diff -u -p -Nur orig/lynx2-8-7/lynx.cfg lynx2-8-7/lynx.cfg --- orig/lynx2-8-7/lynx.cfg 2007-11-03 09:37:43.000000000 +0100 +++ lynx2-8-7/lynx.cfg 2007-11-03 11:03:21.000000000 +0100 @@ -3416,6 +3416,12 @@ GLOBAL_MAILCAP:/etc/mailcap # #FORCE_COOKIE_PROMPT:PROMPT +.h2 SSL_CERT_FILE +# Set SSL_CERT_FILE to the file that contains all valid CA certificates lynx +# should accept. +# +SSL_CERT_FILE:/etc/ssl/certs/ca-certificates.crt + .h1 Appearance .h2 SCREEN_SIZE diff -u -p -Nur orig/lynx2-8-7/src/LYGlobalDefs.h lynx2-8-7/src/LYGlobalDefs.h --- orig/lynx2-8-7/src/LYGlobalDefs.h 2007-05-18 00:53:22.000000000 +0200 +++ lynx2-8-7/src/LYGlobalDefs.h 2007-11-03 10:55:09.000000000 +0100 @@ -493,6 +493,8 @@ extern "C" { extern BOOLEAN LYNoISMAPifUSEMAP; /* Omit ISMAP link if MAP present? */ extern int LYHiddenLinks; + extern char *SSL_cert_file; /* Default CA CERT file */ + extern int Old_DTD; #define MBM_V_MAXFILES 25 /* Max number of sub-bookmark files */ diff -u -p -Nur orig/lynx2-8-7/src/LYMain.c lynx2-8-7/src/LYMain.c --- orig/lynx2-8-7/src/LYMain.c 2007-11-03 09:38:09.000000000 +0100 +++ lynx2-8-7/src/LYMain.c 2007-11-03 11:00:20.000000000 +0100 @@ -512,6 +512,8 @@ char *XLoadImageCommand = NULL; /* Defau BOOLEAN LYNoISMAPifUSEMAP = FALSE; /* Omit ISMAP link if MAP present? */ int LYHiddenLinks = HIDDENLINKS_SEPARATE; /* Show hidden links? */ +char *SSL_cert_file = NULL; /* Default CA CERT file */ + int Old_DTD = NO; static BOOL DTD_recovery = NO; @@ -1263,6 +1265,7 @@ int main(int argc, StrAllocCopy(URLDomainPrefixes, URL_DOMAIN_PREFIXES); StrAllocCopy(URLDomainSuffixes, URL_DOMAIN_SUFFIXES); StrAllocCopy(XLoadImageCommand, XLOADIMAGE_COMMAND); + StrAllocCopy(SSL_cert_file, SSL_CERT_FILE); #ifndef DISABLE_BIBP StrAllocCopy(BibP_globalserver, BIBP_GLOBAL_SERVER); diff -u -p -Nur orig/lynx2-8-7/src/LYrcFile.h lynx2-8-7/src/LYrcFile.h --- orig/lynx2-8-7/src/LYrcFile.h 2007-05-18 00:53:22.000000000 +0200 +++ lynx2-8-7/src/LYrcFile.h 2007-11-03 10:39:24.000000000 +0100 @@ -248,6 +248,7 @@ #define RC_XLOADIMAGE_COMMAND "xloadimage_command" #define RC_ZCAT_PATH "zcat_path" #define RC_ZIP_PATH "zip_path" +#define RC_SSL_CERT_FILE "ssl_cert_file" extern Config_Enum tbl_force_prompt[]; extern Config_Enum tbl_keypad_mode[]; diff -u -p -Nur orig/lynx2-8-7/src/LYReadCFG.c lynx2-8-7/src/LYReadCFG.c --- orig/lynx2-8-7/src/LYReadCFG.c 2007-11-03 09:38:09.000000000 +0100 +++ lynx2-8-7/src/LYReadCFG.c 2007-11-03 10:48:12.000000000 +0100 @@ -1567,6 +1567,7 @@ static Config_Type Config_Table [] = PARSE_STR(RC_XLOADIMAGE_COMMAND, XLoadImageCommand), PARSE_PRG(RC_ZCAT_PATH, ppZCAT), PARSE_PRG(RC_ZIP_PATH, ppZIP), + PARSE_STR(RC_SSL_CERT_FILE, SSL_cert_file), PARSE_NIL }; diff -u -p -Nur orig/lynx2-8-7/userdefs.h lynx2-8-7/userdefs.h --- orig/lynx2-8-7/userdefs.h 2007-11-03 09:37:43.000000000 +0100 +++ lynx2-8-7/userdefs.h 2007-11-03 10:43:02.000000000 +0100 @@ -1565,6 +1565,11 @@ */ /*#define KANJI_CODE_OVERRIDE */ +/************************** + * SSL_CERT_FILE contains valid SSL CA certificates + */ +#define SSL_CERT_FILE NULL + /**************************************************************** * Section 4. Things you MUST check only if you plan to use Lynx diff -u -p -Nur orig/lynx2-8-7/WWW/Library/Implementation/HTTP.c lynx2-8-7/WWW/Library/Implementation/HTTP.c --- orig/lynx2-8-7/WWW/Library/Implementation/HTTP.c 2007-08-03 01:24:27.000000000 +0200 +++ lynx2-8-7/WWW/Library/Implementation/HTTP.c 2007-11-03 11:02:49.000000000 +0100 @@ -119,6 +119,13 @@ SSL *HTGetSSLHandle(void) CTRACE((tfp, "HTGetSSLHandle: certfile is set to %s by SSL_CERT_FILE\n", certfile)); + } else { + if (non_empty(SSL_cert_file)) { + certfile = SSL_cert_file; + CTRACE((tfp, + "HTGetSSLHandle: certfile is set to %s by config SSL_CERT_FILE\n", + certfile)); + } } #endif atexit(free_ssl_ctx);