[Dillo-dev]Re: HTTPS
Hi Garret, I just finished uploading my patches to the dpis (those that were independent from your code but that required a merge) and the tarball tree you sent me. It comes with some minor modifications ...
Let me know what you think of the coding style, etc.
Very clean and compliant with our Naming&Coding in general. I did minor changes, like keeping it inside 80 columns and switching "if(" to "if (" (not a requirement but just to be consistent with the rest of Dillo). Only in one function I needed to reindent to 3 spaces... Unto less trivial stuff, Makefile.am was modified so dpiutil.h gets in the tarball produced with `make dist`. It would be great if you can add some SSL library detection routine to configure.in so https.c uses the no_ssl_support() function when the libarry is not present (or detected).
Also, if you could give me some direction on how to implement the prompt for unverified certificates (and the code/location to save them to), it would be greatly appreciated.
I'm working on this. Maybe tomorrow... For those that feel curious, you can get the latest CVS and test the new dpis. Just remember to install them after typing make! :-) More seriously, kill dpid and any running dpi before: 'make install' (or 'make install-strip'). Best Jorge.- PS: great start for 0.8.3-pre!
On Tue, 13 Jul 2004, Jorge Arellano Cid wrote:
I just finished uploading my patches to the dpis (those that were independent from your code but that required a merge) and the tarball tree you sent me.
Compiled and ran find on my Debian 3.0 system. Compiled on my tweaked RedHat 6.2 system, but it won't actually open some of the https URLs I tried. Typical console error mesage (from yahoo mail secure logon page) lookes like: | |----------------- Nav_open_url: Url=>https://login.yahoo.com/config/login?.branch=&.src=ym&.v=0&.u=bh9jje50fau8u&.last=&promo=&.intl=us&.bypass=&.partner=&pkg=&stepid=&.done=<; url_str = https://login.yahoo.com/config/login?.branch=&.src=ym&.v=0&.u=bh9jje50fau8u&.last=&promo=&.intl=us&.bypass=&.partner=&pkg=&stepid=&.done= main.c:153: get_command: dpid tag is NULL : main.c:326: main: get_command failed : {In https.filter.dpi} SSL_connect failed Dpi: [Dpi_process_io] IOClose |----------------- | and dillo provides no other feedback. Since I usually involk dillo from my window manager, the console output is not normally availible to me. Perhaps returning a SSL connection failed page would be nice. The funny part is I could open a yahoo mail account over a secure connection from the Debian machine... Nor do I understand why it opens some, but not all secure URLs. Anyway, it looks like a good start and I'm very pleased to see it. Dumb question: Is http 1.1 authentication amenable to a similar treatment? That is one of the features I really miss. Thanks all, -- -- David McKee -- dmckee@jlab.org -- (757) 269-7492 (Office)
Typical console error mesage (from yahoo mail secure logon page)
lookes like: |-----------------
Nav_open_url: Url=>https://login.yahoo.com/config/login?.branch=&.src=ym&.v=0&.u=bh9jje50 fau8u&.last=&promo=&.intl=us&.bypass=&.partner=&pkg=&stepid=&.done=< url_str = https://login.yahoo.com/config/login?.branch=&.src=ym&.v=0&.u=bh9jje50fau8u &.last=&promo=&.intl=us&.bypass=&.partner=&pkg=&stepid=&.done= main.c:153: get_command: dpid tag is NULL
: main.c:326: main: get_command failed : {In https.filter.dpi}
SSL_connect failed Dpi: [Dpi_process_io] IOClose
|-----------------
and dillo provides no other feedback. Since I usually involk dillo from my window manager, the console output is not normally availible to me.
I will take a look at it as soon as a I get a chance.
Perhaps returning a SSL connection failed page would be nice.
I'll see what I can do. I'm worried about code bloat, esp since Dillo prides itself on being very small.
Dumb question: Is http 1.1 authentication amenable to a similar treatment? That is one of the features I really miss.
http 1.1 *anything* would require Dillo to support HTTP 1.1 When workingo n the HTTPS plugin, all of the requests that I pass through are HTTP 1.0 messages, meaning that we are indicating, at least to the other server, that we don't support any HTTP 1.1 features. Actually, all the HTTPS filter DPI does is open up an SSL connection to the remote computer and then pass all the HTTP connections through. THe only thing that makes it complicated at all is dealing with certificate isssues if they are invalid. - Garrett Kajmowicz
participants (3)
-
David McKee -
Garrett Kajmowicz -
Jorge Arellano Cid