied,
this fixes that situation.
The printf formatting for size_t is set in c99 as %zu but in windows
it is %Iu this is solved by adding and inttypes style PRI macro for size_t
This also uses this macro everywhere size_t is formatted.
This is an attempt to amelioriate the situation found in #2384 where
we see the cURL connect() failing to complete. Based on the pcap
from the bug log, we believe that RISC OS is likely failing to signal
the completion of the connection to cURL. As such, cURL times out.
This change permits retries of timed out connections in the hope that
a fresh socket FD might subsequently function correctly. The defaults
chosen mean that the previous behaviour of 30 seconds before timeout
is reported will remain the same, but in that time we will make 3 separate
attempts to connect the socket.
Any fetch start error was being reported as "out of memory" which was
clearly insufficient. Foe example bad urls (reported was file:// with
a missing /) were causing a warn_user with out of memory. This change
now at least causes a "bad url" message.
This changes the LOG macro to be varadic removing the need for all
callsites to have double bracketing and allows for future improvement
on how we use the logging macros.
The callsites were changed with coccinelle and the changes checked by
hand. Compile tested for several frontends but not all.
A formatting annotation has also been added which allows the compiler
to check the parameters and types passed to the logging.
