[Lynx-dev] Patch for NSS compatible SSL library

Thu, 07 Feb 2008 05:03:41 -0800 

Hello,
I'm sending a patch which allows lynx to use NSS compatible Open SSL library for
SSL connections. Please, go through it and if it is possible apply it in next
release of lynx. (This patch is a part of porting all cryptographic things to
NSS compatible Open SSL library in Fedora packages.)

Thanks.

-- 
Zdenek Prikryl <[EMAIL PROTECTED]>
Software Engineer - Base Operating Systems Brno


--- lynx2-8-6/configure.in.nss	2006-10-11 01:39:50.000000000 +0200
+++ lynx2-8-6/configure.in	2008-02-05 15:07:02.000000000 +0100
@@ -390,6 +390,13 @@ dnl ------------------------------------
 
 ### Look for network libraries first, since some functions (such as gethostname)
 ### are used in a lot of places.
+AC_CACHE_CHECK(if you want NSS compatible SSL libraries,cf_cv_use_libnss_compat,[
+AC_ARG_WITH(nss_compat,
+	[  --with-nss_compat{=path}       link with nss_compat library if available],
+	[cf_cv_use_libnss_compat=$withval],
+	[cf_cv_use_libnss_compat=no])
+])
+
 AC_CACHE_CHECK(if you want ssl library,cf_cv_use_libssl,[
 AC_ARG_WITH(ssl,
 	[  --with-ssl{=path}       link with ssl library if available],
@@ -397,14 +404,12 @@ AC_ARG_WITH(ssl,
 	[cf_cv_use_libssl=no])
 ])
 
-if test "x$cf_cv_use_libssl" = "xno" ; then
 AC_CACHE_CHECK(if you want experimental gnutls support,cf_cv_use_libgnutls,[
 AC_ARG_WITH(gnutls,
 	[  --with-gnutls{=path}    link with experimental gnutls support],
 	[cf_cv_use_libgnutls=$withval],
 	[cf_cv_use_libgnutls=no])
 ])
-fi
 
 AC_CACHE_CHECK(if you want socks library,cf_cv_use_libsocks,[
 AC_ARG_WITH(socks,
@@ -432,6 +437,8 @@ if test "x$cf_cv_use_libssl"  != xno ; t
 	CF_SSL($cf_cv_use_libssl)
 elif test "x$cf_cv_use_libgnutls" != xno ; then
 	CF_GNUTLS($cf_cv_use_libgnutls)
+elif test "x$cf_cv_use_libnss_compat"  != xno ; then
+	CF_NSS_COMPAT($cf_cv_use_libnss_compat)
 fi
 
