Created attachment 25569 [details] program is capable to store all the cookies in a hidden folder in ur home directory and it is also capable to render a SSL certificate on the terminal.. I have done some modifications as said by Mr. Oliver Kindly have a look at it. Only problem is the this works only for yahoo and certificates are not shown for others.

Comment on attachment 25569 [details] program is capable to store all the cookies in a hidden folder in ur home directory and it is also capable to render a SSL certificate on the terminal.. I have done some modifications as said by Mr. Oliver Kindly have a look at it. I'm not a gtk reviewer in general but there a few style issues we can clean up prior to getting alp and co to have a look: > + * Copyright (C) 2008 sleepy_cat. This should be your actual name :D > * All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > @@ -29,7 +30,15 @@ > * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > */ > > +#include "stdio.h" > +#include "stdlib.h" > +#include "unistd.h" > +#include "string.h" > +#include "curl/curl.h" > +#include "curl/types.h" > +#include "curl/easy.h" These new #includes should go in alphabetical order with all the other #includes further down in the file > curl_easy_getinfo(d->m_handle, CURLINFO_EFFECTIVE_URL, &url); > - fprintf(stderr, "Curl ERROR for url='%s', error: '%s'\n", url, curl_easy_strerror(msg->data.result)); > + printf("Curl ERROR for url='%s', error: '%s'\n", url, curl_easy_strerror(msg->data.result)); This should probably still be fprintf rather than printf > - if (base64Decode(data.latin1().data(), data.latin1().length(), out) && out.size() > 0) > + if (base64Decode(data.latin1().data(), data.latin1().length(), out)) > client->didReceiveData(handle, out.data(), out.size(), 0); > - if (data.length() > 0) > - client->didReceiveData(handle, reinterpret_cast<const char*>(data.characters()), data.length() * sizeof(UChar), 0); > + client->didReceiveData(handle, reinterpret_cast<const char*>(data.characters()), data.length() * sizeof(UChar), 0); > } Why did you remove the out.size() checks? > > client->didFinishLoading(handle); > @@ -582,11 +613,14 @@ > > m_runningJobs++; > CURLMcode ret = curl_multi_add_handle(m_curlMultiHandle, job->getInternal()->m_handle); > + > + > // don't call perform, because events must be async > // timeout will occur and do curl_multi_perform > + > if (ret && ret != CURLM_CALL_MULTI_PERFORM) { Why add the additional newlines :D > #ifndef NDEBUG > - fprintf(stderr, "Error %d starting job %s\n", ret, encodeWithURLEscapeSequences(job->request().url().string()).latin1().data()); > + printf("Error %d starting job %s\n", ret, encodeWithURLEscapeSequences(job->request().url().string()).latin1().data()); > #endif printf vs. fprintf again > + strcpy(path , loc); > +strcat(path , "/.midori"); I don't believe strcpy and strcat are unicode safe so i'm > + if(!res && ci) { > + int i; > + printf("%d certs!\n", ci->num_of_certs); This looks like you left unintentional debugging code :D

Comment on attachment 25569 [details] program is capable to store all the cookies in a hidden folder in ur home directory and it is also capable to render a SSL certificate on the terminal.. I have done some modifications as said by Mr. Oliver Kindly have a look at it. --- /home/webkit-old/WebCore/platform/network/curl/ResourceHandleManager.cpp 2008-11-28 15:13:42.000000000 +0530 +++ /home/webkit/WebCore/platform/network/curl/ResourceHandleManager.cpp 2008-11-28 14:20:30.000000000 +0530 @@ -5,6 +5,7 @@ * Copyright (C) 2007 Holger Hans Peter Freyther * Copyright (C) 2008 Collabora Ltd. * Copyright (C) 2008 Nuanti Ltd. