/* * Copyright 2020 Vincent Sanders * * This file is part of NetSurf. * * NetSurf is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; version 2 of the License. * * NetSurf is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ /** * \file * content generator for the about scheme certificate page */ #include #include #include #include #include "utils/errors.h" #include "utils/log.h" #include "utils/messages.h" #include "netsurf/inttypes.h" #include "netsurf/ssl_certs.h" #include "private.h" #include "certificate.h" /** * certificate name parameters */ struct ns_cert_name { char *common_name; char *organisation; char *organisation_unit; char *locality; char *province; char *country; }; /** * Certificate public key parameters */ struct ns_cert_pkey { char *algor; int size; char *modulus; char *exponent; char *curve; char *public; }; /** * Certificate subject alternative name */ struct ns_cert_san { struct ns_cert_san *next; char *name; }; /** * certificate information for certificate chain */ struct ns_cert_info { struct ns_cert_name subject_name; /**< Subject details */ struct ns_cert_name issuer_name; /**< Issuer details */ struct ns_cert_pkey public_key; /**< public key details */ long version; /**< Certificate version */ char *not_before; /**< Valid from date */ char *not_after; /**< Valid to date */ int sig_type; /**< Signature type */ char *sig_algor; /**< Signature Algorithm */ char *serialnum; /**< Serial number */ char *sha1fingerprint; /**< fingerprint shar1 encoded */ char *sha256fingerprint; /**< fingerprint shar256 encoded */ struct ns_cert_san *san; /**< subject alternative names */ ssl_cert_err err; /**< Whatever is wrong with this certificate */ }; /** * free all resources associated with a certificate information structure */ static nserror free_ns_cert_info(struct ns_cert_info *cinfo) { struct ns_cert_san *san; free(cinfo->subject_name.common_name); free(cinfo->subject_name.organisation); free(cinfo->subject_name.organisation_unit); free(cinfo->subject_name.locality); free(cinfo->subject_name.province); free(cinfo->subject_name.country); free(cinfo->issuer_name.common_name); free(cinfo->issuer_name.organisation); free(cinfo->issuer_name.organisation_unit); free(cinfo->issuer_name.locality); free(cinfo->issuer_name.province); free(cinfo->issuer_name.country); free(cinfo->public_key.algor); free(cinfo->public_key.modulus); free(cinfo->public_key.exponent); free(cinfo->public_key.curve); free(cinfo->public_key.public); free(cinfo->not_before); free(cinfo->not_after); free(cinfo->sig_algor); free(cinfo->serialnum); /* free san list avoiding use after free */ san = cinfo->san; while (san != NULL) { struct ns_cert_san *next; next = san->next; free(san); san = next; } free(cinfo); return NSERROR_OK; } #ifdef WITH_OPENSSL #include #include /* OpenSSL 1.0.x, 1.0.2, 1.1.0 and 1.1.1 API all changed * LibreSSL declares its OpenSSL version as 2.1 but only supports 1.0.x API */ #if (defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x1010000fL)) /* 1.0.x */ #if (defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x1000200fL)) /* pre 1.0.2 */ static int ns_X509_get_signature_nid(X509 *cert) { return OBJ_obj2nid(cert->cert_info->key->algor->algorithm); } #else #define ns_X509_get_signature_nid X509_get_signature_nid #endif static