0d33a19817
connection.ssl.trusted_ca_file is set to an empty string (#497788)
66 lines
2.3 KiB
Diff
66 lines
2.3 KiB
Diff
diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.c elinks-0.12pre3/src/network/ssl/ssl.c
|
|
--- elinks-0.12pre3.orig/src/network/ssl/ssl.c 2009-04-29 12:48:26.250878000 +0200
|
|
+++ elinks-0.12pre3/src/network/ssl/ssl.c 2009-04-29 13:03:51.318746893 +0200
|
|
@@ -48,10 +48,20 @@ SSL_CTX *context = NULL;
|
|
static void
|
|
init_openssl(struct module *module)
|
|
{
|
|
+ unsigned char *ca_file;
|
|
SSLeay_add_ssl_algorithms();
|
|
context = SSL_CTX_new(SSLv23_client_method());
|
|
SSL_CTX_set_options(context, SSL_OP_ALL);
|
|
+#ifdef CONFIG_NSS_COMPAT_OSSL
|
|
+ ca_file = get_opt_str("connection.ssl.trusted_ca_file");
|
|
+ if (*ca_file)
|
|
+ SSL_CTX_load_verify_locations(context, ca_file, NULL);
|
|
+ else
|
|
+ SSL_CTX_set_default_verify_paths(context);
|
|
+#else
|
|
+ (void) ca_file;
|
|
SSL_CTX_set_default_verify_paths(context);
|
|
+#endif
|
|
}
|
|
|
|
static void
|
|
@@ -61,10 +71,30 @@ done_openssl(struct module *module)
|
|
}
|
|
|
|
static struct option_info openssl_options[] = {
|
|
+#ifdef CONFIG_NSS_COMPAT_OSSL
|
|
+ INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
|
|
+ "cert_verify", 0, 0,
|
|
+ N_("Verify the peer's SSL certificate.")),
|
|
+
|
|
+ INIT_OPT_STRING("connection.ssl", N_("Trusted CA file"),
|
|
+ "trusted_ca_file", 0, "/etc/pki/tls/certs/ca-bundle.crt",
|
|
+ N_("The location of a file containing certificates of "
|
|
+ "trusted certification authorities in PEM format. "
|
|
+ "ELinks then trusts certificates issued by these CAs.\n"
|
|
+ "\n"
|
|
+ "If you set this option to an empty string, default NSS root"
|
|
+ "certificates are loaded.\n"
|
|
+ "\n"
|
|
+ "If you change this option or the file, you must "
|
|
+ "restart ELinks for the changes to take effect. "
|
|
+ "This option affects GnuTLS and nss_compat_ossl but not "
|
|
+ "OpenSSL.")),
|
|
+#else
|
|
INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
|
|
"cert_verify", 0, 0,
|
|
N_("Verify the peer's SSL certificate. Note that this "
|
|
"needs extensive configuration of OpenSSL by the user.")),
|
|
+#endif
|
|
|
|
INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),
|
|
"client_cert", OPT_SORT,
|
|
@@ -187,7 +217,8 @@ static struct option_info gnutls_options
|
|
"\n"
|
|
"If you change this option or the file, you must "
|
|
"restart ELinks for the changes to take effect. "
|
|
- "This option affects GnuTLS but not OpenSSL.")),
|
|
+ "This option affects GnuTLS and nss_compat_ossl but not "
|
|
+ "OpenSSL.")),
|
|
|
|
NULL_OPTION_INFO,
|
|
};
|