[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Lynx-dev] SSL/TLS certificate issuer
|
From: |
Thorsten Glaser |
|
Subject: |
[Lynx-dev] SSL/TLS certificate issuer |
|
Date: |
Thu, 14 Dec 2006 18:23:26 +0000 (UTC) |
Oeps... seems as though /dev/brain wasn't updated yet,
and I didn't get a bounce either. Let's retry that.
//mirabile
--
"Using Lynx is like wearing a really good pair of shades: cuts out
the glare and harmful UV (ultra-vanity), and you feel so-o-o COOL."
-- Henry Nelson, March 1999
---------- Forwarded message ----------
From: Thorsten Glaser <address@hidden>
Message-ID: <address@hidden>
To: address@hidden
Date: Fri, 10 Nov 2006 20:58:59 +0000 (UTC)
Subject: SSL/TLS certificate issuer
Hello all,
this diff logs SSL/TLS (HTTPS connection) X.509 certificate issuer
information into the "recent statusline messages" (accessible via
the backspace key) and replaces my artist name in the comment with
the acronym from the AUTHORS file:
Index: WWW/Library/Implementation/HTTP.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c,v
retrieving revision 1.7
diff -u -p -r1.7 HTTP.c
--- WWW/Library/Implementation/HTTP.c 13 Sep 2006 19:18:34 -0000 1.7
+++ WWW/Library/Implementation/HTTP.c 10 Nov 2006 20:54:44 -0000
@@ -742,12 +742,17 @@ static int HTLoadHTTP(const char *arg,
/* verify this CN */
if (!strcasecomp_asterisk(ssl_host, cert_host)) {
status_sslcertcheck = 2; /* 2 = verified peer */
- /* I think this is cool to have in the logs --mirabilos */
+ /* I think this is cool to have in the logs -TG */
HTSprintf0(&msg,
gettext("Verified connection to %s (cert=%s)"),
ssl_host, cert_host);
_HTProgress(msg);
FREE(msg);
+
X509_NAME_oneline(X509_get_issuer_name(SSL_get_peer_certificate(handle)),
+ ssl_dn, sizeof (ssl_dn));
+ HTSprintf0(&msg, gettext("Certificate issued by: %s"), ssl_dn);
+ _HTProgress(msg);
+ FREE(msg);
/* no need to continue the verification loop */
break;
}
Please use it.
A little quirk: if I press backspace, cursor-up (to move to the
[1][Your recent statusline messages] link), cursor-right, then
the information looks weird sometimes: (113x35 uxterm)
ÿÿÿÿÿÿ
Your recent statusline messages
10. Data transfer complete
9. 'A'lways allowing from domain 'www.cacert.org'.
8. HTTP/1.1 200 OK
7. HTTP request sent; waiting for response.
6. Sending HTTP request.
5. Secure 256-bit TLSv1/SSLv3 (DHE-RSA-AES256-SHA) HTTP connection
4. Issued by /O=Root
CA/OU=http://www.cacert.org/CN=CA Cert Signing
Authority/address@hidden
3. Verified connection to www.cacert.org (cert=*.cacert.org)
2. Making HTTPS connection to www.cacert.org
1. Looking up www.cacert.org
I think this is due to the source:
ÿÿÿÿÿÿ
<html>
<head>
<META http-equiv="content-type" content="text/html;charset=utf-8">
<title>Your recent statusline messages</title>
</head>
<body>
<ol>
<li value=10> <em>Data transfer complete</em>
<li value=9> <em>'A'lways allowing from domain 'www.cacert.org'.</em>
<li value=8> <em>HTTP/1.1 200 OK</em>
<li value=7> <em>HTTP request sent; waiting for response.</em>
<li value=6> <em>Sending HTTP request.</em>
<li value=5> <em>Secure 256-bit TLSv1/SSLv3 (DHE-RSA-AES256-SHA) HTTP
connection</em>
<li value=4> <em>Issued by /O=Root CA/OU=http://www.cacert.org/CN=CA Cert
Signing Authority/emailAddress=support@
+cacert.org</em>
<li value=3> <em>Verified connection to www.cacert.org (cert=*.cacert.org)</em>
<li value=2> <em>Making HTTPS connection to www.cacert.org</em>
<li value=1> <em>Looking up www.cacert.org</em>
</ol>
</body>
</html>
Could that display quirk be fixed by using <pre> or something else
while constructing the internal page?
Also, I'd like to have the link to the "recent status messages" in
the Visited Links Page (accessible via a capital V), if not vetoed.
bye,
//mirabile
--
I believe no one can invent an algorithm. One just happens to hit upon it
when God enlightens him. Or only God invents algorithms, we merely copy them.
If you don't believe in God, just consider God as Nature if you won't deny
existence. -- Coywolf Qi Hunt
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Lynx-dev] SSL/TLS certificate issuer,
Thorsten Glaser <=