const unsigned char *ns_ASN1_STRING_get0_data(ASN1_STRING *asn1str) { return (const unsigned char *)ASN1_STRING_data(asn1str); } static const BIGNUM *ns_RSA_get0_n(const RSA *d) { return d->n; } static const BIGNUM *ns_RSA_get0_e(const RSA *d) { return d->e; } static int ns_RSA_bits(const RSA *rsa) { return RSA_size(rsa) * 8; } static int ns_DSA_bits(const DSA *dsa) { return DSA_size(dsa) * 8; } static int ns_DH_bits(const DH *dh) { return DH_size(dh) * 8; } #elif (OPENSSL_VERSION_NUMBER < 0x1010100fL) /* 1.1.0 */ #define ns_X509_get_signature_nid X509_get_signature_nid #define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data static const BIGNUM *ns_RSA_get0_n(const RSA *r) { const BIGNUM *n; const BIGNUM *e; const BIGNUM *d; RSA_get0_key(r, &n, &e, &d); return n; } static const BIGNUM *ns_RSA_get0_e(const RSA *r) { const BIGNUM *n; const BIGNUM *e; const BIGNUM *d; RSA_get0_key(r, &n, &e, &d); return e; } #define ns_RSA_bits RSA_bits #define ns_DSA_bits DSA_bits #define ns_DH_bits DH_bits #else /* 1.1.1 and later */ #define ns_X509_get_signature_nid X509_get_signature_nid #define ns_ASN1_STRING_get0_data ASN1_STRING_get0_data #define ns_RSA_get0_n RSA_get0_n #define ns_RSA_get0_e RSA_get0_e #define ns_RSA_bits RSA_bits #define ns_DSA_bits DSA_bits #define ns_DH_bits DH_bits #endif /** * extract certificate name information * * \param xname The X509 name to convert. The reference is borrowed so is not freeed * \param iname The info structure to recive the extracted parameters. * \return NSERROR_OK on success else error code */ static nserror xname_to_info(X509_NAME *xname, struct ns_cert_name *iname) { int entryidx; int entrycnt; X509_NAME_ENTRY *entry; /* current name entry */ ASN1_STRING *value; const unsigned char *value_str; ASN1_OBJECT *name; int name_nid; char **field; entrycnt = X509_NAME_entry_count(xname); for (entryidx = 0; entryidx < entrycnt; entryidx++) { entry = X509_NAME_get_entry(xname, entryidx); name = X509_NAME_ENTRY_get_object(entry); name_nid = OBJ_obj2nid(name); value = X509_NAME_ENTRY_get_data(entry); value_str = ns_ASN1_STRING_get0_data(value); switch (name_nid) { case NID_commonName: field = &iname->common_name; break; case NID_countryName: field = &iname->country; break; case NID_localityName: field = &iname->locality; break; case NID_stateOrProvinceName: field = &iname->province; break; case NID_organizationName: field = &iname->organisation; break; case NID_organizationalUnitName: field = &iname->organisation_unit; break; default : field = NULL; break; } if (field != NULL) { *field = strdup((const char *)value_str); NSLOG(netsurf, DEEPDEBUG, "NID:%d value: %s", name_nid, *field); } else { NSLOG(netsurf, DEEPDEBUG, "NID:%d", name_nid); } } /* * ensure the common name is set to something, this being * missing means the certificate is broken but this should be * robust in the face of bad data */ if (iname->common_name == NULL) { iname->common_name = strdup("Unknown"); } return NSERROR_OK; } /** * duplicate a hex formatted string inserting the colons * * \todo only uses html entity as separator because netsurfs line breaking * fails otherwise. */ static char *hexdup(const char *hex) { int hexlen; char *dst; char *out; int cn = 0; hexlen = strlen(hex); /* allow space fox XXYY to XX:YY: */ dst = malloc(((hexlen * 7) + 6) / 2); if (dst != NULL) { for (out = dst; *hex != 0; hex++) { if (cn == 2) { cn = 0; *out++ = '&'; *out++ = '#'; *out++ = '5'; *out++ = '8'; *out++ = ';'; } *out++ = *hex; cn++; } *out = 0; } return dst; } /** * create a hex formatted string inserting the colons from binary data * * \todo only uses html entity as separator because netsurfs line breaking * fails otherwise. */ static char *bindup(unsigned char *bin, unsigned int binlen) { char *dst; char *out; unsigned int idx; const char hex[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; /* allow space fox XY to expand to XX:YY: */ dst = malloc(binlen * 7); if (dst != NULL) { out = dst; for (idx = 0; idx < binlen; idx++) { *out++ = hex[(bin[idx] & 0xf0) >> 4]; *out++ = hex[bin[idx] & 0xf]; *out++ = '&'; *out++ = '#'; *out++ = '5'; *out++ = '8'; *out++ = ';'; } out -= 5; *out = 0; } return dst; } /** * extract RSA key information to info structure * * \param rsa The RSA key to examine. The reference is dropped on return * \param ikey The public key info structure to fill * \rerun NSERROR_OK on success else error code. */ static nserror rsa_to_info(RSA *rsa, struct ns_cert_pkey *ikey) { char *tmp; if (rsa == NULL) { return NSERROR_BAD_PARAMETER; } ikey->algor = strdup("RSA"); ikey->size = ns_RSA_bits(rsa); tmp = BN_bn2hex(ns_RSA_get0_n(rsa)); if (tmp != NULL) { ikey->modulus = hexdup(tmp); OPENSSL_free(tmp); } tmp = BN_bn2dec(ns_RSA_get0_e(rsa)); if (tmp != NULL) { ikey->exponent = strdup(tmp); OPENSSL_free(tmp); } RSA_free(rsa); return NSERROR_OK; } /** * extract DSA key information to info structure * * \param dsa The RSA key to examine. The reference is dropped on return * \param ikey The public key info structure to fill * \rerun NSERROR_OK on success else error code. */ static nserror dsa_to_info(DSA *dsa, struct ns_cert_pkey *ikey) { if (dsa == NULL) { return NSERROR_BAD_PARAMETER; } ikey->algor = strdup("DSA"); ikey->size = ns_DSA_bits(dsa); DSA_free(dsa); return NSERROR_OK; } /** * extract DH key information to info structure * * \param dsa The RSA key to examine. The reference is dropped on return * \param ikey The public key info structure to fill * \rerun NSERROR_OK on success else error code. */ static nserror dh_to_info(DH *dh, struct ns_cert_pkey *ikey) { if (dh == NULL) { return NSERROR_BAD_PARAMETER; } ikey->algor = strdup("Diffie Hellman"); ikey->size = ns_DH_bits(dh); DH_free(dh); return NSERROR_OK; } /** * extract EC key information to info structure * * \param ec The EC key to examine. The reference is dropped on return * \param ikey The public key info structure to fill * \rerun NSERROR_OK on success else error code. */ static nserror ec_to_info(EC_KEY *ec, struct ns_cert_pkey *ikey) { const EC_GROUP *ecgroup; const EC_POINT *ecpoint; BN_CTX *bnctx; char *ecpoint_hex; if (ec == NULL) { return NSERROR_BAD_PARAMETER; } ikey->algor = strdup("Elliptic Curve"); ecgroup = EC_KEY_get0_group(ec); if (ecgroup != NULL) { ikey->size = EC_GROUP_get_degree(ecgroup); ikey->curve = strdup(OBJ_nid2ln(EC_GROUP_get_curve_name(ecgroup))); ecpoint = EC_KEY_get0_public_key(ec); if (ecpoint != NULL) { bnctx = BN_CTX_new(); ecpoint_hex = EC_POINT_point2hex(ecgroup, ecpoint, POINT_CONVERSION_UNCOMPRESSED, bnctx); ikey->public = hexdup(ecpoint_hex); OPENSSL_free(ecpoint_hex); BN_CTX_free(bnctx); } } EC_KEY_free(ec); return