Hello!
I noticed that as part of Debian bug #797901, support for using a
client certificate in Lynx was added when building against GnuTLS, so I
added support for doing the same thing when building against OpenSSL.
Patch attached - it should apply against lynx2.8.9dev.17.
I am far from familiar with either OpenSSL or Lynx development, but
this seems to work in my case.
Looking at the changelogs, it seems SSL_CTX_use_certificate_chain_file
was added in OpenSSL 0.9.3, so that's the check I added.
#797901: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797901
Regards, Elliot.
--- a/WWW/Library/Implementation/HTTP.c 2018-03-21 21:25:11.000000000 +0000
+++ b/WWW/Library/Implementation/HTTP.c 2018-04-20 22:43:38.011287858 +0100
@@ -191,9 +191,9 @@
{
#ifdef USE_GNUTLS_INCL
static char *certfile = NULL;
+#endif
static char *client_keyfile = NULL;
static char *client_certfile = NULL;
-#endif
if (ssl_ctx == NULL) {
/*
@@ -262,7 +262,7 @@
#endif
atexit(free_ssl_ctx);
}
-#ifdef USE_GNUTLS_INCL
+
if (non_empty(SSL_client_key_file)) {
client_keyfile = SSL_client_key_file;
CTRACE((tfp,
@@ -277,12 +277,22 @@
client_certfile));
}
+#ifdef USE_GNUTLS_INCL
ssl_ctx->certfile = certfile;
ssl_ctx->certfile_type = GNUTLS_X509_FMT_PEM;
ssl_ctx->client_keyfile = client_keyfile;
ssl_ctx->client_keyfile_type = GNUTLS_X509_FMT_PEM;
ssl_ctx->client_certfile = client_certfile;
ssl_ctx->client_certfile_type = GNUTLS_X509_FMT_PEM;
+#elif SSLEAY_VERSION_NUMBER >= 0x0930
+ if(client_certfile != NULL)
+ {
+ if(client_keyfile == NULL) {
+ client_keyfile = client_certfile;
+ }
+ SSL_CTX_use_certificate_chain_file(ssl_ctx, client_certfile);
+ SSL_CTX_use_PrivateKey_file(ssl_ctx, client_keyfile, SSL_FILETYPE_PEM);
+ }
#endif
ssl_okay = 0;
return (SSL_new(ssl_ctx));
_______________________________________________
Lynx-dev mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/lynx-dev
