hs20_web_browser() to allow TLS server validation to be enabled

author Jouni Malinen <j@w1.fi>

Sun, 16 Feb 2020 15:28:58 +0000 (17:28 +0200)

committer Jouni Malinen <j@w1.fi>

Sun, 16 Feb 2020 15:40:52 +0000 (17:40 +0200)
author Jouni Malinen <j@w1.fi>
Sun, 16 Feb 2020 15:28:58 +0000 (17:28 +0200)
committer Jouni Malinen <j@w1.fi>
Sun, 16 Feb 2020 15:40:52 +0000 (17:40 +0200)
diff --git a/hs20/client/oma_dm_client.c b/hs20/client/oma_dm_client.c

index d75c84562acadb96b4f485c4e567d78246c25793..bcd68b8775d5372dada9186324c4ac81d7ce4eb4 100644 (file)
--- a/hs20/client/oma_dm_client.c
+++ b/hs20/client/oma_dm_client.c
@@ -407,7 +407,7 @@ static int oma_dm_exec_browser(struct hs20_osu_client *ctx, xml_node_t *exec)
         wpa_printf(MSG_INFO, "Data: %s", data);
         wpa_printf(MSG_INFO, "Launch browser to URI '%s'", data);
         write_summary(ctx, "Launch browser to URI '%s'", data);
-       res = hs20_web_browser(data);
+       res = hs20_web_browser(data, 1);
         xml_node_get_text_free(ctx->xml, data);
         if (res > 0) {
                 wpa_printf(MSG_INFO, "User response in browser completed successfully");
diff --git a/hs20/client/osu_client.c b/hs20/client/osu_client.c

index a94f40c51ee01f8745a7af5a92982440b5b5f06c..b9849cad54ec23fbb7d1e7e94ed0e6570f493fce 100644 (file)
--- a/hs20/client/osu_client.c
+++ b/hs20/client/osu_client.c
@@ -2406,7 +2406,7 @@ static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
  
         snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
         write_summary(ctx, "Start web browser with OSU provider selection page");
-       ret = hs20_web_browser(fname);
+       ret = hs20_web_browser(fname, 0);
  
  selected:
         if (ret > 0 && (size_t) ret <= osu_count) {
@@ -3403,7 +3403,7 @@ int main(int argc, char *argv[])
  
                 wpa_printf(MSG_INFO, "Launch web browser to URL %s",
                            argv[optind + 1]);
-               ret = hs20_web_browser(argv[optind + 1]);
+               ret = hs20_web_browser(argv[optind + 1], 1);
                 wpa_printf(MSG_INFO, "Web browser result: %d", ret);
         } else if (strcmp(argv[optind], "parse_cert") == 0) {
                 if (argc - optind < 2) {
diff --git a/hs20/client/spp_client.c b/hs20/client/spp_client.c

index c619541ae28673c48c358550b048486d0e6b81dd..39d10e0362f640deff8a95737b97a369598c7aec 100644 (file)
--- a/hs20/client/spp_client.c
+++ b/hs20/client/spp_client.c
@@ -547,7 +547,7 @@ static int hs20_spp_exec(struct hs20_osu_client *ctx, xml_node_t *exec,
                 }
                 wpa_printf(MSG_INFO, "Launch browser to URI '%s'", uri);
                 write_summary(ctx, "Launch browser to URI '%s'", uri);
-               res = hs20_web_browser(uri);
+               res = hs20_web_browser(uri, 1);
                 xml_node_get_text_free(ctx->xml, uri);
                 if (res > 0) {
                         wpa_printf(MSG_INFO, "User response in browser completed successfully - sessionid='%s'",
diff --git a/src/utils/browser-android.c b/src/utils/browser-android.c

index 71a165269cf6e286fe4dcb54bf225abdb0694d77..26c83d630a3e81caa759a880ffd59333435f8635 100644 (file)
--- a/src/utils/browser-android.c
+++ b/src/utils/browser-android.c
@@ -62,7 +62,7 @@ static void http_req(void *ctx, struct http_request *req)
  }
  
  
-int hs20_web_browser(const char *url)
+int hs20_web_browser(const char *url, int ignore_tls)
  {
         struct http_server *http;
         struct in_addr addr;
diff --git a/src/utils/browser-system.c b/src/utils/browser-system.c

index aed39706c2e106abc646de1a9c2b83dd079c4d28..d87d97b5ada0e09d3f0b3c6513303a47ae6d809c 100644 (file)
--- a/src/utils/browser-system.c
+++ b/src/utils/browser-system.c
@@ -62,7 +62,7 @@ static void http_req(void *ctx, struct http_request *req)
  }
  