 dnl This has to be cached, since there's a lot of interdependent tests.
--- lynx2-8-6/aclocal.m4.nss	2006-09-04 01:25:39.000000000 +0200
+++ lynx2-8-6/aclocal.m4	2008-02-05 15:07:24.000000000 +0100
@@ -4067,6 +4067,97 @@ else
 fi
 ])dnl
 dnl ---------------------------------------------------------------------------
+dnl CF_NSS_COMPAT version: 1 updated: 2008/01/30 18:00:00
+dnl ------
+dnl Check for NSS compatible SSL libraries
+dnl $1 = the [optional] directory in which the library may be found
+AC_DEFUN([CF_NSS_COMPAT],[
+check=`pkg-config --version 2>/dev/null`
+if test -n "$check" ; then
+	cf_ssl_library=`pkg-config --libs nss`
+	cf_ssl_cflags=`pkg-config --cflags nss`
+else
+	# Without pkg-config, we'll kludge in some defaults
+	cf_ssl_library="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"
+	cf_ssl_cflags="-I/usr/include/nss3 -I/usr/include/nspr4"
+fi
+cf_ssl_library="-lnss_compat_ossl $cf_ssl_library"
+
+case "$1" in #(vi
+no) #(vi
+	cf_ssl_root=
+	;;
+yes) #(vi
+	AC_CHECK_LIB(nss_compat_ossl, SSL_get_version,[],[
+		cf_ssl_root=/usr/local/nss_compat_ossl
+		if test -d $cf_ssl_root ; then
+			CF_VERBOSE(assume it is in $cf_ssl_root)
+			cf_ssl_library="-L$cf_ssl_root/lib $cf_ssl_library"
+		else
+			AC_MSG_ERROR(cannot find NSS compilant libraries)
+		fi
+	],
+	[-lnss_compat_ossl])
+	;;
+*)
+	if test -d $1 ; then
+		if test -d $1/include ; then
+			cf_ssl_root=$1
+		elif test -d $1/../include ; then
+			cf_ssl_root=$1/..
+		else
+			AC_MSG_ERROR(cannot find NSS compilant library under $1)
+		fi
+		cf_ssl_library="-L$cf_ssl_root/lib $cf_ssl_library"
+	else
+		AC_MSG_WARN(expected a directory: $1)
+	fi
+	;;
+esac
+LIBS="$cf_ssl_library $LIBS"
+
+cf_ssl_subincs=yes
+if test -n "$cf_ssl_root" ; then
+	if test -d $cf_ssl_root/include ; then
+		cf_ssl_cflags="-I$cf_ssl_root/include  $cf_ssl_cflags"
+		test -d $cf_ssl_root/include/nss_compat_ossl || cf_ssl_subincs=no
+	fi
+fi
+CF_ADD_CFLAGS($cf_ssl_cflags)
+
+if test "$cf_ssl_subincs" = yes ; then
+AC_MSG_CHECKING(for NSS compilant include directory)
+AC_TRY_COMPILE([
+#include <stdio.h>
+#include <nss_compat_ossl/nss_compat_ossl.h>],
+	[SSL_shutdown((SSL *)0)],
+	[cf_ssl_incl=yes],
+	[cf_ssl_incl=no])
+AC_MSG_RESULT($cf_ssl_incl)
+test "$cf_ssl_incl" = yes && AC_DEFINE(USE_NSS_COMPAT_INCL)
+fi
+
+AC_MSG_CHECKING(if we can link to NSS compilant library)
+AC_TRY_LINK([
+#include <stdio.h>
+#ifdef USE_NSS_COMPAT_INCL
+#include <nss_compat_ossl/nss_compat_ossl.h>
+#else
+#include <ssl.h>
+#endif
+],
+	[SSL_shutdown((SSL *)0)],
+	[cf_ssl_library=yes],
+	[cf_ssl_library=no])
+AC_MSG_RESULT($cf_ssl_library)
+if test "$cf_ssl_library" = yes ; then
+	AC_DEFINE(USE_SSL)
+	AC_DEFINE(USE_X509_SUPPORT)
+else
+	AC_ERROR(Cannot link with NSS compilant libraries)
+fi
+])dnl
+dnl ---------------------------------------------------------------------------
 dnl CF_STRIP_G_OPT version: 3 updated: 2002/12/21 19:25:52
 dnl --------------
 dnl	Remove "-g" option from the compiler options
--- lynx2-8-6/WWW/Library/Implementation/HTUtils.h.nss	2006-09-01 01:37:53.000000000 +0200
+++ lynx2-8-6/WWW/Library/Implementation/HTUtils.h	2008-02-05 15:49:56.000000000 +0100
@@ -591,6 +591,7 @@ extern int WWW_TraceMask;
 #define SHORTENED_RBIND		/* FIXME: do this in configure-script */
 
 #ifdef USE_SSL
+
 #define free_func free__func
 
 #ifdef USE_OPENSSL_INCL
@@ -610,6 +611,10 @@ extern int WWW_TraceMask;
 #ifndef SSL_VERIFY_PEER
 #define SSL_VERIFY_PEER			0x01
 #endif
+#else
+
+#ifdef USE_NSS_COMPAT_INCL
+#include <nss_compat_ossl/nss_compat_ossl.h>
 
 #else /* assume SSLeay */
 #include <ssl.h>
@@ -617,10 +622,10 @@ extern int WWW_TraceMask;
 #include <rand.h>
 #include <err.h>
 #endif
+#endif
 #endif /* USE_OPENSSL_INCL */
 
 #undef free_func
-
 #endif /* USE_SSL */
 
 #ifdef HAVE_LIBDMALLOC
--- lynx2-8-6/WWW/Library/Implementation/HTTP.c.nss	2006-09-01 01:37:53.000000000 +0200
+++ lynx2-8-6/WWW/Library/Implementation/HTTP.c	2008-02-05 15:41:17.000000000 +0100
@@ -67,6 +67,7 @@ static int HTSSLCallback(int preverify_o
     char *msg = NULL;
     int result = 1;
 
+#ifndef USE_NSS_COMPAT_INCL
     if (!(preverify_ok || ssl_okay || ssl_noprompt)) {
 #ifdef USE_X509_SUPPORT
 	HTSprintf0(&msg, SSL_FORCED_PROMPT,
@@ -79,6 +80,7 @@ static int HTSSLCallback(int preverify_o
 
 	FREE(msg);
     }
+#endif
     return result;
 }
 
@@ -607,8 +609,10 @@ static int HTLoadHTTP(const char *arg,
 	SSL_handle = handle = HTGetSSLHandle();
 	SSL_set_fd(handle, s);
 #if SSLEAY_VERSION_NUMBER >= 0x0900
+#ifndef USE_NSS_COMPAT_INCL
 	if (!try_tls)
 	    handle->options |= SSL_OP_NO_TLSv1;
+#endif
 #endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */
 	HTSSLInitPRNG();
 	status = SSL_connect(handle);

_______________________________________________
Lynx-dev mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/lynx-dev

Reply via email to