Dear Lynx developers,
I was looking for a way to tell Lynx to accept the certificates that
the package ca-certificates in Debian collects and maintains.
I noticed that apparently Lynx only accepts the mention of a file
containing all valid certificates via the environment variable
SSL_CERT_FILE but did not support a configuration option.
I would like to use a system wide setting since it would integrate
lynx well in the Debian CA architecture. I hope that this does not
infer with your goals of certification support.
I'd be glad if a new release of Lynx would support this and thus
sending you the patch that adds this. I'd be glad if you could
include it as is or modified, as you like.
The patch is made against 2.8.7dev.7.
Regards,
Joey
--
Long noun chains don't automatically imply security. -- Bruce Schneier
Please always Cc to me when replying to me on the lists.
diff -u -p -Nur orig/lynx2-8-7/lynx.cfg lynx2-8-7/lynx.cfg
--- orig/lynx2-8-7/lynx.cfg 2007-11-03 09:37:43.000000000 +0100
+++ lynx2-8-7/lynx.cfg 2007-11-03 11:03:21.000000000 +0100
@@ -3416,6 +3416,12 @@ GLOBAL_MAILCAP:/etc/mailcap
#
#FORCE_COOKIE_PROMPT:PROMPT
+.h2 SSL_CERT_FILE
+# Set SSL_CERT_FILE to the file that contains all valid CA certificates lynx
+# should accept.
+#
+SSL_CERT_FILE:/etc/ssl/certs/ca-certificates.crt
+
.h1 Appearance
.h2 SCREEN_SIZE
diff -u -p -Nur orig/lynx2-8-7/src/LYGlobalDefs.h lynx2-8-7/src/LYGlobalDefs.h
--- orig/lynx2-8-7/src/LYGlobalDefs.h 2007-05-18 00:53:22.000000000 +0200
+++ lynx2-8-7/src/LYGlobalDefs.h 2007-11-03 10:55:09.000000000 +0100
@@ -493,6 +493,8 @@ extern "C" {
extern BOOLEAN LYNoISMAPifUSEMAP; /* Omit ISMAP link if MAP present? */
extern int LYHiddenLinks;
+ extern char *SSL_cert_file; /* Default CA CERT file */
+
extern int Old_DTD;
#define MBM_V_MAXFILES 25 /* Max number of sub-bookmark files */
diff -u -p -Nur orig/lynx2-8-7/src/LYMain.c lynx2-8-7/src/LYMain.c
--- orig/lynx2-8-7/src/LYMain.c 2007-11-03 09:38:09.000000000 +0100
+++ lynx2-8-7/src/LYMain.c 2007-11-03 11:00:20.000000000 +0100
@@ -512,6 +512,8 @@ char *XLoadImageCommand = NULL; /* Defau
BOOLEAN LYNoISMAPifUSEMAP = FALSE; /* Omit ISMAP link if MAP present? */
int LYHiddenLinks = HIDDENLINKS_SEPARATE; /* Show hidden links? */
+char *SSL_cert_file = NULL; /* Default CA CERT file */
+
int Old_DTD = NO;
static BOOL DTD_recovery = NO;
@@ -1263,6 +1265,7 @@ int main(int argc,
StrAllocCopy(URLDomainPrefixes, URL_DOMAIN_PREFIXES);
StrAllocCopy(URLDomainSuffixes, URL_DOMAIN_SUFFIXES);
StrAllocCopy(XLoadImageCommand, XLOADIMAGE_COMMAND);
+ StrAllocCopy(SSL_cert_file, SSL_CERT_FILE);
#ifndef DISABLE_BIBP
StrAllocCopy(BibP_globalserver, BIBP_GLOBAL_SERVER);
diff -u -p -Nur orig/lynx2-8-7/src/LYrcFile.h lynx2-8-7/src/LYrcFile.h
--- orig/lynx2-8-7/src/LYrcFile.h 2007-05-18 00:53:22.000000000 +0200
+++ lynx2-8-7/src/LYrcFile.h 2007-11-03 10:39:24.000000000 +0100
@@ -248,6 +248,7 @@
#define RC_XLOADIMAGE_COMMAND "xloadimage_command"
#define RC_ZCAT_PATH "zcat_path"
#define RC_ZIP_PATH "zip_path"
+#define RC_SSL_CERT_FILE "ssl_cert_file"
extern Config_Enum tbl_force_prompt[];
extern Config_Enum tbl_keypad_mode[];
diff -u -p -Nur orig/lynx2-8-7/src/LYReadCFG.c lynx2-8-7/src/LYReadCFG.c
--- orig/lynx2-8-7/src/LYReadCFG.c 2007-11-03 09:38:09.000000000 +0100
+++ lynx2-8-7/src/LYReadCFG.c 2007-11-03 10:48:12.000000000 +0100
@@ -1567,6 +1567,7 @@ static Config_Type Config_Table [] =
PARSE_STR(RC_XLOADIMAGE_COMMAND, XLoadImageCommand),
PARSE_PRG(RC_ZCAT_PATH, ppZCAT),
PARSE_PRG(RC_ZIP_PATH, ppZIP),
+ PARSE_STR(RC_SSL_CERT_FILE, SSL_cert_file),
PARSE_NIL
};
diff -u -p -Nur orig/lynx2-8-7/userdefs.h lynx2-8-7/userdefs.h
--- orig/lynx2-8-7/userdefs.h 2007-11-03 09:37:43.000000000 +0100
+++ lynx2-8-7/userdefs.h 2007-11-03 10:43:02.000000000 +0100
@@ -1565,6 +1565,11 @@
*/
/*#define KANJI_CODE_OVERRIDE */
+/**************************
+ * SSL_CERT_FILE contains valid SSL CA certificates
+ */
+#define SSL_CERT_FILE NULL
+
/****************************************************************
* Section 4. Things you MUST check only if you plan to use Lynx
diff -u -p -Nur orig/lynx2-8-7/WWW/Library/Implementation/HTTP.c lynx2-8-7/WWW/Library/Implementation/HTTP.c
--- orig/lynx2-8-7/WWW/Library/Implementation/HTTP.c 2007-08-03 01:24:27.000000000 +0200
+++ lynx2-8-7/WWW/Library/Implementation/HTTP.c 2007-11-03 11:02:49.000000000 +0100
@@ -119,6 +119,13 @@ SSL *HTGetSSLHandle(void)
CTRACE((tfp,
"HTGetSSLHandle: certfile is set to %s by SSL_CERT_FILE\n",
certfile));
+ } else {
+ if (non_empty(SSL_cert_file)) {
+ certfile = SSL_cert_file;
+ CTRACE((tfp,
+ "HTGetSSLHandle: certfile is set to %s by config SSL_CERT_FILE\n",
+ certfile));
+ }
}
#endif
atexit(free_ssl_ctx);
_______________________________________________
Lynx-dev mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/lynx-dev
