rpms/elinks
6
0
Fork 0
Code Issues Pull Requests Releases Activity

try to load default NSS root certificates if the configuration option

Browse Source 
connection.ssl.trusted_ca_file is set to an empty string (#497788)
This commit is contained in:
Kamil Dudka 2009-04-29 11:32:23 +00:00
parent 080bafa3e6
commit 0d33a19817
3 changed files with 25 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
elinks-nss-inc.patch
View File

@ -1,7 +1,7 @@
diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.c elinks-0.12pre3/src/network/ssl/ssl.c diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.c elinks-0.12pre3/src/network/ssl/ssl.c
--- elinks-0.12pre3.orig/src/network/ssl/ssl.c 2009-04-28 13:12:19.365660000 +0200 --- elinks-0.12pre3.orig/src/network/ssl/ssl.c 2009-04-29 12:48:26.250878000 +0200
+++ elinks-0.12pre3/src/network/ssl/ssl.c 2009-04-28 13:26:39.287600358 +0200 +++ elinks-0.12pre3/src/network/ssl/ssl.c 2009-04-29 13:03:51.318746893 +0200
@@ -48,10 +48,16 @@ SSL_CTX *context = NULL; @@ -48,10 +48,20 @@ SSL_CTX *context = NULL;
static void static void
init_openssl(struct module *module) init_openssl(struct module *module)
{ {
@ -11,14 +11,18 @@ diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.c elinks-0.12pre3/src/networ
SSL_CTX_set_options(context, SSL_OP_ALL); SSL_CTX_set_options(context, SSL_OP_ALL);
+#ifdef CONFIG_NSS_COMPAT_OSSL +#ifdef CONFIG_NSS_COMPAT_OSSL
+ ca_file = get_opt_str("connection.ssl.trusted_ca_file"); + ca_file = get_opt_str("connection.ssl.trusted_ca_file");
+ SSL_CTX_load_verify_locations(context, ca_file, NULL); + if (*ca_file)
+ SSL_CTX_load_verify_locations(context, ca_file, NULL);
+ else
+ SSL_CTX_set_default_verify_paths(context);
+#else +#else
+ (void) ca_file;
SSL_CTX_set_default_verify_paths(context); SSL_CTX_set_default_verify_paths(context);
+#endif +#endif
} }
static void static void
@@ -61,10 +67,27 @@ done_openssl(struct module *module) @@ -61,10 +71,30 @@ done_openssl(struct module *module)
} }
static struct option_info openssl_options[] = { static struct option_info openssl_options[] = {
@ -33,6 +37,9 @@ diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.c elinks-0.12pre3/src/networ
+ "trusted certification authorities in PEM format. " + "trusted certification authorities in PEM format. "
+ "ELinks then trusts certificates issued by these CAs.\n" + "ELinks then trusts certificates issued by these CAs.\n"
+ "\n" + "\n"
+ "If you set this option to an empty string, default NSS root"
+ "certificates are loaded.\n"
+ "\n"
+ "If you change this option or the file, you must " + "If you change this option or the file, you must "
+ "restart ELinks for the changes to take effect. " + "restart ELinks for the changes to take effect. "
+ "This option affects GnuTLS and nss_compat_ossl but not " + "This option affects GnuTLS and nss_compat_ossl but not "
@ -46,7 +53,7 @@ diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.c elinks-0.12pre3/src/networ
INIT_OPT_TREE("connection.ssl", N_("Client Certificates"), INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),
"client_cert", OPT_SORT, "client_cert", OPT_SORT,
@@ -187,7 +210,8 @@ static struct option_info gnutls_options @@ -187,7 +217,8 @@ static struct option_info gnutls_options
"\n" "\n"
"If you change this option or the file, you must " "If you change this option or the file, you must "
"restart ELinks for the changes to take effect. " "restart ELinks for the changes to take effect. "

18
elinks.conf
View File

@ -1,16 +1,9 @@
## ELinks 0.12pre3 configuration file ## ELinks 0.12pre3 configuration file
## This is ELinks configuration file. You can edit it manually, ## This is ELinks global configuration file. You can keep global ELinks
## if you wish so; this file is edited by ELinks when you save ## configuration here. Each user can also save its own ELinks configuration
## options through UI, however only option values will be altered ## to ~/.elinks/elinks.conf. The per user configuration file can be edited
## and missing options will be added at the end of file; if option ## by ELinks when you save options through UI.
## is not written in this file, but in some file included from it,
## it is NOT counted as missing. Note that all your formatting,
## own comments and so on will be kept as-is.
##
## Obviously, if you don't like what ELinks is going to do with
## this file, you can change it by altering the config.saving_style
## option. Come on, aren't we friendly guys after all?
## connection ## connection
# Connection options. # Connection options.
@ -27,6 +20,9 @@
# authorities in PEM format. ELinks then trusts certificates issued by # authorities in PEM format. ELinks then trusts certificates issued by
# these CAs. # these CAs.
# #
# If you set this option to an empty string, default NSS root certificates
# are loaded.
#
# If you change this option or the file, you must restart ELinks for the # If you change this option or the file, you must restart ELinks for the
# changes to take effect. This option affects GnuTLS and nss_compat_ossl # changes to take effect. This option affects GnuTLS and nss_compat_ossl
# but not OpenSSL. # but not OpenSSL.

6
elinks.spec
View File

@ -1,7 +1,7 @@
Name: elinks Name: elinks
Summary: A text-mode Web browser Summary: A text-mode Web browser
Version: 0.12 Version: 0.12
Release: 0.14.pre3%{?dist} Release: 0.15.pre3%{?dist}
License: GPLv2 License: GPLv2
URL: http://elinks.or.cz URL: http://elinks.or.cz
Group: Applications/Internet Group: Applications/Internet
@ -126,6 +126,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man5/* %{_mandir}/man5/*
%changelog %changelog
* Wed Apr 29 2009 Kamil Dudka <kdudka@redhat.com> 0.12-0.15.pre3
- try to load default NSS root certificates if the configuration option
connection.ssl.trusted_ca_file is set to an empty string (#497788)
* Tue Apr 28 2009 Ondrej Vasik <ovasik@redhat.com> 0.12-0.14.pre3 * Tue Apr 28 2009 Ondrej Vasik <ovasik@redhat.com> 0.12-0.14.pre3
- enable certificate verification by default via configuration - enable certificate verification by default via configuration
file(#495532) file(#495532)