NSERROR_OK; } /** * extract public key information to info structure * * \param pkey the public key to examine. The reference is dropped on return * \param ikey The public key info structure to fill * \rerun NSERROR_OK on success else error code. */ static nserror pkey_to_info(EVP_PKEY *pkey, struct ns_cert_pkey *ikey) { nserror res; if (pkey == NULL) { return NSERROR_BAD_PARAMETER; } switch (EVP_PKEY_base_id(pkey)) { case EVP_PKEY_RSA: res = rsa_to_info(EVP_PKEY_get1_RSA(pkey), ikey); break; case EVP_PKEY_DSA: res = dsa_to_info(EVP_PKEY_get1_DSA(pkey), ikey); break; case EVP_PKEY_DH: res = dh_to_info(EVP_PKEY_get1_DH(pkey), ikey); break; case EVP_PKEY_EC: res = ec_to_info(EVP_PKEY_get1_EC_KEY(pkey), ikey); break; default: res = NSERROR_NOT_IMPLEMENTED; break; } EVP_PKEY_free(pkey); return res; } static nserror san_to_info(X509 *cert, struct ns_cert_san **prev_next) { int idx; int san_names_nb = -1; const GENERAL_NAME *current_name; const unsigned char *dns_name; struct ns_cert_san *isan; STACK_OF(GENERAL_NAME) *san_names = NULL; san_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); if (san_names == NULL) { return NSERROR_OK; } san_names_nb = sk_GENERAL_NAME_num(san_names); /* Check each name within the extension */ for (idx = 0; idx < san_names_nb; idx++) { current_name = sk_GENERAL_NAME_value(san_names, idx); if (current_name->type == GEN_DNS) { /* extract DNS name into info structure */ dns_name = ns_ASN1_STRING_get0_data(current_name->d.dNSName); isan = malloc(sizeof(struct ns_cert_san)); if (isan != NULL) { isan->name = strdup((const char *)dns_name); isan->next = NULL; *prev_next = isan; prev_next = &isan->next; } } } /* AmiSSL can't cope with the "correct" mechanism of freeing * the GENERAL_NAME stack, which is: * sk_GENERAL_NAME_pop_free(san_names, GENERAL_NAME_free); * So instead we do this open-coded loop which does the same: */ for (idx = 0; idx < san_names_nb; idx++) { GENERAL_NAME *entry = sk_GENERAL_NAME_pop(san_names); GENERAL_NAME_free(entry); } sk_GENERAL_NAME_free(san_names); return NSERROR_OK; } static nserror der_to_certinfo(const uint8_t *der, size_t der_length, struct ns_cert_info *info) { BIO *mem; BUF_MEM *buf; const ASN1_INTEGER *asn1_num; BIGNUM *bignum; X509 *cert; /**< Pointer to certificate */ if (der == NULL) { return NSERROR_OK; } cert = d2i_X509(NULL, &der, der_length); if (cert == NULL) { return NSERROR_INVALID; } /* * get certificate version * * \note this is defined by standards (X.509 et al) to be one * less than the certificate version. */ info->version = X509_get_version(cert) + 1; /* not before date */ mem = BIO_new(BIO_s_mem()); ASN1_TIME_print(mem, X509_get_notBefore(cert)); BIO_get_mem_ptr(mem, &buf); (void) BIO_set_close(mem, BIO_NOCLOSE); BIO_free(mem); info->not_before = calloc(1, buf->length + 1); if (info->not_before != NULL) { memcpy(info->not_before, buf->data, (unsigned)buf->length); } BUF_MEM_free(buf); /* not after date */ mem = BIO_new(BIO_s_mem()); ASN1_TIME_print(mem, X509_get_notAfter(cert)); BIO_get_mem_ptr(mem, &buf); (void) BIO_set_close(mem, BIO_NOCLOSE); BIO_free(mem); info->not_after = calloc(1, buf->length + 1); if (info->not_after != NULL) { memcpy(info->not_after, buf->data, (unsigned)buf->length); } BUF_MEM_free(buf); /* signature