PATCH: -p1 To: w3m-dev@mi.med.tohoku.ac.jp Subject: [w3m-dev 01509] Forward: Bug#79689: No way to view information on SSL certificates From: Fumitoshi UKAI Delivered-To: ukai@ukai.org Delivered-To: ukai@debian.or.jp Date: Sat, 16 Dec 2000 04:28:07 +0900 Reply-To: w3m-dev@mi.med.tohoku.ac.jp Message-Id: <87u2854h88.wl@lichee.ukai.org> X-ML-Name: w3m-dev X-Mail-Count: 01509 X-MLServer: fml [fml 3.0]; post only (only members can post) X-ML-Info: If you have a question, send e-mail with the body "help" (without quotes) to the address w3m-dev-ctl@mi.med.tohoku.ac.jp; help= User-Agent: Wanderlust/2.2.15 (More Than Words) EMIKO/1.13.9 (Euglena tripteris) FLIM/1.13.2 (Kasanui) APEL/10.2 Emacs/20.7 (i386-debian-linux-gnu) MULE/4.0 (HANANOEN) Organization: Debian JP Project Mime-Version: 1.0 (generated by EMIKO 1.13.9 - "Euglena tripteris") X-Sender: w3m-dev-admin@mi.med.tohoku.ac.jp [1 ] w3m で #define USE_SSL (とか #define USE_SSL_VERIFY )した時でも 現状では https でつながってるかどうか、どことつながってかどうかの 情報を見ることができないのをなんとかしてほしいというレポートです。 現ドキュメントの情報を表示('=')で見ても SSLに関する証明書情報を みられないのは確かに悲しいなぁ と思っていたので 適当なパッチ つくってみました。(かなりいいかげん) -- 鵜飼文敏 [2 ] To: Debian Bug Tracking System Subject: Bug#79689: No way to view information on SSL certificates From: Richard Braakman Date: Fri, 15 Dec 2000 19:39:16 +0200 Message-Id: MIME-Version: 1.0 Package: w3m Version: 0.1.10+0.1.11pre+kokb22-1 Severity: wishlist When I'm about to submit sensitive information over a https connection, I would like to inspect the information in the server's SSL certificate, and ideally also the chain of trust that was used to verify that certificate. w3m doesn't seem to have a way to do this. Verifying this information would give me a lot more confidence in the security of a link. Richard Braakman -- System Information Debian Release: woody Architecture: i386 Kernel: Linux dark 2.3.49 #1 Tue Mar 7 10:37:21 EET 2000 i686 Versions of packages w3m depends on: ii libc6 2.2-5 GNU C Library: Shared libraries an ii libgc5 1:5.0.alpha4-8 Conservative garbage collector for ii libgpmg1 1.19.3-4 General Purpose Mouse Library [lib ii libncurses5 5.0-8 Shared libraries for terminal hand [3 w3m-0.1.11-pre-kokb23-ssl-cert.patch ] diff -Nru w3m-0.1.11-pre/buffer.c w3m-0.1.11-pre-ja/buffer.c --- w3m-0.1.11-pre/buffer.c Thu Dec 14 01:17:21 2000 +++ w3m-0.1.11-pre-ja/buffer.c Sat Dec 16 03:58:44 2000 @@ -40,6 +40,9 @@ *n->clone = 1; n->linelen = 0; n->trbyte = 0; +#ifdef USE_SSL + n->ssl_certificate = NULL; +#endif return n; } diff -Nru w3m-0.1.11-pre/file.c w3m-0.1.11-pre-ja/file.c --- w3m-0.1.11-pre/file.c Thu Dec 14 01:17:22 2000 +++ w3m-0.1.11-pre-ja/file.c Sat Dec 16 04:17:42 2000 @@ -971,6 +971,13 @@ } if (t_buf == NULL) t_buf = newBuffer(INIT_BUFFER_WIDTH); +#ifdef USE_SSL + if (IStype(f.stream) == IST_SSL) { + Str s = ssl_get_certificate(f.stream); + if (s != NULL) + t_buf->ssl_certificate = s->ptr; + } +#endif readHeader(&f, t_buf, FALSE, &pu); t = checkContentType(t_buf); if (t == NULL) @@ -1214,6 +1221,13 @@ t_buf = newBuffer(INIT_BUFFER_WIDTH); t_buf->bufferprop |= BP_FRAME; } +#ifdef USE_SSL + if (IStype(f.stream) == IST_SSL) { + Str s = ssl_get_certificate(f.stream); + if (s != NULL) + t_buf->ssl_certificate = s->ptr; + } +#endif b = loadSomething(&f, pu.file, proc, t_buf); UFclose(&f); if (b) { diff -Nru w3m-0.1.11-pre/fm.h w3m-0.1.11-pre-ja/fm.h --- w3m-0.1.11-pre/fm.h Thu Dec 14 01:17:22 2000 +++ w3m-0.1.11-pre-ja/fm.h Sat Dec 16 03:58:08 2000 @@ -343,6 +343,9 @@ FormItemList *form_submit; char *savecache; char *edit; +#ifdef USE_SSL + char *ssl_certificate; +#endif } Buffer; #define NO_BUFFER ((Buffer*)1) diff -Nru w3m-0.1.11-pre/html.h w3m-0.1.11-pre-ja/html.h --- w3m-0.1.11-pre/html.h Thu Dec 14 01:17:22 2000 +++ w3m-0.1.11-pre-ja/html.h Sat Dec 16 03:54:34 2000 @@ -2,6 +2,8 @@ #ifndef _HTML_H #define _HTML_H #ifdef USE_SSL +#include +#include #include #endif /* USE_SSL */ diff -Nru w3m-0.1.11-pre/istream.c w3m-0.1.11-pre-ja/istream.c --- w3m-0.1.11-pre/istream.c Thu Dec 14 01:17:22 2000 +++ w3m-0.1.11-pre-ja/istream.c Sat Dec 16 04:19:59 2000 @@ -328,6 +328,33 @@ } } +#ifdef USE_SSL +Str +ssl_get_certificate(InputStream stream) +{ + BIO *bp; + X509 *x; + char *p; + int len; + Str s; + if (stream == NULL) + return NULL; + if (IStype(stream) != IST_SSL) + return NULL; + if (stream->ssl.handle == NULL) + return NULL; + x = SSL_get_peer_certificate(stream->ssl.handle->ssl); + if (x == NULL) + return NULL; + bp = BIO_new(BIO_s_mem()); + X509_print(bp, x); + len = (int)BIO_ctrl(bp, BIO_CTRL_INFO,0,(char *)&p); + s = Strnew_charp_n(p, len); + BIO_free_all(bp); + return s; +} +#endif + /* Raw level input stream functions */ static void diff -Nru w3m-0.1.11-pre/istream.h w3m-0.1.11-pre-ja/istream.h --- w3m-0.1.11-pre/istream.h Thu Dec 14 01:17:22 2000 +++ w3m-0.1.11-pre-ja/istream.h Sat Dec 16 03:54:52 2000 @@ -4,6 +4,8 @@ #include #ifdef USE_SSL +#include +#include #include #endif #include "Str.h" @@ -121,6 +123,9 @@ extern Str StrmyISgets(InputStream stream); extern int ISread(InputStream stream, Str buf, int count); extern int ISfileno(InputStream stream); +#ifdef USE_SSL +extern Str ssl_get_certificate(InputStream stream); +#endif #define IST_BASIC 0 #define IST_FILE 1 diff -Nru w3m-0.1.11-pre/map.c w3m-0.1.11-pre-ja/map.c --- w3m-0.1.11-pre/map.c Thu Dec 14 01:17:22 2000 +++ w3m-0.1.11-pre-ja/map.c Sat Dec 16 03:59:50 2000 @@ -179,6 +179,14 @@ append_frame_info(tmp, f_set, 0); Strcat_charp(tmp, ""); } +#ifdef USE_SSL + if (buf->ssl_certificate == NULL) + goto end; + Strcat_charp(tmp, "

SSL certificate

\n"); + Strcat_charp(tmp, "
\n");
+    Strcat_charp(tmp, buf->ssl_certificate);
+    Strcat_charp(tmp, "
\n"); +#endif end: Strcat_charp(tmp, ""); return loadHTMLString(tmp); [4 ]