[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lynx-dev Patch for SSL warning
|
From: |
Gisle Vanem |
|
Subject: |
lynx-dev Patch for SSL warning |
|
Date: |
Mon, 18 Nov 2002 09:08:29 +0100 (MET) |
* Patches to shut-up Lynx about OpenSSL warning "unable to get local
issuer certificate". IMHO, the cause of this warning is harmless and
should be supressed by default. It didn't occur in OpenSSL until 3 months
ago (lynx.cfg, lyrcfile.h, lyreadcfg.c and http.[ch])
* Patch for DOS to use remove() instead of calling rm.exe (userdefs.h)
Not every user have djgpp etc. installed.
* Patch for Watt-32/djgpp to break out of getaddrinfo() when building
for INET6 (httcp.c)
--------------------------------------------------------------------------------
diff -B -H -u3 -r ./orig/lynx.cfg ./lynx.cfg
--- ./orig/lynx.cfg Mon Oct 7 00:43:28 2002
+++ ./lynx.cfg Mon Nov 18 08:37:36 2002
@@ -246,6 +246,14 @@
#REUSE_TEMPFILES:FALSE
+.h2 SSL_IGNORE_CERT_ERROR
+# Ignore errors from OpenSSL saying "unable to get local issuer certificate
+# Only affects https sites. Lynx must be compied with USE_SSL for this
+# setting to take effect.
+#
+#SSL_IGNORE_CERT_ERROR:TRUE
+
+
.h2 LYNX_HOST_NAME
# If LYNX_HOST_NAME is defined here or in userdefs.h, it will be
# treated as an alias for the local host name in checks for URLs on
diff -B -H -u3 -r ./orig/src/lyrcfile.h ./src/lyrcfile.h
--- ./orig/src/lyrcfile.h Mon Oct 7 00:43:28 2002
+++ ./src/lyrcfile.h Sun Nov 17 22:39:38 2002
@@ -176,6 +176,7 @@
#define RC_SOFT_DQUOTES "soft_dquotes"
#define RC_SOURCE_CACHE "source_cache"
#define RC_SOURCE_CACHE_FOR_ABORTED "source_cache_for_aborted"
+#define RC_SSL_IGNORE_CERT_ERR "ssl_ignore_cert_error"
#define RC_STARTFILE "startfile"
#define RC_STRIP_DOTDOT_URLS "strip_dotdot_urls"
#define RC_SUBSTITUTE_UNDERSCORES "substitute_underscores"
diff -B -H -u3 -r ./orig/src/lyreadcfg.c ./src/lyreadcfg.c
--- ./orig/src/lyreadcfg.c Mon Oct 7 00:43:28 2002
+++ ./src/lyreadcfg.c Sun Nov 17 22:25:36 2002
@@ -1446,6 +1446,9 @@
#ifdef TEXTFIELDS_MAY_NEED_ACTIVATION
PARSE_SET(RC_TEXTFIELDS_NEED_ACTIVATION, textfields_activation_option),
#endif
+#ifdef USE_SSL
+ PARSE_SET(RC_SSL_IGNORE_CERT_ERR, ssl_ignore_cert_error),
+#endif
#if defined(_WINDOWS)
PARSE_INT(RC_TIMEOUT, lynx_timeout),
#endif
diff -B -H -u3 -r ./orig/userdefs.h ./userdefs.h
--- ./orig/userdefs.h Mon Nov 19 01:37:14 2001
+++ ./userdefs.h Mon Nov 11 17:48:30 2002
@@ -1454,6 +1454,10 @@
* #define MV_PATH "mv"
* #define TOUCH_PATH "touch"
*/
+#ifdef DOSPATH
+#undef RM_PATH /* call remove() instead (no need to have rm on path) */
+#endif
+
#endif /* HAVE_CONFIG_H */
#else /* Unix */
diff -B -H -u3 -r ./orig/www/library/implementation/httcp.c
./www/library/implementation/httcp.c
--- ./orig/www/library/implementation/httcp.c Mon Oct 7 00:43:28 2002
+++ ./www/library/implementation/httcp.c Fri Nov 15 09:58:06 2002
@@ -1399,6 +1399,10 @@
port = pbuf;
}
+#ifdef __DJGPP__
+ _resolve_hook = ResolveYield;
+#endif
+
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
@@ -1455,6 +1459,11 @@
#ifdef LY_FIND_LEAKS
atexit(free_HTTCP_hostname);
#endif
+
+#ifdef __DJGPP__
+ _resolve_hook = ResolveYield;