  
-int hs20_web_browser(const char *url)
+int hs20_web_browser(const char *url, int ignore_tls)
  {
         struct http_server *http;
         struct in_addr addr;
diff --git a/src/utils/browser-wpadebug.c b/src/utils/browser-wpadebug.c

index dfb4b67977f876efb170b603d5017e667de4d989..d32a85bdf4cd82d908073c76c79a333bab4b5160 100644 (file)
--- a/src/utils/browser-wpadebug.c
+++ b/src/utils/browser-wpadebug.c
@@ -63,7 +63,7 @@ static void http_req(void *ctx, struct http_request *req)
  }
  
  
-int hs20_web_browser(const char *url)
+int hs20_web_browser(const char *url, int ignore_tls)
  {
         struct http_server *http;
         struct in_addr addr;
diff --git a/src/utils/browser.c b/src/utils/browser.c

index 50452362541fb36c7d0f52345268f57999313d95..6d59cf740bcccf381421d7bf4158835a24790e64 100644 (file)
--- a/src/utils/browser.c
+++ b/src/utils/browser.c
@@ -207,13 +207,12 @@ static void view_cb_title_changed(WebKitWebView *view, WebKitWebFrame *frame,
  #endif /* USE_WEBKIT2 */
  
  
-int hs20_web_browser(const char *url)
+int hs20_web_browser(const char *url, int ignore_tls)
  {
         GtkWidget *scroll;
         WebKitWebView *view;
  #ifdef USE_WEBKIT2
         WebKitSettings *settings;
-       WebKitWebContext *wkctx;
  #else /* USE_WEBKIT2 */
         WebKitWebSettings *settings;
         SoupSession *s;
@@ -228,7 +227,8 @@ int hs20_web_browser(const char *url)
         s = webkit_get_default_session();
         g_object_set(G_OBJECT(s), "ssl-ca-file",
                      "/etc/ssl/certs/ca-certificates.crt", NULL);
-       g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL);
+       if (ignore_tls)
+               g_object_set(G_OBJECT(s), "ssl-strict", FALSE, NULL);
  #endif /* USE_WEBKIT2 */
  
         ctx.win = gtk_window_new(GTK_WINDOW_TOPLEVEL);
@@ -286,9 +286,13 @@ int hs20_web_browser(const char *url)
         g_object_set(G_OBJECT(settings), "auto-load-images", TRUE, NULL);
  
  #ifdef USE_WEBKIT2
-       wkctx = webkit_web_context_get_default();
-       webkit_web_context_set_tls_errors_policy(
-               wkctx, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+       if (ignore_tls) {
+               WebKitWebContext *wkctx;
+
+               wkctx = webkit_web_context_get_default();
+               webkit_web_context_set_tls_errors_policy(
+                       wkctx, WEBKIT_TLS_ERRORS_POLICY_IGNORE);
+       }
  #endif /* USE_WEBKIT2 */
  
         webkit_web_view_load_uri(view, url);
diff --git a/src/utils/browser.h b/src/utils/browser.h

index aaa0eed269f79a4093c15a661ddebc8680906365..3af13b9a11ed9638a1a6ebc001eeb83656a6b669 100644 (file)
--- a/src/utils/browser.h
+++ b/src/utils/browser.h
@@ -10,12 +10,12 @@
  #define BROWSER_H
  
  #ifdef CONFIG_NO_BROWSER
-static inline int hs20_web_browser(const char *url)
+static inline int hs20_web_browser(const char *url, int ignore_tls)
  {
         return -1;
  }
  #else /* CONFIG_NO_BROWSER */
-int hs20_web_browser(const char *url);
+int hs20_web_browser(const char *url, int ignore_tls);
  #endif /* CONFIG_NO_BROWSER */
  
  #endif /* BROWSER_H */
author	Jouni Malinen <j@w1.fi>
	Sun, 16 Feb 2020 15:28:58 +0000 (17:28 +0200)
committer	Jouni Malinen <j@w1.fi>
	Sun, 16 Feb 2020 15:40:52 +0000 (17:40 +0200)
hs20/client/oma_dm_client.c		patch \| blob \| blame \| history
hs20/client/osu_client.c		patch \| blob \| blame \| history
hs20/client/spp_client.c		patch \| blob \| blame \| history
src/utils/browser-android.c		patch \| blob \| blame \| history
src/utils/browser-system.c		patch \| blob \| blame \| history
src/utils/browser-wpadebug.c		patch \| blob \| blame \| history
src/utils/browser.c		patch \| blob \| blame \| history
src/utils/browser.h		patch \| blob \| blame \| history