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -29,7 +30,15 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Base64.h" @@ -41,11 +50,29 @@ #include "config.h" +#include "curl/curl.h" +#include "curl/easy.h" +#include "curl/types.h" +#include <ctype.h> +#include <db.h> +#include "errno.h" +#include <fcntl.h> +#include <limits.h> +#include <netdb.h> +#include <netinet/in.h> #include "ResourceHandle.h" #include "ResourceHandleInternal.h" #include "ResourceHandleManager.h" +#include <signal.h> +#include "stdio.h" +#include "stdlib.h" +#include "string.h" +#include <sys/acct.h> +#include <sys/select.h> +#include <sys/socket.h> +#include <sys/stpat.h> +#include <sys/time.h> +#include <sys/types.h> +#include <sys/wait.h> #include "TextEncoding.h" +#include "unistd.h" #include <wtf/Vector.h> #if PLATFORM(GTK) #if GLIB_CHECK_VERSION(2,12,0) #define USE_GLIB_BASE64 @@ -57,8 +84,9 @@ const int selectTimeoutMS = 5; const double pollTimeSeconds = 0.05; const int maxRunningJobs = 5; +char user_agent[250]; +char *loc = getenv("HOME"); +char path[100]; ResourceHandleManager::ResourceHandleManager() : m_downloadTimer(this, &ResourceHandleManager::downloadTimerCallback) @@ -72,25 +100,22 @@ curl_share_setopt(m_curlShareHandle, CURLSHOPT_SHARE, CURL_LOCK_DATA_DNS); } +//curl_share_setop - set obj for a shared obj + ResourceHandleManager::~ResourceHandleManager() { + curl_multi_cleanup(m_curlMultiHandle); //closes down multiple sessions + curl_share_cleanup(m_curlShareHandle); //clean up shared objects + /* if (m_cookieJarFileName) + free(m_cookieJarFileName);*/ curl_global_cleanup(); } ResourceHandleManager* ResourceHandleManager::sharedInstance() { static ResourceHandleManager* sharedInstance = 0; if (!sharedInstance) + sharedInstance = new ResourceHandleManager(); return sharedInstance; } @@ -108,7 +133,7 @@ #endif size_t totalSize = size * nmemb; + // this shouldn't be necessary but apparently is. CURL writes the data // of html page even if it is a redirect that was handled internally // can be observed e.g. on gmail.com @@ -123,9 +148,10 @@ // which means the ResourceLoader's response does not contain the URL. // Run the code here for local files to resolve the issue. // TODO: See if there is a better approach for handling this. + if (!d->m_response.responseFired()) { const char* hdr; + err = curl_easy_getinfo(h, CURLINFO_EFFECTIVE_URL, &hdr); //returns the effective url used lately d->m_response.setUrl(KURL(hdr)); if (d->client()) d->client()->didReceiveResponse(job, d->m_response); @@ -146,6 +172,12 @@ * update the ResourceResponse and then send it away. * */ + +static size_t wrfu(void *ptr, size_t size, size_t nmemb, void *stream) + { + return size * nmemb; + } + static size_t headerCallback(char* ptr, size_t size, size_t nmemb, void* data) { ResourceHandle* job = static_cast<ResourceHandle*>(data); @@ -309,7 +341,7 @@ continue; ResourceHandleInternal* d = job->getInternal(); ASSERT(d->m_handle == handle); + if (d->m_cancelled) { removeFromCurl(job); continue; @@ -325,7 +357,7 @@ #ifndef NDEBUG char* url = 0; curl_easy_getinfo(d->m_handle, CURLINFO_EFFECTIVE_URL, &url); + printf("Curl ERROR for url='%s', error: '%s'\n", url, curl_easy_strerror(msg->data.result)); #endif if (d->client()) d->client()->didFail(job, ResourceError()); @@ -518,12 +550,12 @@ size_t outLength = 0; char* outData = 0; outData = reinterpret_cast<char*>(g_base64_decode(data.utf8().data(), &outLength)); + if (outData) client->didReceiveData(handle, outData, outLength, 0); g_free(outData); #else