diff options
| author | Thomas E. Dickey <dickey@invisible-island.net> | 2015-05-07 00:18:49 -0400 |
|---|---|---|
| committer | Thomas E. Dickey <dickey@invisible-island.net> | 2015-05-07 00:18:49 -0400 |
| commit | 518cd1640b424ef160392ebf9e7923c0a8c0acab (patch) | |
| tree | 20b018232d18c036756e7030275ac377eea40fdf | |
| parent | a54886714ad9dc172e5e920737a0ae7583981902 (diff) | |
| download | lynx-snapshots-518cd1640b424ef160392ebf9e7923c0a8c0acab.tar.gz | |
snapshot of project "lynx", label v2-8-9dev_5g
| -rw-r--r-- | CHANGES | 5 | ||||
| -rw-r--r-- | WWW/Library/Implementation/HTTP.c | 8 | ||||
| -rw-r--r-- | lynx_help/lynx_url_support.html | 11 |
3 files changed, 18 insertions, 6 deletions
diff --git a/CHANGES b/CHANGES index 58f9b678..033ffce7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,9 +1,12 @@ --- $LynxId: CHANGES,v 1.795 2015/05/06 10:46:03 tom Exp $ +-- $LynxId: CHANGES,v 1.797 2015/05/07 00:18:31 tom Exp $ =============================================================================== Changes since Lynx 2.8 release =============================================================================== 2015-05-06 (2.8.9dev.6) +* add a note about OCSP to url-support documentation (Debian #745835) -TD +* change defaults for SSL prompts when a problem is detected to "no" (Debian + #783477) -TD * if an SSL error message is too long for the screen-width, trim it with an ellipsis so that the "(y)" part of the prompt for continuing will be visible (Debian #783476) -TD diff --git a/WWW/Library/Implementation/HTTP.c b/WWW/Library/Implementation/HTTP.c index 5ebfef76..86846add 100644 --- a/WWW/Library/Implementation/HTTP.c +++ b/WWW/Library/Implementation/HTTP.c @@ -1,5 +1,5 @@ /* - * $LynxId: HTTP.c,v 1.141 2015/05/06 10:44:09 tom Exp $ + * $LynxId: HTTP.c,v 1.142 2015/05/06 23:34:07 tom Exp $ * * HyperText Tranfer Protocol - Client implementation HTTP.c * ========================== @@ -146,7 +146,7 @@ static int HTSSLCallback(int preverify_ok, X509_STORE_CTX * x509_ctx GCC_UNUSED) SSL_single_prompt(&msg, X509_verify_cert_error_string((long) X509_STORE_CTX_get_error(x509_ctx))); - if (HTForcedPrompt(ssl_noprompt, msg, YES)) + if (HTForcedPrompt(ssl_noprompt, msg, NO)) ssl_okay = 1; else result = 0; @@ -872,7 +872,7 @@ static int HTLoadHTTP(const char *arg, #endif CTRACE((tfp, "HTLoadHTTP: %s\n", msg)); if (!ssl_noprompt) { - if (!HTForcedPrompt(ssl_noprompt, msg, YES)) { + if (!HTForcedPrompt(ssl_noprompt, msg, NO)) { flag_continue = 0; } } else if (ssl_noprompt == FORCE_PROMPT_NO) { @@ -1072,7 +1072,7 @@ static int HTLoadHTTP(const char *arg, if (status_sslcertcheck < 2) { if (msg == NULL) StrAllocCopy(msg, gettext("SSL error")); - if (!HTForcedPrompt(ssl_noprompt, msg, YES)) { + if (!HTForcedPrompt(ssl_noprompt, msg, NO)) { status = HT_NOT_LOADED; FREE(msg); FREE(ssl_all_cns); diff --git a/lynx_help/lynx_url_support.html b/lynx_help/lynx_url_support.html index f387af69..ad4de44d 100644 --- a/lynx_help/lynx_url_support.html +++ b/lynx_help/lynx_url_support.html @@ -1,4 +1,4 @@ -<!-- $LynxId: lynx_url_support.html,v 1.33 2014/01/10 20:48:52 tom Exp $ --> +<!-- $LynxId: lynx_url_support.html,v 1.34 2015/05/07 00:18:49 tom Exp $ --> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"> <html> @@ -121,6 +121,15 @@ <p>The https URL has the same format, but the default port is <em>:443</em>.</p> + + <p><strong>Lynx</strong> relies for https support on external + libraries (OpenSSL or GnuTLS) whose capabilities have evolved + over time. In turn, those libraries may depend upon external + resources for verifying SSL certificates. For instance, + certification revocation may be provided via the Online + Certificate Status Protocol (OCSP) which is an external service. + Without this facility, <strong>Lynx</strong> may not warn about + websites using revoked SSL certificates.</p> <hr> <h2><a name="telnet_url" id="telnet_url">The <em>telnet</em>, |