+#endif
+
#ifdef UCX
/*
** UCX doesn't give the complete domain name.
--- ./orig/www/library/implementation/http.c Mon Oct 7 00:43:28 2002
+++ ./www/library/implementation/http.c Mon Nov 18 08:44:12 2002
@@ -71,7 +71,12 @@
#ifdef USE_SSL
PUBLIC SSL_CTX * ssl_ctx = NULL; /* SSL ctx */
PUBLIC SSL * SSL_handle = NULL;
-PUBLIC int ssl_okay;
+PUBLIC BOOL ssl_ignore_cert_error = TRUE;
+PRIVATE int ssl_okay;
+
+#ifndef X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
+#define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY -1
+#endif
PRIVATE void free_ssl_ctx NOARGS
{
@@ -85,14 +90,24 @@
int result = 1;
if (!(preverify_ok || ssl_okay)) {
+ int err = X509_STORE_CTX_get_error(x509_ctx);
- HTSprintf0(&msg, "SSL error:%s-Continue?",
-
X509_verify_cert_error_string(X509_STORE_CTX_get_error(x509_ctx)));
- if (HTConfirmDefault(msg, TRUE))
- ssl_okay = 1;
- else
- result = 0;
+ CTRACE((tfp, "HTSSLCallback: err = %d, ssl_ignore_cert_error = %d\n",
+ err, ssl_ignore_cert_error));
+ if (ssl_ignore_cert_error &&
+ err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) {
+ HTSprintf0(&msg, "Ignoring SSL error: %s",
X509_verify_cert_error_string(err));
+ HTInfoMsg(msg);
+ ssl_okay = 1;
+ } else {
+ HTSprintf0(&msg, "SSL error:%s-Continue?",
+ X509_verify_cert_error_string(err));
+ if (HTConfirmDefault(msg, TRUE))
+ ssl_okay = 1;
+ else
+ result = 0;
+ }
FREE(msg);
}
return result;
diff -B -H -u3 -r ./orig/www/library/implementation/http.h
./www/library/implementation/http.h
--- ./orig/www/library/implementation/http.h Mon Oct 7 00:43:28 2002
+++ ./www/library/implementation/http.h Sun Nov 17 22:08:56 2002
@@ -26,6 +26,7 @@
#ifdef USE_SSL
extern SSL * SSL_handle;
+extern BOOL ssl_ignore_cert_error;
#endif
#endif /* HTTP_H */
--------------------------------------------------------------------------------
Gisle V.
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
- lynx-dev Patch for SSL warning,
Gisle Vanem <=
- Re: lynx-dev Patch for SSL warning, Leonid Pauzner, 2002/11/18
- Re: lynx-dev Patch for SSL warning, Thomas E. Dickey, 2002/11/18
- Re: lynx-dev Patch for SSL warning, Gisle Vanem, 2002/11/18
- Re: lynx-dev Patch for SSL warning, Thomas E. Dickey, 2002/11/18
- lynx-dev dev.10 progress, Leonid Pauzner, 2002/11/18
- Re: lynx-dev dev.10 progress, Leonid Pauzner, 2002/11/18
- Re: lynx-dev dev.10 progress, Leonid Pauzner, 2002/11/18
- Re: lynx-dev dev.10 progress, Leonid Pauzner, 2002/11/19
- Re: lynx-dev dev.10 progress, Thomas E. Dickey, 2002/11/19