hs20_web_browser() to allow TLS server validation to be enabled
hs20_web_browser() was previously hardcoded to not perform strict TLS server validation. Add an argument to this function to allow that behavior to be configured. The hs20-osu-client users are still using the old behavior, i.e., not validating server certificates, to be usable for testing purposes. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
921ea4962e
commit
61bf9819c1
8 changed files with 19 additions and 15 deletions
|
@ -407,7 +407,7 @@ static int oma_dm_exec_browser(struct hs20_osu_client *ctx, xml_node_t *exec)
|
||||||
wpa_printf(MSG_INFO, "Data: %s", data);
|
wpa_printf(MSG_INFO, "Data: %s", data);
|
||||||
wpa_printf(MSG_INFO, "Launch browser to URI '%s'", data);
|
wpa_printf(MSG_INFO, "Launch browser to URI '%s'", data);
|
||||||
write_summary(ctx, "Launch browser to URI '%s'", data);
|
write_summary(ctx, "Launch browser to URI '%s'", data);
|
||||||
res = hs20_web_browser(data);
|
res = hs20_web_browser(data, 1);
|
||||||
xml_node_get_text_free(ctx->xml, data);
|
xml_node_get_text_free(ctx->xml, data);
|
||||||
if (res > 0) {
|
if (res > 0) {
|
||||||
wpa_printf(MSG_INFO, "User response in browser completed successfully");
|
wpa_printf(MSG_INFO, "User response in browser completed successfully");
|
||||||
|
|
|
@ -2406,7 +2406,7 @@ static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
|
||||||
|
|
||||||
snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
|
snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
|
||||||
write_summary(ctx, "Start web browser with OSU provider selection page");
|
write_summary(ctx, "Start web browser with OSU provider selection page");
|
||||||
ret = hs20_web_browser(fname);
|
ret = hs20_web_browser(fname, 0);
|
||||||
|
|
||||||
selected:
|
selected:
|
||||||
if (ret > 0 && (size_t) ret <= osu_count) {
|
if (ret > 0 && (size_t) ret <= osu_count) {
|
||||||
|
@ -3403,7 +3403,7 @@ int main(int argc, char *argv[])
|
||||||
|
|
||||||
wpa_printf(MSG_INFO, "Launch web browser to URL %s",
|
wpa_printf(MSG_INFO, "Launch web browser to URL %s",
|
||||||
argv[optind + 1]);
|
argv[optind + 1]);
|
||||||
ret = hs20_web_browser(argv[optind + 1]);
|
ret = hs20_web_browser(argv[optind + 1], 1);
|
||||||
wpa_printf(MSG_INFO, "Web browser result: %d", ret);
|
wpa_printf(MSG_INFO, "Web browser result: %d", ret);
|
||||||
} else if (strcmp(argv[optind], "parse_cert") == 0) {
|
} else if (strcmp(argv[optind], "parse_cert") == 0) {
|
||||||
if (argc - optind < 2) {
|
if (argc - optind < 2) {
|
||||||
|
|
|
@ -547,7 +547,7 @@ static int hs20_spp_exec(struct hs20_osu_client *ctx, xml_node_t *exec,
|
||||||
}
|
}
|
||||||
wpa_printf(MSG_INFO, "Launch browser to URI '%s'", uri);
|
wpa_printf(MSG_INFO, "Launch browser to URI '%s'", uri);
|
||||||
write_summary(ctx, "Launch browser to URI '%s'", uri);
|
write_summary(ctx, "Launch browser to URI '%s'", uri);
|
||||||
res = hs20_web_browser(uri);
|
res = hs20_web_browser(uri, 1);
|
||||||
xml_node_get_text_free(ctx->xml, uri);
|
xml_node_get_text_free(ctx->xml, uri);
|
||||||
if (res > 0) {
|
if (res > 0) {
|
||||||
wpa_printf(MSG_INFO, "User response in browser completed successfully - sessionid='%s'",
|
wpa_printf(MSG_INFO, "User response in browser completed successfully - sessionid='%s'",
|
||||||
|
|
|
@ -62,7 +62,7 @@ static void http_req(void *ctx, struct http_request *req)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int hs20_web_browser(const char *url)
|
int hs20_web_browser(const char *url, int ignore_tls)
|
||||||
{
|
{
|
||||||
struct http_server *http;
|
struct http_server *http;
|
||||||
