elinks/elinks-nss-inc.patch
Kamil Dudka ec6f2e309a update to latest upstream pre-release (elinks-0.12pre6)
- drop unneeded patches
- fix autoconf warnings
- explicitly disable using OpenSSL and GnuTLS
2013-02-25 15:57:19 +01:00

70 lines
2.3 KiB
Diff

src/network/ssl/ssl.c | 33 ++++++++++++++++++++++++++++++++-
1 files changed, 32 insertions(+), 1 deletions(-)
diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c
index 73446b5..eadff7f 100644
--- a/src/network/ssl/ssl.c
+++ b/src/network/ssl/ssl.c
@@ -48,10 +48,20 @@ SSL_CTX *context = NULL;
static void
init_openssl(struct module *module)
{
+ unsigned char *ca_file;
SSLeay_add_ssl_algorithms();
context = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(context, SSL_OP_ALL);
+#ifdef CONFIG_NSS_COMPAT_OSSL
+ ca_file = get_opt_str("connection.ssl.trusted_ca_file");
+ if (*ca_file)
+ SSL_CTX_load_verify_locations(context, ca_file, NULL);
+ else
+ SSL_CTX_set_default_verify_paths(context);
+#else
+ (void) ca_file;
SSL_CTX_set_default_verify_paths(context);
+#endif
}
static void
@@ -61,10 +71,30 @@ done_openssl(struct module *module)
}
static union option_info openssl_options[] = {
+#ifdef CONFIG_NSS_COMPAT_OSSL
+ INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
+ "cert_verify", 0, 0,
+ N_("Verify the peer's SSL certificate.")),
+
+ INIT_OPT_STRING("connection.ssl", N_("Trusted CA file"),
+ "trusted_ca_file", 0, "/etc/pki/tls/certs/ca-bundle.crt",
+ N_("The location of a file containing certificates of "
+ "trusted certification authorities in PEM format. "
+ "ELinks then trusts certificates issued by these CAs.\n"
+ "\n"
+ "If you set this option to an empty string, default NSS root"
+ "certificates are loaded.\n"
+ "\n"
+ "If you change this option or the file, you must "
+ "restart ELinks for the changes to take effect. "
+ "This option affects GnuTLS and nss_compat_ossl but not "
+ "OpenSSL.")),
+#else
INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
"cert_verify", 0, 0,
N_("Verify the peer's SSL certificate. Note that this "
"needs extensive configuration of OpenSSL by the user.")),
+#endif
INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),
"client_cert", OPT_SORT,
@@ -187,7 +217,8 @@ static union option_info gnutls_options[] = {
"\n"
"If you change this option or the file, you must "
"restart ELinks for the changes to take effect. "
- "This option affects GnuTLS but not OpenSSL.")),
+ "This option affects GnuTLS and nss_compat_ossl but not "
+ "OpenSSL.")),
NULL_OPTION_INFO,
};