-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path0001-Bug-770880-Revamp-certificate-warning-accept-dialog.patch
180 lines (169 loc) · 6.32 KB
/
0001-Bug-770880-Revamp-certificate-warning-accept-dialog.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
From 88916aaf9083d53a4033b9c8704462cda133bd10 Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Thu, 15 Dec 2016 12:53:15 +0000
Subject: [PATCH 1/2] Bug 770880 - Revamp certificate warning/accept dialog
---
auth-dialog/Makefile.am | 2 +
auth-dialog/main.c | 105 ++++++++++++++++++++++++++++++++++++------------
configure.ac | 3 ++
3 files changed, 84 insertions(+), 26 deletions(-)
diff --git a/auth-dialog/Makefile.am b/auth-dialog/Makefile.am
index 96a651c..4bc4438 100644
--- a/auth-dialog/Makefile.am
+++ b/auth-dialog/Makefile.am
@@ -4,6 +4,7 @@ nm_openconnect_auth_dialog_CPPFLAGS = \
$(LIBNM_CFLAGS) \
$(GLIB_CFLAGS) \
$(GTK_CFLAGS) \
+ $(GCR_CFLAGS) \
$(OPENCONNECT_CFLAGS) \
$(LIBXML_CFLAGS) \
$(LIBSECRET_CFLAGS) \
@@ -19,6 +20,7 @@ nm_openconnect_auth_dialog_SOURCES = \
nm_openconnect_auth_dialog_LDADD = \
$(GTK_LIBS) \
+ $(GCR_LIBS) \
$(LIBNM_LIBS) \
$(OPENCONNECT_LIBS) \
$(LIBXML_LIBS) \
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index 9c95624..63d570a 100644
--- a/auth-dialog/main.c
+++ b/auth-dialog/main.c
@@ -37,6 +37,8 @@
#include <gtk/gtk.h>
#include <glib-unix.h>
+#include <gcr/gcr.h>
+
#include <libsecret/secret.h>
#include "openconnect.h"
@@ -740,41 +742,92 @@ static char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
}
#endif
+static void cert_dialog_cancel_clicked (GtkButton *btn, GtkDialog *dlg)
+{
+ gtk_dialog_response(dlg, GTK_RESPONSE_CANCEL);
+}
+
+static void cert_dialog_connect_clicked (GtkButton *btn, GtkDialog *dlg)
+{
+ gtk_dialog_response(dlg, GTK_RESPONSE_OK);
+}
+
static gboolean user_validate_cert(cert_data *data)
{
auth_ui_data *ui_data = _ui_data; /* FIXME global */
+
+ GtkWidget *dlg;
char *title;
- GtkWidget *dlg, *text, *scroll;
- GtkTextBuffer *buffer;
+
+ GtkWidget *vbox, *hbox, *expander_hbox;
+
+ char *warning_label_text;
+ GtkWidget *warning_label;
+
+ unsigned char *der_cert;
+ int der_cert_size;
+ GcrCertificate *cert;
+ GcrCertificateWidget *cert_widget;
+
+ GtkWidget *cancel_button;
+ GtkWidget *security_expander;
+ GtkWidget *connect_button;
+
int result;
-
+
title = get_title(data->ui_data->vpn_name);
- dlg = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_QUESTION,
- GTK_BUTTONS_OK_CANCEL,
- _("Certificate from VPN server “%s” failed verification.\n"
- "Reason: %s\nDo you want to accept it?"),
- openconnect_get_hostname(data->ui_data->vpninfo),
- data->reason);
- gtk_window_set_skip_taskbar_hint(GTK_WINDOW(dlg), FALSE);
- gtk_window_set_skip_pager_hint(GTK_WINDOW(dlg), FALSE);
+ dlg = gtk_dialog_new();
+ gtk_window_set_modal(GTK_WINDOW(dlg), true);
gtk_window_set_title(GTK_WINDOW(dlg), title);
- gtk_window_set_default_size(GTK_WINDOW(dlg), 550, 600);
- gtk_window_set_resizable(GTK_WINDOW(dlg), TRUE);
- gtk_dialog_set_default_response(GTK_DIALOG(dlg), GTK_RESPONSE_CANCEL);
-
+ gtk_window_set_default_size(GTK_WINDOW(dlg), 350, 200);
g_free(title);
- scroll = gtk_scrolled_window_new(NULL, NULL);
- gtk_box_pack_start(GTK_BOX (gtk_dialog_get_content_area(GTK_DIALOG (dlg))), scroll, TRUE, TRUE, 0);
