On Fri, 16 Jul 2004, Garrett Kajmowicz wrote:
This patch allows the https dpi to release the memory used by the X509 certificate. This is a trivial patch. The call used to check the certificate increases a reference count, but it is never decreased, causing the memory not to be freed at the optimum time. This is not actually needed on a Linux system because of the MMU, but in the event this is converted to a server or run on a MMU-less processor, this could cause problems - I'm not familiar enough with the internals of OpenSSL to be certain.
Anyways, please apply the following patch to CVS.
Done! Jorge.- Return-path: <gkajmowi@tbaytel.net> Received: from front1.tbaytel.net ([216.211.26.100]) by free.wearlab.de with esmtp (Exim 3.35 #1 (Debian)) id 1Blcez-0000pp-00 for <dillo-dev@lists.auriga.wearlab.de>; Sat, 17 Jul 2004 02:02:37 +0200 Received: from [216.211.55.127] (HELO gkajmowicz.garrett.dyndns.biz) by front1.tbaytel.net (CommuniGate Pro SMTP 4.1.8) with ESMTP id 10289746 for dillo-dev@lists.auriga.wearlab.de; Fri, 16 Jul 2004 20:02:05 -0400 From: Garrett Kajmowicz <gkajmowi@tbaytel.net> Reply-To: gkajmowi@tbaytel.net To: Dillo mailing list <dillo-dev@lists.auriga.wearlab.de> Date: Fri, 16 Jul 2004 20:05:43 -0400 User-Agent: KMail/1.6.82 MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_X1G+Azi/XGRRdxA" Message-Id: <200407162005.43310.gkajmowi@tbaytel.net> Subject: [Dillo-dev]More https goodness Sender: dillo-dev-admin@lists.auriga.wearlab.de Errors-To: dillo-dev-admin@lists.auriga.wearlab.de X-BeenThere: dillo-dev@lists.auriga.wearlab.de X-Mailman-Version: 2.0.11 Precedence: bulk List-Help: <mailto:dillo-dev-request@lists.auriga.wearlab.de?subject=help> List-Post: <mailto:dillo-dev@lists.auriga.wearlab.de> List-Subscribe: <http://lists.auriga.wearlab.de/cgi-bin/mailman/listinfo/dillo-dev>, <mailto:dillo-dev-request@lists.auriga.wearlab.de?subject=subscribe> List-Id: For dillo web browser developers <dillo-dev.lists.auriga.wearlab.de> List-Unsubscribe: <http://lists.auriga.wearlab.de/cgi-bin/mailman/listinfo/dillo-dev>, <mailto:dillo-dev-request@lists.auriga.wearlab.de?subject=unsubscribe> List-Archive: <http://lists.auriga.wearlab.de/pipermail/dillo-dev/> --Boundary-00=_X1G+Azi/XGRRdxA Content-Type: text/plain; charset="us-ascii"; boundary="" Content-Transfer-Encoding: 7bit Content-Disposition: inline I am going to start by appologizing: this diff contains two separate items. I needed to do one to get the other to work, and I didn't want to risk having one patch getting applied before the other. Anyways, two things done: 1) Added a function to dpiutils which does the complete read in from stdin for the dpi response tag and returns the option number selected. Please feel free to add comments about error return values and so forth. 2) Added *preliminary* error checking in the https dpi which notifies the user in the event that no certificate is presented or that the certificate is not verified. I will do a more thorough breakdown and other options once I know that this meets spec. Let me know if you prefer different wording on the messages as well. In short, please review and commit. - Garrett --Boundary-00=_X1G+Azi/XGRRdxA Content-Type: text/x-diff; charset="us-ascii"; name="dillo-initial-https-prompting.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="dillo-initial-https-prompting.diff" diff -pur dillo-cvs/dillo/dpi/dpiutil.c dillo-dev/dillo/dpi/dpiutil.c --- dillo-cvs/dillo/dpi/dpiutil.c 2004-07-16 22:19:00.000000000 +0000 +++ dillo-dev/dillo/dpi/dpiutil.c 2004-07-16 23:43:54.000000000 +0000 @@ -11,6 +11,7 @@ */ #include "dpiutil.h" +#include <unistd.h> #include <stdio.h> #include <string.h> #include <glib.h> @@ -143,3 +144,22 @@ gint send_stream_mode(FILE *in_stream, g return -1; } +gint dpi_message_response_number(){ + gint response_number; + gint rd_len; + gchar buf[4096]; + gchar * response = 0; + + /*Read in user responce*/ + rd_len = read(STDIN_FILENO, buf, 4096); + response = Get_attr_value(buf, rd_len, "msg" ); + + if(response == NULL){ + return -1; + } + + sscanf(response, "%d", &response_number); + g_free(response); + response = NULL; + return response_number; +} diff -pur dillo-cvs/dillo/dpi/dpiutil.h dillo-dev/dillo/dpi/dpiutil.h --- dillo-cvs/dillo/dpi/dpiutil.h 2004-07-13 21:42:22.000000000 +0000 +++ dillo-dev/dillo/dpi/dpiutil.h 2004-07-16 23:35:27.000000000 +0000 @@ -66,3 +66,9 @@ gint send_stream_4(FILE *in_stream, gcha #define SEND_STREAM_MODE_COARSE_FAST 4 gint send_stream_mode(FILE *in_stream, gchar *url, int mode); + + +/* + * Get dialog response number + */ +gint dpi_message_response_number(); diff -pur dillo-cvs/dillo/dpi/https.c dillo-dev/dillo/dpi/https.c --- dillo-cvs/dillo/dpi/https.c 2004-07-13 21:42:22.000000000 +0000 +++ dillo-dev/dillo/dpi/https.c 2004-07-16 23:57:09.000000000 +0000 @@ -329,7 +329,56 @@ int get_network_connection(gchar * url) */ int handle_certificate_problem(SSL * ssl_connection) { - + gint response_number; + int retval; + FILE * fp; + + X509 * remote_cert; + + remote_cert = SSL_get_peer_certificate(ssl_connection); + if(remote_cert == NULL){ + /*Inform user that remote system cannot be trusted*/ + printf("<dpi cmd='dialog' msg='%s' alt1='%s' alt2='%s'>", + "The remote system is not presenting a certificate and cannot be trused", + "Continue", "Cancel" + ); + fflush(stdout); + + /*Read in user responce*/ + response_number = dpi_message_response_number(); + + switch(response_number){ + case 1: /*Continue*/ + return 0; + case 2: /*Cancel*/ + return -1; + default: /*Safety - abort*/ + return -1; + } + }else{ + X509_free(remote_cert); + /*Figure out why (and if) the remote system can't be trusted*/ + retval = SSL_get_verify_result(ssl_connection); + switch (retval){ + case X509_V_OK: /*Everything is Kosher*/ + return 0; + default: /*Need to add more options later*/ + printf("<dpi cmd='dialog' msg='%s' alt1='%s' alt2='%s'>", + "The remote certificate cannot be verified", + "Continue", "Cancel" + ); + fflush(stdout); + response_number = dpi_message_response_number(); + switch(response_number){ + case 1: + return 0; + case 2: + return -1; + default: + return -1; + } + } + } return 0; } --Boundary-00=_X1G+Azi/XGRRdxA-- Return-path: <lists@clausconrad.com> Received: from 62.79.172.2.adsl.brh.tiscali.dk ([62.79.173.2] helo=CLAUS2) by free.wearlab.de with esmtp (Exim 3.35 #1 (Debian)) id 1Blma9-0002qd-00 for <dillo-dev@lists.auriga.wearlab.de>; Sat, 17 Jul 2004 12:38:18 +0200 Received: from CLAUS2 ([127.0.0.1]) by CLAUS2 with Microsoft SMTPSVC(6.0.3790.0); Sat, 17 Jul 2004 12:38:31 +0200 From: "Claus Conrad" <lists@clausconrad.com> To: <dillo-dev@lists.auriga.wearlab.de> Date: Sat, 17 Jul 2004 12:38:31 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181 Thread-Index: AcRr4r/tMjm9VSHvSAaMiR/YmFGcTAABNXwA In-Reply-To: <20040717094502.7683.47919.Mailman@free.wearlab.de> Message-ID: <CLAUS2CoyRwKBEK0ZMC00000002@CLAUS2> X-OriginalArrivalTime: 17 Jul 2004 10:38:31.0671 (UTC) FILETIME=[34459070:01C46BEA] Subject: [Dillo-dev]Cookie problem Sender: dillo-dev-admin@lists.auriga.wearlab.de Errors-To: dillo-dev-admin@lists.auriga.wearlab.de X-BeenThere: dillo-dev@lists.auriga.wearlab.de X-Mailman-Version: 2.0.11 Precedence: bulk List-Help: <mailto:dillo-dev-request@lists.auriga.wearlab.de?subject=help> List-Post: <mailto:dillo-dev@lists.auriga.wearlab.de> List-Subscribe: <http://lists.auriga.wearlab.de/cgi-bin/mailman/listinfo/dillo-dev>, <mailto:dillo-dev-request@lists.auriga.wearlab.de?subject=subscribe> List-Id: For dillo web browser developers <dillo-dev.lists.auriga.wearlab.de> List-Unsubscribe: <http://lists.auriga.wearlab.de/cgi-bin/mailman/listinfo/dillo-dev>, <mailto:dillo-dev-request@lists.auriga.wearlab.de?subject=unsubscribe> List-Archive: <http://lists.auriga.wearlab.de/pipermail/dillo-dev/> Dear dillo community, I have subscribed to this list because I'm developing a PHP-based = website which I want to be compatible with dillo. The site is located at http://www.kabbeleje.dk/vask/ . It uses PHP's session management, = sending a cookie named PHPSESSID to the browser on login. This works great in most other browsers I tried, but somehow not in dillo. The PHP code I'm using looks something like if (login_successful) { session_start(); // ... header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php?PHPSESSID" . strip_tags(session_id())); } I added the get parameter to the redirect URL after trying without; both ways seem to work in e. g. Mozilla, but it doesn't change anything in = dillo. The redirect works, but the user isn't logged in. I guess it's just a = minor erroneous piece in the code, but don't know where to look. Any help = would be very much appreciated. A test login is available on request, if = necessary. Thanks a lot in advance. Regards, Claus