type */ info->sig_type = X509_get_signature_type(cert); /* signature algorithm */ int pkey_nid = ns_X509_get_signature_nid(cert); if (pkey_nid != NID_undef) { const char* sslbuf = OBJ_nid2ln(pkey_nid); if (sslbuf != NULL) { info->sig_algor = strdup(sslbuf); } } /* serial number */ asn1_num = X509_get_serialNumber(cert); if (asn1_num != NULL) { bignum = ASN1_INTEGER_to_BN(asn1_num, NULL); if (bignum != NULL) { char *tmp = BN_bn2hex(bignum); if (tmp != NULL) { info->serialnum = hexdup(tmp); OPENSSL_free(tmp); } BN_free(bignum); bignum = NULL; } } /* fingerprints */ const EVP_MD *digest; unsigned int dig_len; unsigned char *buff; int rc; digest = EVP_sha1(); buff = malloc(EVP_MD_size(digest)); if (buff != NULL) { rc = X509_digest(cert, digest, buff, &dig_len); if ((rc == 1) && (dig_len == (unsigned int)EVP_MD_size(digest))) { info->sha1fingerprint = bindup(buff, dig_len); } free(buff); } digest = EVP_sha256(); buff = malloc(EVP_MD_size(digest)); if (buff != NULL) { rc = X509_digest(cert, digest, buff, &dig_len); if ((rc == 1) && (dig_len == (unsigned int)EVP_MD_size(digest))) { info->sha256fingerprint = bindup(buff, dig_len); } free(buff); } /* subject alternative names */ san_to_info(cert, &info->san); /* issuer name */ xname_to_info(X509_get_issuer_name(cert), &info->issuer_name); /* subject */ xname_to_info(X509_get_subject_name(cert), &info->subject_name); /* public key */ pkey_to_info(X509_get_pubkey(cert), &info->public_key); X509_free(cert); return NSERROR_OK; } /* copy certificate data */ static nserror convert_chain_to_cert_info(const struct cert_chain *chain, struct ns_cert_info **cert_info_out) { struct ns_cert_info *certs; size_t depth; nserror res; certs = calloc(chain->depth, sizeof(struct ns_cert_info)); if (certs == NULL) { return NSERROR_NOMEM; } for (depth = 0; depth < chain->depth;depth++) { res = der_to_certinfo(chain->certs[depth].der, chain->certs[depth].der_length, certs + depth); if (res != NSERROR_OK) { free(certs); return res; } certs[depth].err = chain->certs[depth].err; } *cert_info_out = certs; return NSERROR_OK; } #else static nserror convert_chain_to_cert_info(const struct cert_chain *chain, struct ns_cert_info **cert_info_out) { return NSERROR_NOT_IMPLEMENTED; } #endif static nserror format_certificate_name(struct fetch_about_context *ctx, struct ns_cert_name *cert_name) { nserror res; res = fetch_about_ssenddataf(ctx, "Common Name%s\n", cert_name->common_name); if (res != NSERROR_OK) { return res; } if (cert_name->organisation != NULL) { res = fetch_about_ssenddataf(ctx, "Organisation%s\n", cert_name->organisation); if (res != NSERROR_OK) { return res; } } if (cert_name->organisation_unit != NULL) { res = fetch_about_ssenddataf(ctx, "Organisation Unit%s\n", cert_name->organisation_unit); if (res != NSERROR_OK) { return res; } } if (cert_name->locality != NULL) { res = fetch_about_ssenddataf(ctx, "Locality%s\n", cert_name->locality); if (res != NSERROR_OK) { return res; } } if (cert_name->province != NULL) { res = fetch_about_ssenddataf(ctx, "Privince%s\n", cert_name->province); if (res != NSERROR_OK) { return res; } } if (cert_name->country != NULL) { res = fetch_about_ssenddataf(ctx, "Country%s\n", cert_name->country); if (res != NSERROR_OK) { return res; } } return res; } /** * output formatted certificate subject alternate names */ static nserror format_certificate_san(struct fetch_about_context *ctx, struct ns_cert_san *san) { nserror res; if (san == NULL) { return NSERROR_OK; } res = fetch_about_ssenddataf(ctx, "\n" "\n"); if (res != NSERROR_OK) { return res; } while (san != NULL) { res = fetch_about_ssenddataf(ctx, "\n", san->name); if (res != NSERROR_OK) { return res; } san = san->next; } res = fetch_about_ssenddataf(ctx, "