Vector<char> out; + if (base64Decode(data.latin1().data(), data.latin1().length(), out)) client->didReceiveData(handle, out.data(), out.size(), 0); #endif } else { @@ -531,8 +563,7 @@ data = decodeURLEscapeSequences(data, TextEncoding(charset)); response.setTextEncodingName("UTF-16"); client->didReceiveResponse(handle, response); + client->didReceiveData(handle, reinterpret_cast<const char*>(data.characters()), data.length() * sizeof(UChar), 0); } client->didFinishLoading(handle); @@ -582,11 +613,14 @@ m_runningJobs++; CURLMcode ret = curl_multi_add_handle(m_curlMultiHandle, job->getInternal()->m_handle); + + // don't call perform, because events must be async // timeout will occur and do curl_multi_perform + if (ret && ret != CURLM_CALL_MULTI_PERFORM) { #ifndef NDEBUG + printf("Error %d starting job %s\n", ret, encodeWithURLEscapeSequences(job->request().url().string()).latin1().data()); #endif job->cancel(); return; @@ -611,9 +645,10 @@ // Determine the MIME type based on the path. d->m_response.setMimeType(MIMETypeRegistry::getMIMETypeForPath(url)); } + curl_global_init(CURL_GLOBAL_ALL); d->m_handle = curl_easy_init(); + + #if LIBCURL_VERSION_NUM > 0x071200 if (d->m_defersLoading) { CURLcode error = curl_easy_pause(d->m_handle, CURLPAUSE_ALL); @@ -626,6 +661,9 @@ if (getenv("DEBUG_CURL")) curl_easy_setopt(d->m_handle, CURLOPT_VERBOSE, 1); #endif + + CURLcode res; + curl_easy_setopt(d->m_handle, CURLOPT_PRIVATE, job); curl_easy_setopt(d->m_handle, CURLOPT_ERRORBUFFER, m_curlErrorBuffer); curl_easy_setopt(d->m_handle, CURLOPT_WRITEFUNCTION, writeCallback); @@ -633,28 +671,68 @@ curl_easy_setopt(d->m_handle, CURLOPT_HEADERFUNCTION, headerCallback); curl_easy_setopt(d->m_handle, CURLOPT_WRITEHEADER, job); curl_easy_setopt(d->m_handle, CURLOPT_AUTOREFERER, 1); + curl_easy_setopt(d->m_handle, CURLOPT_FOLLOWLOCATION,1); curl_easy_setopt(d->m_handle, CURLOPT_MAXREDIRS, 10); curl_easy_setopt(d->m_handle, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_easy_setopt(d->m_handle, CURLOPT_SHARE, m_curlShareHandle); curl_easy_setopt(d->m_handle, CURLOPT_DNS_CACHE_TIMEOUT, 60 * 5); // 5 minutes + // enable gzip and deflate through Accept-Encoding: curl_easy_setopt(d->m_handle, CURLOPT_ENCODING, ""); + // url must remain valid through the request ASSERT(!d->m_url); + // url is in ASCII so latin1() will only convert it to char* without character translation. d->m_url = strdup(url.latin1().data()); curl_easy_setopt(d->m_handle, CURLOPT_URL, d->m_url); + + strcpy(path , loc); +strcat(path , "/.midori"); + + mkdir (path, S_IRWXU); + + strcat(path , "/cookies.txt"); + + curl_easy_setopt(d->m_handle, CURLOPT_COOKIEFILE, path); + curl_easy_setopt(d->m_handle, CURLOPT_COOKIEJAR, path); + curl_easy_perform(d->m_handle); + g_print("\nUrl before passin onto cert func %s\n",d->m_url); + + if(d->m_handle) { + + curl_easy_setopt(d->m_handle, CURLOPT_URL, d->m_url); + + curl_easy_setopt(d->m_handle, CURLOPT_WRITEFUNCTION, wrfu); + + curl_easy_setopt(d->m_handle, CURLOPT_SSL_VERIFYPEER, 1L); + curl_easy_setopt(d->m_handle, CURLOPT_SSL_VERIFYHOST, 2L); + + curl_easy_setopt(d->m_handle, CURLOPT_VERBOSE, 0L); + curl_easy_setopt(d->m_handle, CURLOPT_CERTINFO, 1L); + + res = curl_easy_perform(d->m_handle); + + if(!res) { + struct curl_certinfo *ci = NULL; + + res = curl_easy_getinfo(d->m_handle, CURLINFO_CERTINFO, &ci); + + if(!res && ci) { + int i; + printf("%d certs!\n", ci->num_of_certs); + + for(i=0; i<ci->num_of_certs; i++) { + struct curl_slist *slist; + + for(slist = ci->certinfo[i]; slist; slist = slist->next) + printf("%s\n", slist->data); + + } + } + + } + } struct curl_slist* headers = 0; @@ -685,7 +763,7 @@ curl_easy_setopt(d->m_handle, CURLOPT_HTTPHEADER, headers); d->m_customHeaders = headers; } + } void ResourceHandleManager::cancel(ResourceHandle* job) { @@ -697,5 +775,5 @@ if (!m_downloadTimer.isActive()) m_downloadTimer.startOneShot(pollTimeSeconds); } + } // namespace WebCore

