Re: [Dillo-dev]More https goodness
Hi Garret, On Fri, Jul 16, 2004 at 08:05:43PM -0400, Garrett Kajmowicz wrote:
I am going to start by appologizing: this diff contains two separate items. I needed to do one to get the other to work, and I didn't want to risk having one patch getting applied before the other.
Anyways, two things done: 1) Added a function to dpiutils which does the complete read in from stdin for the dpi response tag and returns the option number selected. Please feel free to add comments about error return values and so forth.
2) Added *preliminary* error checking in the https dpi which notifies the user in the event that no certificate is presented or that the certificate is not verified. I will do a more thorough breakdown and other options once I know that this meets spec. Let me know if you prefer different wording on the messages as well.
In short, please review and commit.
OK, I reviewed it an made some changes (now on CVS). I pondered a long time whether to make a generic function for parsing dpip dialog answers. Something like: a_Dpiutil_dialog_parse_answer(...) To me it seems that according to the simplicity principle of API design, sticking with Get_attr_value() instead of one custom parsing function per each dpip command is better... The same logic applies to the a_Dpip_build_command() I was thinking of. The interface for sending data may survive though. Anyway, the most important point of this patch is that after applying the patch, it seems not to trust even paypal! For instance: https://www.paypal.com/en_US/i/icon/secure_lock_2.gif gives me the warning dialog. Is this OK? Cheers Jorge.- PS: For those using CVS, you can avoid the dialogs by setting 'retval = 0' in https.c.
On July 20, 2004 09:09 pm, Jorge Arellano Cid wrote:
Hi Garret,
OK, I reviewed it an made some changes (now on CVS).
I pondered a long time whether to make a generic function for parsing dpip dialog answers. Something like:
a_Dpiutil_dialog_parse_answer(...)
I created a specific function because in this case a numerical response can be expected, and thus returning a char answer requires the programmer to do more work for this specific value. Modularizing functionality is usually a good idea.
To me it seems that according to the simplicity principle of API design, sticking with Get_attr_value() instead of one custom parsing function per each dpip command is better...
The same logic applies to the a_Dpip_build_command() I was thinking of. The interface for sending data may survive though.
Anyway, the most important point of this patch is that after applying the patch, it seems not to trust even paypal!
For instance:
I have checked this out. I have written a fair bit more code (now I have to merge changes *ugh*). The issue is probably a lack of issuer certificates. Currently the https module checks /etc/ssl/certs. I'm trying to think of a way to put the directory in the configure script, but that will have to wait a little while. Right now I'm working on allowing self-signed certificates to be accepted long-term. OpenSSL has some weird ideas on how to do things.
gives me the warning dialog. Is this OK?
Warnings are OK. I'm adding more and more code in to handle all possible error conditions. Previously there was no warning if there was a problem - just a likely insecure connection. Now the system is warning on everything, and hopefully will be able to deal with a large number of these problems in code giving *useful* error messages. One thing at a time, though. Side question, do you have a regular Dillo mailing list view-parse-evaluate-and-commit schedule? I know you prefer smaller patches to larger patches, but it gets a little annoying for me when I submit something and I don't know when it will be reviewed and commited. The time doesn't bother me, but if I know your schedule I can schedule my work appropriately. Thanks. - Garrett Kajmowicz
Hi Garret, On Wed, Jul 21, 2004 at 10:47:21AM -0400, Garrett Kajmowicz wrote:
On July 20, 2004 09:09 pm, Jorge Arellano Cid wrote:
Hi Garret,
OK, I reviewed it an made some changes (now on CVS).
I pondered a long time whether to make a generic function for parsing dpip dialog answers. Something like:
a_Dpiutil_dialog_parse_answer(...)
I created a specific function because in this case a numerical response can be expected, and thus returning a char answer requires the programmer to do more work for this specific value. Modularizing functionality is usually a good idea.
Yes it is! This is sort of a tradeoff... For instance html.c does all its parsing with a function very much like Get_attr_value(). One alternative that I've been thinking of for a long time, is to just parse HTML tags once and return something like a: struct pair { char *attr_name; char *attr_value; }; struct pair *parsed_tag; Or the same pairs in a simple list: char **parsed_tag; with NULL marking the end. The advantage is that tag-parsing is done once, but now the caller has to go through the list to find out what attr_names are present. In the case of the dpip dialogs the current method looked simpler, at least by now...
To me it seems that according to the simplicity principle of API design, sticking with Get_attr_value() instead of one custom parsing function per each dpip command is better...
The same logic applies to the a_Dpip_build_command() I was thinking of. The interface for sending data may survive though.
Anyway, the most important point of this patch is that after applying the patch, it seems not to trust even paypal!
For instance:
I have checked this out. I have written a fair bit more code (now I have to merge changes *ugh*). The issue is probably a lack of issuer certificates. Currently the https module checks /etc/ssl/certs.
I'm trying to think of a way to put the directory in the configure script, but that will have to wait a little while.
Don't worry, that can be done later. Let's test it first.
Right now I'm working on allowing self-signed certificates to be accepted long-term. OpenSSL has some weird ideas on how to do things.
BTW, have you given a look to GnuTLS? (It has an OpenSSL compatibility layer and seems better documented).
gives me the warning dialog. Is this OK?
Warnings are OK.
Yes, I meant to ask: Is really PayPal sending this image with a certificate that can't be trusted?
I'm adding more and more code in to handle all possible error conditions. Previously there was no warning if there was a problem - just a likely insecure connection. Now the system is warning on everything, and hopefully will be able to deal with a large number of these problems in code giving *useful* error messages. One thing at a time, though.
Side question, do you have a regular Dillo mailing list view-parse-evaluate-and-commit schedule?
No. I try to work based on priorities. But sometimes something of higher priority steps in and things get rescheduled...
I know you prefer smaller patches to larger patches, but it gets a little annoying for me when I submit something and I don't know when it will be reviewed and commited. The time doesn't bother me, but if I know your schedule I can schedule my work appropriately.
My schedule is very hard to predict. Different things come my way everyday, and I have to manage lots of things in different areas. Don't get scared though. This patch took some time to commit because I had to think of things that affect the other plugins. OTOH having a patch in the CVS doesn't give it a lot of exposure. The number of people using Dillo from CVS and testing is smaller than one expects. We usually tend to work on our local trees until something is stable enough for broader testing before making the commit. Things should go faster in the future... Cheers Jorge.-
https://www.paypal.com/en_US/i/icon/secure_lock_2.gif Don't worry, that can be done later. Let's test it first.
Right now I'm working on allowing self-signed certificates to be accepted long-term. OpenSSL has some weird ideas on how to do things.
BTW, have you given a look to GnuTLS? (It has an OpenSSL compatibility layer and seems better documented).
No, I have not checked that out. I will take a look at it to see how it looks. I personally figure that OpenSSL is more likely to be installed on a given system than GnuTLS (which is an issue) and more thoroughly tested. But I will definetively check to see if it gives us any significant advantages.
gives me the warning dialog. Is this OK?
Warnings are OK.
Yes, I meant to ask: Is really PayPal sending this image with a certificate that can't be trusted?
The certificate seems to be trustable to me, but the lock is an image that is sent wether or not the connection is secure. In short, it is just there to make the customer feel better. I'll have more stuff for you shortly. - Garrett Kajmowicz
participants (2)
-
Garrett Kajmowicz
-
Jorge Arellano Cid