struct in_addr addr;
|
struct in_addr addr;
|
||||||
|
|
|
@ -62,7 +62,7 @@ static void http_req(void *ctx, struct http_request *req)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int hs20_web_browser(const char *url)
|
int hs20_web_browser(const char *url, int ignore_tls)
|
||||||
{
|
{
|
||||||
struct http_server *http;
|
struct http_server *http;
|
||||||
struct in_addr addr;
|
struct in_addr addr;
|
||||||
|
|
|
@ -63,7 +63,7 @@ static void http_req(void *ctx, struct http_request *req)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int hs20_web_browser(const char *url)
|
int hs20_web_browser(const char *url, int ignore_tls)
|
||||||
{
|
{
|
||||||
struct http_server *http;
|
struct http_server *http;
|
||||||
struct in_addr addr;
|
struct in_addr addr;
|
||||||
|
|
|
@ -207,13 +207,12 @@ static void view_cb_title_changed(WebKitWebView *view, WebKitWebFrame *frame,
|
||||||
#endif /* USE_WEBKIT2 */
|
#endif /* USE_WEBKIT2 */
|
||||||
|
|
||||||
|
|
||||||
int hs20_web_browser(const char *url)
|
int hs20_web_browser(const char *url, int ignore_tls)
|
||||||
{
|
{
|
||||||
GtkWidget *scroll;
|
GtkWidget *scroll;
|
||||||
WebKitWebView *view;
|
WebKitWebView *view;
|
||||||
#ifdef USE_WEBKIT2
|
#ifdef USE_WEBKIT2
|
||||||
WebKitSettings *settings;
|
WebKitSettings *settings;
|
||||||
WebKitWebContext *wkctx;
|
|
||||||
#else /* USE_WEBKIT2 */
|
#else /* USE_WEBKIT2 */
|
||||||
WebKitWebSettings *settings;
|
WebKitWebSettings *settings;
|
||||||
SoupSession *s;
|
SoupSession *s;
|
||||||
|
@ -228,6 +227,7 @@ int hs20_web_browser(const char *url)
|
||||||
s = webkit_get_default_session();
|
s = webkit_get_default_session();
|
||||||
g_object_set(G_OBJECT(s), "ssl-ca-file",
|
g_object_set(G_OBJECT(s), "ssl-ca-file",
|
||||||
"/etc/ssl/certs/ca-certificates.crt", NULL);
|
"/etc/ssl/certs/ca-certificates.crt", NULL);
|
||||||
|
if (ignore_tls)
|
||||||
g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL);
|
g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL);
|
||||||
#endif /* USE_WEBKIT2 */
|
#endif /* USE_WEBKIT2 */
|
||||||
|
|
||||||
|
@ -286,9 +286,13 @@ int hs20_web_browser(const char *url)
|
||||||
g_object_set(G_OBJECT(settings), "auto-load-images", TRUE, NULL);
|
g_object_set(G_OBJECT(settings), "auto-load-images", TRUE, NULL);
|
||||||
|
|
||||||
#ifdef USE_WEBKIT2
|
#ifdef USE_WEBKIT2
|
||||||
|
if (ignore_tls) {
|
||||||
|
WebKitWebContext *wkctx;
|
||||||
|
|
||||||
wkctx = webkit_web_context_get_default();
|
wkctx = webkit_web_context_get_default();
|
||||||
webkit_web_context_set_tls_errors_policy(
|
webkit_web_context_set_tls_errors_policy(
|
||||||
wkctx, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
|
wkctx, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
|
||||||
|
}
|
||||||
#endif /* USE_WEBKIT2 */
|
#endif /* USE_WEBKIT2 */
|
||||||
|
|
||||||
webkit_web_view_load_uri(view, url);
|
webkit_web_view_load_uri(view, url);
|
||||||
|
|
|
@ -10,12 +10,12 @@
|
||||||
#define BROWSER_H
|
#define BROWSER_H
|
||||||
|
|
||||||
#ifdef CONFIG_NO_BROWSER
|
#ifdef CONFIG_NO_BROWSER
|
||||||
static inline int hs20_web_browser(const char *url)
|
static inline int hs20_web_browser(const char *url, int ignore_tls)
|
||||||
{
|
{
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#else /* CONFIG_NO_BROWSER */
|
#else /* CONFIG_NO_BROWSER */
|
||||||
int hs20_web_browser(const char *url);
|
int hs20_web_browser(const char *url, int ignore_tls);
|
||||||
#endif /* CONFIG_NO_BROWSER */
|
#endif /* CONFIG_NO_BROWSER */
|
||||||
|
|
||||||
#endif /* BROWSER_H */
|
#endif /* BROWSER_H */
|
||||||
|
|
Loading…
Reference in a new issue