Alternative Names
DNS Name%s
\n"); return res; } static nserror format_certificate_public_key(struct fetch_about_context *ctx, struct ns_cert_pkey *public_key) { nserror res; if (public_key->algor == NULL) { /* skip the table if no algorithm name */ return NSERROR_OK; } res = fetch_about_ssenddataf(ctx, "\n" "\n" "\n" "\n", public_key->algor, public_key->size); if (res != NSERROR_OK) { return res; } if (public_key->exponent != NULL) { res = fetch_about_ssenddataf(ctx, "\n", public_key->exponent); if (res != NSERROR_OK) { return res; } } if (public_key->modulus != NULL) { res = fetch_about_ssenddataf(ctx, "\n", public_key->modulus); if (res != NSERROR_OK) { return res; } } if (public_key->curve != NULL) { res = fetch_about_ssenddataf(ctx, "\n", public_key->curve); if (res != NSERROR_OK) { return res; } } if (public_key->public != NULL) { res = fetch_about_ssenddataf(ctx, "\n", public_key->public); if (res != NSERROR_OK) { return res; } } res = fetch_about_ssenddataf(ctx, "
Public Key
Algorithm%s
Key Size%d
Exponent%s
Modulus%s
Curve%s
Public Value%s
\n"); return res; } static nserror format_certificate_fingerprint(struct fetch_about_context *ctx, struct ns_cert_info *cert_info) { nserror res; if ((cert_info->sha1fingerprint == NULL) && (cert_info->sha256fingerprint == NULL)) { /* skip the table if no fingerprints */ return NSERROR_OK; } res = fetch_about_ssenddataf(ctx, "\n" "\n"); if (res != NSERROR_OK) { return res; } if (cert_info->sha256fingerprint != NULL) { res = fetch_about_ssenddataf(ctx, "\n", cert_info->sha256fingerprint); if (res != NSERROR_OK) { return res; } } if (cert_info->sha1fingerprint != NULL) { res = fetch_about_ssenddataf(ctx, "\n", cert_info->sha1fingerprint); if (res != NSERROR_OK) { return res; } } res = fetch_about_ssenddataf(ctx, "
Fingerprints
SHA-256%s
SHA-1%s
\n"); return res; } static nserror format_certificate(struct fetch_about_context *ctx, struct ns_cert_info *cert_info, size_t depth) { nserror res; res = fetch_about_ssenddataf(ctx, "

%s

\n", depth, cert_info->subject_name.common_name); if (res != NSERROR_OK) { return res; } if (cert_info->err != SSL_CERT_ERR_OK) { res = fetch_about_ssenddataf(ctx, "\n" "" "" "" "" "
Fault%s
\n", messages_get_sslcode(cert_info->err)); if (res != NSERROR_OK) { return res; } } res = fetch_about_ssenddataf(ctx, "\n" "\n"); if (res != NSERROR_OK) { return res; } res = format_certificate_name(ctx, &cert_info->subject_name); if (res != NSERROR_OK) { return res; } res = fetch_about_ssenddataf(ctx, "
Issued To
\n"); if (res != NSERROR_OK) { return res; } res = fetch_about_ssenddataf(ctx, "\n" "\n"); if (res != NSERROR_OK) { return res; } res = format_certificate_name(ctx, &cert_info->issuer_name); if (res != NSERROR_OK) { return res; } res = fetch_about_ssenddataf(ctx, "
Issued By
\n"); if (res != NSERROR_OK) { return res; } res = fetch_about_ssenddataf(ctx, "\n" "\n" "\n" "\n" "