Comment on attachment 25569 [details] program is capable to store all the cookies in a hidden folder in ur home directory and it is also capable to render a SSL certificate on the terminal.. I have done some modifications as said by Mr. Oliver Kindly have a look at it. Please see http://webkit.org/coding/contributing.html for how to contribute. e.g. use the scripts to generate a ChangeLog, then create the patch. Some general rules: - Try to not revert things.... (e.g. you manually ran diff?, use svn diff..., git...) - Try to not keep dead code around - Try to not do whitespace changes, as they are hard to review (increasing the size of the diff...) > +//curl_share_setop - set obj for a shared obj > + > + /* if (m_cookieJarFileName) > + free(m_cookieJarFileName);*/ No, we never keep dead code around. We have a SCM for that. > + > +static size_t wrfu(void *ptr, size_t size, size_t nmemb, void *stream) ??? what is this supposed to mean? > - > + you have many many whitespace changes... > curl_easy_getinfo(d->m_handle, CURLINFO_EFFECTIVE_URL, &url); > - fprintf(stderr, "Curl ERROR for url='%s', error: '%s'\n", url, curl_easy_strerror(msg->data.result)); > + printf("Curl ERROR for url='%s', error: '%s'\n", url, curl_easy_strerror(msg->data.result)); this is reverting a patch/fix. > - if (outData && outLength > 0) > + if (outData) > - if (base64Decode(data.latin1().data(), data.latin1().length(), out) && out.size() > 0) > + if (base64Decode(data.latin1().data(), data.latin1().length(), out)) > client->didReceiveData(handle, out.data(), out.size(), 0); > - if (data.length() > 0) > - client->didReceiveData(handle, reinterpret_cast<const char*>(data.characters()), data.length() * sizeof(UChar), 0); > + client->didReceiveData(handle, reinterpret_cast<const char*>(data.characters()), data.length() * sizeof(UChar), 0); these revert another set of patches... not good. > #ifndef NDEBUG > - fprintf(stderr, "Error %d starting job %s\n", ret, encodeWithURLEscapeSequences(job->request().url().string()).latin1().data()); > + printf("Error %d starting job %s\n", ret, encodeWithURLEscapeSequences(job->request().url().string()).latin1().data more patches reverted > - curl_easy_setopt(d->m_handle, CURLOPT_FOLLOWLOCATION, 1); > + curl_easy_setopt(d->m_handle, CURLOPT_FOLLOWLOCATION,1); whitespace change... > + strcpy(path , loc); > +strcat(path , "/.midori"); > + > + mkdir (path, S_IRWXU); > + > + strcat(path , "/cookies.txt"); No, I would so much prefer to get the the other cookie patch in (ironically I have to review that too...). Within WebCore we can never do the right thing with regard to storing the cookies to disk. This part is even wrong for "midori", not honoring XDG specs for the location of the config dir, locking when multiple apps using webkit get cookies, poisoning the "shared" cookies... One wants to expose API to do the cookie management outside of WebKit/WebCore. Please see Bug #14730 for another approach to the problem.

I don't even understand what this bug is about. It sounded like a security problem to me, but then it seems like this is trying to implement cookie management and dumping ssl certificates to stdout? I'll close this bug, since we already have enough bugs dealing with those issues =).