snapshot of project "lynx", label v2-8-7dev_7b

2 files changed, 58 insertions, 12 deletions

diff --git a/WWW/Library/Implementation/HTAccess.h b/WWW/Library/Implementation/HTAccess.h
index 81e8f3c7..3aa9c6d9 100644
--- a/WWW/Library/Implementation/HTAccess.h
+++ b/WWW/Library/Implementation/HTAccess.h
@@ -1,12 +1,15 @@
-/*                                                      HTAccess:  Access manager  for libwww
-                                      ACCESS MANAGER
-
-   This module keeps a list of valid protocol (naming scheme) specifiers with associated
-   access code.  It allows documents to be loaded given various combinations of
-   parameters.  New access protocols may be registered at any time.
-
-   Part of the libwww library .
-
+/*
+ * $LynxId: HTAccess.h,v 1.20 2008/01/03 00:24:16 tom Exp $
+ *					HTAccess:  Access manager for libwww
+ *			ACCESS MANAGER
+ *
+ * This module keeps a list of valid protocol (naming scheme) specifiers with
+ * associated access code.  It allows documents to be loaded given various
+ * combinations of parameters.  New access protocols may be registered at any
+ * time.
+ *
+ * Part of the libwww library .
+ *
  */
 #ifndef HTACCESS_H
 #define HTACCESS_H
@@ -154,7 +157,7 @@ Load a document from absolute name to a stream
 Load if necessary, and select an anchor
 
   ON ENTRY,
-  destination                The child or parenet anchor to be loaded.
+  destination                The child or parent anchor to be loaded.
 
   ON EXIT,
   returns YES             Success
@@ -168,7 +171,7 @@ Load if necessary, and select an anchor
 Make a stream for Saving object back
 
   ON ENTRY,
-  anchor                  is valid anchor which has previously beeing loaded
+  anchor                  is valid anchor which has previously been loaded
 
   ON EXIT,
   returns                 0 if error else a stream to save the object to.
diff --git a/WWW/Library/Implementation/HTTP.c b/WWW/Library/Implementation/HTTP.c
index ec14e1ce..bf8ddf29 100644
--- a/WWW/Library/Implementation/HTTP.c
+++ b/WWW/Library/Implementation/HTTP.c
@@ -1,5 +1,5 @@
 /*
- * $LynxId: HTTP.c,v 1.87 2007/07/03 00:20:33 tom Exp $
+ * $LynxId: HTTP.c,v 1.89 2008/01/03 01:05:46 Joey.Schulze Exp $
  *
  * HyperText Tranfer Protocol	- Client implementation		HTTP.c
  * ==========================
@@ -119,6 +119,13 @@ SSL *HTGetSSLHandle(void)
 	    CTRACE((tfp,
 		    "HTGetSSLHandle: certfile is set to %s by SSL_CERT_FILE\n",
 		    certfile));
+	} else {
+	    if (non_empty(SSL_cert_file)) {
+		certfile = SSL_cert_file;
+		CTRACE((tfp,
+			"HTGetSSLHandle: certfile is set to %s by config SSL_CERT_FILE\n",
+			certfile));
+	    }
 	}
 #endif
 	atexit(free_ssl_ctx);
@@ -807,6 +814,42 @@ static int HTLoadHTTP(const char *arg,
 	}
 
 	/* check the X.509v3 Subject Alternative Name */
+#ifdef USE_GNUTLS_INCL
+	if (status_sslcertcheck < 2) {
+	    int i;
+	    size_t size;
+	    gnutls_x509_crt cert;
+	    static char buf[2048];
+
+	    /* import the certificate to the x509_crt format */
+	    if (gnutls_x509_crt_init(&cert) == 0) {
+
+		if (gnutls_x509_crt_import(cert, peer_cert,
+					   GNUTLS_X509_FMT_DER) < 0) {
+		    gnutls_x509_crt_deinit(cert);
+		    goto done;
+		}
+
+		ret = 0;
+		for (i = 0; !(ret < 0); i++) {
+		    size = sizeof(buf);
+		    ret = gnutls_x509_crt_get_subject_alt_name(cert, i, buf,
+							       &size, NULL);
+
+		    if (strcasecomp_asterisk(ssl_host, buf) == 0) {
+			status_sslcertcheck = 2;
+			HTSprintf0(&msg,
+				   gettext("Verified connection to %s (subj=%s)"),
+				   ssl_host, buf);
+			_HTProgress(msg);
+			FREE(msg);
+			break;
+		    }
+
+		}
+	    }
+	}
+#endif
 #ifdef USE_OPENSSL_INCL
 	if (status_sslcertcheck < 2) {
 	    STACK_OF(GENERAL_NAME) * gens;