hs20_web_browser() to allow TLS server validation to be enabled
hs20_web_browser() was previously hardcoded to not perform strict TLS server validation. Add an argument to this function to allow that behavior to be configured. The hs20-osu-client users are still using the old behavior, i.e., not validating server certificates, to be usable for testing purposes. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
921ea4962e
commit
61bf9819c1
8 changed files with 19 additions and 15 deletions
|
@ -407,7 +407,7 @@ static int oma_dm_exec_browser(struct hs20_osu_client *ctx, xml_node_t *exec)
|
|||
wpa_printf(MSG_INFO, "Data: %s", data);
|
||||
wpa_printf(MSG_INFO, "Launch browser to URI '%s'", data);
|
||||
write_summary(ctx, "Launch browser to URI '%s'", data);
|
||||
res = hs20_web_browser(data);
|
||||
res = hs20_web_browser(data, 1);
|
||||
xml_node_get_text_free(ctx->xml, data);
|
||||
if (res > 0) {
|
||||
wpa_printf(MSG_INFO, "User response in browser completed successfully");
|
||||
|
|
|
@ -2406,7 +2406,7 @@ static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
|
|||
|
||||
snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
|
||||
write_summary(ctx, "Start web browser with OSU provider selection page");
|
||||
ret = hs20_web_browser(fname);
|
||||
ret = hs20_web_browser(fname, 0);
|
||||
|
||||
selected:
|
||||
if (ret > 0 && (size_t) ret <= osu_count) {
|
||||
|
@ -3403,7 +3403,7 @@ int main(int argc, char *argv[])
|
|||
|
||||
wpa_printf(MSG_INFO, "Launch web browser to URL %s",
|
||||
argv[optind + 1]);
|
||||
ret = hs20_web_browser(argv[optind + 1]);
|
||||
ret = hs20_web_browser(argv[optind + 1], 1);
|
||||
wpa_printf(MSG_INFO, "Web browser result: %d", ret);
|
||||
} else if (strcmp(argv[optind], "parse_cert") == 0) {
|
||||
if (argc - optind < 2) {
|
||||
|
|
|
@ -547,7 +547,7 @@ static int hs20_spp_exec(struct hs20_osu_client *ctx, xml_node_t *exec,
|
|||
}
|
||||
wpa_printf(MSG_INFO, "Launch browser to URI '%s'", uri);
|
||||
write_summary(ctx, "Launch browser to URI '%s'", uri);
|
||||
res = hs20_web_browser(uri);
|
||||
res = hs20_web_browser(uri, 1);
|
||||
xml_node_get_text_free(ctx->xml, uri);
|
||||
if (res > 0) {
|
||||
wpa_printf(MSG_INFO, "User response in browser completed successfully - sessionid='%s'",
|
||||
|
|
|
@ -62,7 +62,7 @@ static void http_req(void *ctx, struct http_request *req)
|
|||
}
|
||||
|
||||
|
||||
int hs20_web_browser(const char *url)
|
||||
int hs20_web_browser(const char *url, int ignore_tls)
|
||||
{
|
||||
struct http_server *http;
|
||||
struct in_addr addr;
|
||||
|
|
|
@ -62,7 +62,7 @@ static void http_req(void *ctx, struct http_request *req)
|
|||
}
|
||||
|
||||
|
||||
int hs20_web_browser(const char *url)
|
||||
int hs20_web_browser(const char *url, int ignore_tls)
|
||||
{
|
||||
struct http_server *http;
|
||||
struct in_addr addr;
|
||||
|
|
|
@ -63,7 +63,7 @@ static void http_req(void *ctx, struct http_request *req)
|
|||
}
|
||||
|
||||
|
||||
int hs20_web_browser(const char *url)
|
||||
int hs20_web_browser(const char *url, int ignore_tls)
|
||||
{
|
||||
struct http_server *http;
|
||||
struct in_addr addr;
|
||||
|
|
|
@ -207,13 +207,12 @@ static void view_cb_title_changed(WebKitWebView *view, WebKitWebFrame *frame,
|
|||
#endif /* USE_WEBKIT2 */
|
||||
|
||||
|
||||
int hs20_web_browser(const char *url)
|
||||
int hs20_web_browser(const char *url, int ignore_tls)
|
||||
{
|
||||
GtkWidget *scroll;
|
||||
WebKitWebView *view;
|
||||
#ifdef USE_WEBKIT2
|
||||
WebKitSettings *settings;
|
||||
WebKitWebContext *wkctx;
|
||||
#else /* USE_WEBKIT2 */
|
||||
WebKitWebSettings *settings;
|
||||
SoupSession *s;
|
||||
|
@ -228,7 +227,8 @@ int hs20_web_browser(const char *url)
|
|||
s = webkit_get_default_session();
|
||||
g_object_set(G_OBJECT(s), "ssl-ca-file",
|
||||
"/etc/ssl/certs/ca-certificates.crt", NULL);
|
||||
g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL);
|
||||
if (ignore_tls)
|
||||
g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL);
|
||||
#endif /* USE_WEBKIT2 */
|
||||
|
||||
ctx.win = gtk_window_new(GTK_WINDOW_TOPLEVEL);
|
||||
|
@ -286,9 +286,13 @@ int hs20_web_browser(const char *url)
|
|||
g_object_set(G_OBJECT(settings), "auto-load-images", TRUE, NULL);
|
||||
|
||||
#ifdef USE_WEBKIT2
|
||||
wkctx = webkit_web_context_get_default();
|
||||
webkit_web_context_set_tls_errors_policy(
|
||||
wkctx, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
|
||||
if (ignore_tls) {
|
||||
WebKitWebContext *wkctx;
|
||||
|
||||
wkctx = webkit_web_context_get_default();
|
||||
webkit_web_context_set_tls_errors_policy(
|
||||
wkctx, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
|
||||
}
|
||||
#endif /* USE_WEBKIT2 */
|
||||
|
||||
webkit_web_view_load_uri(view, url);
|
||||
|
|
|
@ -10,12 +10,12 @@
|
|||
#define BROWSER_H
|
||||
|
||||
#ifdef CONFIG_NO_BROWSER
|
||||
static inline int hs20_web_browser(const char *url)
|
||||
static inline int hs20_web_browser(const char *url, int ignore_tls)
|
||||
{
|
||||
return -1;
|
||||
}
|
||||
#else /* CONFIG_NO_BROWSER */
|
||||
int hs20_web_browser(const char *url);
|
||||
int hs20_web_browser(const char *url, int ignore_tls);
|
||||
#endif /* CONFIG_NO_BROWSER */
|
||||
|
||||
#endif /* BROWSER_H */
|
||||
|
|
Loading…
Reference in a new issue