snapshot of project "lynx", label v2-8-8dev_16b

3 files changed, 27 insertions, 6 deletions

diff --git a/CHANGES b/CHANGES
index 3fd2b7a9..cf0cae73 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,9 +1,11 @@
--- $LynxId: CHANGES,v 1.654 2013/09/30 00:23:10 tom Exp $
+-- $LynxId: CHANGES,v 1.655 2013/10/01 19:33:15 tom Exp $
 ===============================================================================
 Changes since Lynx 2.8 release
 ===============================================================================
 
-2013-09-29 (2.8.8dev.17)
+2013-10-01 (2.8.8dev.17)
+* ignore non-fatal return codes from gnutls_handshake (Debian #724812,
+  patch by Hans Wurst).
 * updates for configure macros -TD
   + CF_ACVERSION_CHECK, fix from byacc for "newer" autoconf.
   + CF_ADD_LIB_AFTER, fix from xterm for problem with -Wl,xxx options
diff --git a/WWW/Library/Implementation/HTTP.c b/WWW/Library/Implementation/HTTP.c
index 97406851..220ae35f 100644
--- a/WWW/Library/Implementation/HTTP.c
+++ b/WWW/Library/Implementation/HTTP.c
@@ -1,5 +1,5 @@
 /*
- * $LynxId: HTTP.c,v 1.128 2013/05/05 19:36:45 tom Exp $
+ * $LynxId: HTTP.c,v 1.129 2013/10/01 15:09:29 tom Exp $
  *
  * HyperText Tranfer Protocol	- Client implementation		HTTP.c
  * ==========================
@@ -717,7 +717,10 @@ static int HTLoadHTTP(const char *arg,
 	    handle->options |= SSL_OP_NO_TLSv1;
 #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
 	} else {
-	    SSL_set_tlsext_host_name(handle, ssl_host);
+	    int ret = SSL_set_tlsext_host_name(handle, ssl_host);
+
+	    CTRACE((tfp, "...called SSL_set_tlsext_host_name(%s) ->%d\n",
+		    ssl_host, ret));
 #endif
 	}
 #endif
diff --git a/src/tidy_tls.c b/src/tidy_tls.c
index c012e22e..7b94ae74 100644
--- a/src/tidy_tls.c
+++ b/src/tidy_tls.c
@@ -1,5 +1,5 @@
 /*
- * $LynxId: tidy_tls.c,v 1.12 2013/09/29 23:38:30 tom Exp $
+ * $LynxId: tidy_tls.c,v 1.15 2013/10/01 20:56:17 tom Exp $
  * Copyright 2008-2011,2013 Thomas E. Dickey
  * with fix Copyright 2008 by Thomas Viehmann
  *
@@ -399,13 +399,29 @@ int SSL_connect(SSL * ssl)
 {
     X509_STORE_CTX *store;
     int rc;
+    gnutls_alert_description_t alert;
+    const char *aname;
 
     if (ssl->options & SSL_OP_NO_TLSv1)
 	RemoveProtocol(ssl, GNUTLS_TLS1);
     if (ssl->options & SSL_OP_NO_SSLv3)
 	RemoveProtocol(ssl, GNUTLS_SSL3);
 
-    rc = gnutls_handshake(ssl->gnutls_state);
+    while ((rc = gnutls_handshake(ssl->gnutls_state)) < 0 &&
+	   !gnutls_error_is_fatal(rc)) {
+	if (rc == GNUTLS_E_WARNING_ALERT_RECEIVED) {
+	    alert = gnutls_alert_get(ssl->gnutls_state);
+	    aname = gnutls_alert_get_name(alert);
+	    CTRACE((tfp, "SSL Alert: %s\n", NonNull(aname)));
+	    switch (gnutls_alert_get(ssl->gnutls_state)) {
+	    case GNUTLS_A_UNRECOGNIZED_NAME:
+		continue;	/* ignore */
+	    default:
+		break;
+	    }
+	    break;		/* treat all other alerts as fatal */
+	}
+    }
     ssl->last_error = rc;
 
     if (rc < 0) {