- gtk_widget_show(scroll);
-
- text = gtk_text_view_new();
- buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
- gtk_text_buffer_set_text(buffer, data->cert_details, -1);
- gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
- gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
- gtk_container_add(GTK_CONTAINER(scroll), text);
- gtk_widget_show(text);
+ vbox = gtk_box_new(GTK_ORIENTATION_VERTICAL, 8);
+ gtk_box_pack_start(GTK_BOX (gtk_dialog_get_content_area(GTK_DIALOG (dlg))), vbox, TRUE, TRUE, 0);
+ gtk_container_set_border_width(GTK_CONTAINER(vbox), 8);
+ gtk_widget_show(vbox);
+
+ warning_label_text = g_strconcat(_("<b>The certificate may be invalid or untrusted!</b>\n"),
+ _("<b>Reason: "), data->reason, ".</b>",
+ NULL);
+ warning_label = gtk_label_new(NULL);
+ gtk_label_set_markup(GTK_LABEL(warning_label), warning_label_text);
+ gtk_box_pack_start(GTK_BOX(vbox), GTK_WIDGET(warning_label), FALSE, FALSE, 0);
+ gtk_widget_set_halign(warning_label, GTK_ALIGN_START);
+ gtk_label_set_line_wrap(GTK_LABEL(warning_label), true);
+ gtk_widget_show(warning_label);
+ g_free(warning_label_text);
+
+ der_cert_size = openconnect_get_peer_cert_DER(data->ui_data->vpninfo, &der_cert);
+ cert = gcr_simple_certificate_new_static(der_cert, der_cert_size);
+ cert_widget = gcr_certificate_widget_new(cert);
+ gtk_box_pack_start(GTK_BOX(vbox), GTK_WIDGET(cert_widget), FALSE, FALSE, 0);
+ gtk_widget_show(GTK_WIDGET(cert_widget));
+
+ hbox = gtk_box_new(GTK_ORIENTATION_HORIZONTAL, 4);
+ gtk_box_pack_start(GTK_BOX(vbox), hbox, FALSE, FALSE, 0);
+ gtk_widget_show(hbox);
+
+ cancel_button = gtk_button_new_with_mnemonic(_("_Cancel"));
+ gtk_box_pack_start(GTK_BOX(hbox), cancel_button, FALSE, FALSE, 0);
+ g_signal_connect(cancel_button, "clicked", G_CALLBACK(cert_dialog_cancel_clicked), dlg);
+ gtk_widget_show(cancel_button);
+
+ security_expander = gtk_expander_new(_("I really know what I am doing"));
+ gtk_box_pack_start(GTK_BOX(vbox), security_expander, FALSE, FALSE, 0);
+ gtk_widget_show(security_expander);
+
+ expander_hbox = gtk_box_new(GTK_ORIENTATION_HORIZONTAL, 0);
+ gtk_container_add(GTK_CONTAINER(security_expander), expander_hbox);
+ gtk_container_set_border_width(GTK_CONTAINER(expander_hbox), 0);
+ gtk_widget_show(expander_hbox);
+
+ connect_button = gtk_button_new_with_label(_("Connect anyway"));
+ gtk_box_pack_start(GTK_BOX(expander_hbox), connect_button, FALSE, FALSE, 0);
+ gtk_widget_set_margin_start(connect_button, 12);
+ gtk_widget_set_margin_top(connect_button, 8);
+ g_signal_connect(connect_button, "clicked", G_CALLBACK(cert_dialog_connect_clicked), dlg);
+ gtk_widget_show(connect_button);
result = gtk_dialog_run(GTK_DIALOG(dlg));
diff --git a/configure.ac b/configure.ac
index c4d2d06..4decd91 100644
--- a/configure.ac
+++ b/configure.ac
@@ -91,6 +91,9 @@ PKG_CHECK_MODULES(LIBXML, libxml-2.0)
if test x"$with_gnome" != xno; then
PKG_CHECK_MODULES(GTK, gtk+-3.0 >= 3.4)
GTK_CFLAGS="$GTK_CFLAGS -DGDK_VERSION_MIN_REQUIRED=GDK_VERSION_3_4"
+
+ PKG_CHECK_MODULES(GCR, gcr-3 >= 3.4)
+ GCR_CFLAGS="$GCR_CFLAGS -DGCR_API_SUBJECT_TO_CHANGE"
PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18, [], [
dnl We use the secret service API that went stable in 0.18
--
2.9.3