Support SSL verification through new about: handler

In doing this, also propagate why the certificates were bad
so that the page can display a reason.  We will need FatMessages
for all these.

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>

3 files changed, 58 insertions, 0 deletions

diff --git a/utils/corestringlist.h b/utils/corestringlist.h
index e6530c506..82fffe263 100644
--- a/utils/corestringlist.h
+++ b/utils/corestringlist.h
@@ -147,6 +147,7 @@ CORESTRING_LWC_VALUE(max_age, "max-age");
 CORESTRING_LWC_VALUE(no_cache, "no-cache");
 CORESTRING_LWC_VALUE(no_store, "no-store");
 CORESTRING_LWC_VALUE(query_auth, "query/auth");
+CORESTRING_LWC_VALUE(query_ssl, "query/ssl");
 
 /* mime types */
 CORESTRING_LWC_VALUE(multipart_form_data, "multipart/form-data");
diff --git a/utils/messages.c b/utils/messages.c
index 5beeba38d..29443f99e 100644
--- a/utils/messages.c
+++ b/utils/messages.c
@@ -343,6 +343,54 @@ const char *messages_get_errorcode(nserror code)
 	return messages_get_ctx("Unknown", messages_hash);
 }
 
+/* exported function documented in utils/messages.h */
+const char *messages_get_sslcode(ssl_cert_err code)
+{
+	switch (code) {
+	case SSL_CERT_ERR_OK:
+		/* Nothing wrong with this certificate */
+		return messages_get_ctx("SSLCertErrOk", messages_hash);
+
+	case SSL_CERT_ERR_UNKNOWN:
+		/* Unknown error */
+		return messages_get_ctx("SSLCertErrUnknown", messages_hash);
+
+	case SSL_CERT_ERR_BAD_ISSUER:
+		/* Bad issuer */
+		return messages_get_ctx("SSLCertErrBadIssuer", messages_hash);
+
+	case SSL_CERT_ERR_BAD_SIG:
+		/* Bad signature on this certificate */
+		return messages_get_ctx("SSLCertErrBadSig", messages_hash);
+
+	case SSL_CERT_ERR_TOO_YOUNG:
+		/* This certificate is not yet valid */
+		return messages_get_ctx("SSLCertErrTooYoung", messages_hash);
+
+	case SSL_CERT_ERR_TOO_OLD:
+		/* This certificate is no longer valid */
+		return messages_get_ctx("SSLCertErrTooOld", messages_hash);
+
+	case SSL_CERT_ERR_SELF_SIGNED:
+		/* This certificate is self signed */
+		return messages_get_ctx("SSLCertErrSelfSigned", messages_hash);
+
+	case SSL_CERT_ERR_CHAIN_SELF_SIGNED:
+		/* This certificate chain is self signed */
+		return messages_get_ctx("SSLCertErrChainSelfSigned", messages_hash);
+
+	case SSL_CERT_ERR_REVOKED:
+		/* This certificate has been revoked */
+		return messages_get_ctx("SSLCertErrRevoked", messages_hash);
+	}
+
+	/* The switch has no default, so the compiler should tell us when we
+	 * forget to add messages for new error codes.  As such, we should
+	 * never get here.
+	 */
+	assert(0);
+	return messages_get_ctx("Unknown", messages_hash);
+}
 
 /* exported function documented in utils/messages.h */
 void messages_destroy(void)
diff --git a/utils/messages.h b/utils/messages.h
index 4024f7e77..635d6e8e4 100644
--- a/utils/messages.h
+++ b/utils/messages.h
@@ -36,6 +36,7 @@
 #include <stdint.h>
 
 #include "utils/errors.h"
+#include "netsurf/ssl_certs.h"
 
 /**
  * Read keys and values from messages file into the standard Messages hash.
@@ -79,6 +80,14 @@ const char *messages_get(const char *key);
 const char *messages_get_errorcode(nserror code);
 
 /**
+ * lookup of a message by SSL error code from the standard Messages hash.
+ *
+ * \param code ssl error code
+ * \return message text
+ */
+const char *messages_get_sslcode(ssl_cert_err code);
+
+/**
  * Formatted message from a key in the global message hash.
  *
  * \param  key  key of message