Hi Christian, Sorry for the late answer, but I've had little spare time, and several topics to answer. Probably you have already read: http://lists.auriga.wearlab.de/pipermail/dillo-dev/2007-September/003211.htm... an got some info from there. On Sat, Mar 15, 2008 at 02:02:07PM +0100, Christian Kellermann wrote:
* Christian Kellermann <Christian.Kellermann@nefkom.net> [080315 09:49]:
Dear list,
In order to fix the https plugin I have stumbled upon the fact, that the former dialog code seems to be removed from cvs. To see what's goign on further down the code I have added a basic Yes/No popup using the existing a_Dialog_choice3 function. For this the numbering of the buttons have changed also in https. Dialogs with more than two alternatives will have the additional choices dropped silently. This is good for now but I really like to have it done right. Which function should get used instead of a_Dialog_choice3?
Also what's the real purpose of http_request? At the moment I cheat and set it to url in case it is empty. Which value is to be expected when calling the document root in a URL? "/"? "/index.html"? or am I getting this all wrong?
Whith this patch I can bypass the "certificate could not get verified" case but not much further. Also cancelling the dialog seems to leave some data behind, another call of https URLs won't do anything. But this is a bit better than it has been before...
I am not sure whether I should stop beating this dead horse or continue. What's your advice?
Ignore the http_request part I figured it out.
Ok, I have changed the proto comparison from "https" -> "proto.https" and I am able to view https sites again. This module still needs a lot of cleanup. As a next step I want to implement simple certificate caching so accepted certificates won't get prompted again. This will be memory only at first, making the certificate valid (or invalid) as long as the dpid lives.
The updated patch is attached below.
A long time ago, browsing was mainly fetching pages and images. It made a lot of sense to use an external tool (as wget) to grab https pages. Implementing this idea with dpi was also simple. Now, it may be not the case. You have to keep track of certificates, sessions, sometimes keep an open connection, etc. Years ago SSL wasn't widespread, today is an everyday need, so it may make sense to consider having it inside dillo. It can take some design time at the beginning but will be easier to maintain and extend than to have it living in an external dpi. Developers is what we need, so if you want to work on https, you're more than welcome. Lack of manpower is our biggest problem! "place" implemented gzip decoding in dillo2, he may help you with ideas on how to add an extra layer/decoding-stage for SSL. (With regard to your specific questions about https, you'll have to wait some time until I can look at it again in depth. IIRC there was a five option dialog requested through dpip that sent the answer back on what to do. It was removed from the code while porting, delayed for future implementation). Again, my suggestion is to consider an internal implementation. -- Cheers Jorge.-