Validity
Valid From%s
Valid Until%s
\n", cert_info->not_before, cert_info->not_after); if (res != NSERROR_OK) { return res; } res = format_certificate_san(ctx, cert_info->san); if (res != NSERROR_OK) { return res; } res = format_certificate_public_key(ctx, &cert_info->public_key); if (res != NSERROR_OK) { return res; } res = fetch_about_ssenddataf(ctx, "\n" "\n"); if (res != NSERROR_OK) { return res; } if (cert_info->serialnum != NULL) { res = fetch_about_ssenddataf(ctx, "\n", cert_info->serialnum); if (res != NSERROR_OK) { return res; } } if (cert_info->sig_algor != NULL) { res = fetch_about_ssenddataf(ctx, "" "\n", cert_info->sig_algor); if (res != NSERROR_OK) { return res; } } res = fetch_about_ssenddataf(ctx, "\n" "
Miscellaneous
Serial Number%s
Signature Algorithm%s
Version%ld
\n", cert_info->version); if (res != NSERROR_OK) { return res; } res = format_certificate_fingerprint(ctx, cert_info); if (res != NSERROR_OK) { return res; } return res; } /** * Handler to generate about:certificate page. * * Shows details of a certificate chain * * \param ctx The fetcher context. * \return true if handled false if aborted. */ bool fetch_about_certificate_handler(struct fetch_about_context *ctx) { int code = 200; nserror res; struct cert_chain *chain = NULL; /* content is going to return ok */ fetch_about_set_http_code(ctx, code); /* content type */ if (fetch_about_send_header(ctx, "Content-Type: text/html")) goto fetch_about_certificate_handler_aborted; /* page head */ res = fetch_about_ssenddataf(ctx, "\n\n" "NetSurf Browser Certificate Viewer\n" "\n" "\n" "\n" "

Certificate

\n"); if (res != NSERROR_OK) { goto fetch_about_certificate_handler_aborted; } res = cert_chain_from_query(fetch_about_get_url(ctx), &chain); if (res != NSERROR_OK) { res = fetch_about_ssenddataf(ctx, "

Could not process that

\n"); if (res != NSERROR_OK) { goto fetch_about_certificate_handler_aborted; } } else { struct ns_cert_info *cert_info; res = convert_chain_to_cert_info(chain, &cert_info); if (res == NSERROR_OK) { size_t depth; res = fetch_about_ssenddataf(ctx, "
    \n"); if (res != NSERROR_OK) { free_ns_cert_info(cert_info); goto fetch_about_certificate_handler_aborted; } for (depth = 0; depth < chain->depth; depth++) { res = fetch_about_ssenddataf(ctx, "
  • %s
    • \n", depth, (cert_info + depth) ->subject_name .common_name); if (res != NSERROR_OK) { free_ns_cert_info(cert_info); goto fetch_about_certificate_handler_aborted; } } res = fetch_about_ssenddataf(ctx, "
\n"); if (res != NSERROR_OK) { free_ns_cert_info(cert_info); goto fetch_about_certificate_handler_aborted; } for (depth = 0; depth < chain->depth; depth++) { res = format_certificate(ctx, cert_info + depth, depth); if (res != NSERROR_OK) { free_ns_cert_info(cert_info); goto fetch_about_certificate_handler_aborted; } } free_ns_cert_info(cert_info); } else { res = fetch_about_ssenddataf(ctx, "

Invalid certificate data

\n"); if (res != NSERROR_OK) { goto fetch_about_certificate_handler_aborted; } } } /* page footer */ res = fetch_about_ssenddataf(ctx, "\n\n"); if (res != NSERROR_OK) { goto fetch_about_certificate_handler_aborted; } fetch_about_send_finished(ctx); cert_chain_free(chain); return true; fetch_about_certificate_handler_aborted: cert_chain_free(chain); return false; }