diff options
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | WWW/Library/Implementation/HTTP.c | 39 | ||||
| -rw-r--r-- | WWW/Library/Implementation/tidy_tls.h | 4 | ||||
| -rw-r--r-- | aclocal.m4 | 10 | ||||
| -rwxr-xr-x | configure | 2 | ||||
| -rw-r--r-- | lynx.cfg | 4 | ||||
| -rw-r--r-- | lynx_help/Lynx_users_guide.html | 4 | ||||
| -rw-r--r-- | src/LYMain.c | 5 | ||||
| -rw-r--r-- | src/LYReadCFG.c | 6 | ||||
| -rw-r--r-- | src/tidy_tls.c | 36 |
10 files changed, 63 insertions, 51 deletions
diff --git a/CHANGES b/CHANGES index 7daea02a..4e43670e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,9 +1,11 @@ --- $LynxId: CHANGES,v 1.818 2015/10/08 09:26:03 tom Exp $ +-- $LynxId: CHANGES,v 1.819 2015/10/12 00:08:33 tom Exp $ =============================================================================== Changes since Lynx 2.8 release =============================================================================== 2015-10-07 (2.8.9dev.7) +* set SSL_MODE_AUTO_RETRY in OpenSSL configuration, completing work needed for + Debian #707059 -TD * correct description used for "K" vs "k" key binding in manpage -TD * adopt some of the patches from Debian lynx package: + add Delete key usage to manpage (patch by Denis Briand, Debian #74358) diff --git a/WWW/Library/Implementation/HTTP.c b/WWW/Library/Implementation/HTTP.c index 6dc6adf8..57263f44 100644 --- a/WWW/Library/Implementation/HTTP.c +++ b/WWW/Library/Implementation/HTTP.c @@ -1,5 +1,5 @@ /* - * $LynxId: HTTP.c,v 1.143 2015/10/08 08:52:00 Simon.Kainz Exp $ + * $LynxId: HTTP.c,v 1.147 2015/11/17 01:29:09 tom Exp $ * * HyperText Tranfer Protocol - Client implementation HTTP.c * ========================== @@ -161,10 +161,9 @@ static int HTSSLCallback(int preverify_ok, X509_STORE_CTX * x509_ctx GCC_UNUSED) SSL *HTGetSSLHandle(void) { #ifdef USE_GNUTLS_INCL - static char *certfile = NULL; - static char *client_keyfile = NULL; - static char *client_certfile = NULL; - + char *certfile = NULL; + char *client_keyfile = NULL; + char *client_certfile = NULL; #endif if (ssl_ctx == NULL) { @@ -185,6 +184,9 @@ SSL *HTGetSSLHandle(void) #ifdef SSL_OP_NO_COMPRESSION SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); #endif +#ifdef SSL_MODE_AUTO_RETRY + SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY); +#endif #ifdef SSL_MODE_RELEASE_BUFFERS SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS); #endif @@ -207,7 +209,6 @@ SSL *HTGetSSLHandle(void) } #endif #ifdef USE_GNUTLS_INCL - if ((certfile = LYGetEnv("SSL_CERT_FILE")) != NULL) { CTRACE((tfp, "HTGetSSLHandle: certfile is set to %s by SSL_CERT_FILE\n", @@ -229,10 +230,8 @@ SSL *HTGetSSLHandle(void) } #endif atexit(free_ssl_ctx); - } #ifdef USE_GNUTLS_INCL - if (non_empty(SSL_client_key_file)) { client_keyfile = SSL_client_key_file; CTRACE((tfp, @@ -253,7 +252,6 @@ SSL *HTGetSSLHandle(void) ssl_ctx->client_keyfile_type = GNUTLS_X509_FMT_PEM; ssl_ctx->client_certfile = client_certfile; ssl_ctx->client_certfile_type = GNUTLS_X509_FMT_PEM; - #endif ssl_okay = 0; return (SSL_new(ssl_ctx)); @@ -679,7 +677,7 @@ static int HTLoadHTTP(const char *arg, unsigned tls_status; #endif -#if SSLEAY_VERSION_NUMBER >= 0x0900 +#if (SSLEAY_VERSION_NUMBER >= 0x0900) && !defined(USE_GNUTLS_FUNCS) BOOL try_tls = TRUE; #endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */ SSL_handle = NULL; @@ -805,28 +803,33 @@ static int HTLoadHTTP(const char *arg, #ifndef USE_NSS_COMPAT_INCL if (!try_tls) { handle->options |= SSL_OP_NO_TLSv1; + CTRACE((tfp, "...adding SSL_OP_NO_TLSv1\n")); + } #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) - } else { + else { int ret = (int) SSL_set_tlsext_host_name(handle, ssl_host); CTRACE((tfp, "...called SSL_set_tlsext_host_name(%s) ->%d\n", ssl_host, ret)); -#endif } #endif +#endif #endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */ HTSSLInitPRNG(); status = SSL_connect(handle); if (status <= 0) { -#if SSLEAY_VERSION_NUMBER >= 0x0900 +#if (SSLEAY_VERSION_NUMBER >= 0x0900) +#if !defined(USE_GNUTLS_FUNCS) if (try_tls) { _HTProgress(gettext("Retrying connection without TLS.")); try_tls = FALSE; if (did_connect) HTTP_NETCLOSE(s, handle); goto try_again; - } else { + } else +#endif + { CTRACE((tfp, "HTTP: Unable to complete SSL handshake for '%s', SSL_connect=%d, SSL error stack dump follows\n", url, status)); @@ -912,7 +915,7 @@ static int HTLoadHTTP(const char *arg, } #endif - peer_cert = SSL_get_peer_certificate(handle); + peer_cert = (X509 *) SSL_get_peer_certificate(handle); #if defined(USE_OPENSSL_INCL) || defined(USE_GNUTLS_FUNCS) X509_NAME_oneline(X509_get_subject_name(peer_cert), ssl_dn, (int) sizeof(ssl_dn)); @@ -1008,8 +1011,10 @@ static int HTLoadHTTP(const char *arg, ret = 0; for (i = 0; !(ret < 0); i++) { size = sizeof(buf); - ret = gnutls_x509_crt_get_subject_alt_name(cert, i, buf, - &size, NULL); + ret = gnutls_x509_crt_get_subject_alt_name(cert, + (unsigned) i, + buf, &size, + NULL); if (strcasecomp_asterisk(ssl_host, buf) == 0) { status_sslcertcheck = 2; diff --git a/WWW/Library/Implementation/tidy_tls.h b/WWW/Library/Implementation/tidy_tls.h index 1674c81b..56b36360 100644 --- a/WWW/Library/Implementation/tidy_tls.h +++ b/WWW/Library/Implementation/tidy_tls.h @@ -1,5 +1,5 @@ /* - * $LynxId: tidy_tls.h,v 1.7 2015/10/08 08:51:26 Simon.Kainz Exp $ + * $LynxId: tidy_tls.h,v 1.8 2015/10/12 00:28:18 tom Exp $ * Copyright 2008-2013,2015 Thomas E. Dickey */ #ifndef TIDY_TLS_H @@ -105,7 +105,7 @@ struct _SSL { gnutls_transport_ptr_t wfd; void *sendbuffer; - int bytes_sent; + size_t bytes_sent; }; /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options diff --git a/aclocal.m4 b/aclocal.m4 index 3f1eb664..82309018 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,4 +1,4 @@ -dnl $LynxId: aclocal.m4,v 1.227 2015/09/29 09:24:05 tom Exp $ +dnl $LynxId: aclocal.m4,v 1.228 2015/10/11 21:16:46 tom Exp $ dnl Macros for auto-configure script. dnl by Thomas E. Dickey <dickey@invisible-island.net> dnl and Jim Spath <jspath@mail.bcpl.lib.md.us> @@ -1054,15 +1054,19 @@ ifelse([$3],,[ :]dnl ])dnl ])])dnl dnl --------------------------------------------------------------------------- -dnl CF_AR_FLAGS version: 5 updated: 2010/05/20 20:24:29 +dnl CF_AR_FLAGS version: 6 updated: 2015/10/10 15:25:05 dnl ----------- dnl Check for suitable "ar" (archiver) options for updating an archive. +dnl +dnl In particular, handle some obsolete cases where the "-" might be omitted, +dnl as well as a workaround for breakage of make's archive rules by the GNU +dnl binutils "ar" program. AC_DEFUN([CF_AR_FLAGS],[ AC_REQUIRE([CF_PROG_AR]) AC_CACHE_CHECK(for options to update archives, cf_cv_ar_flags,[ cf_cv_ar_flags=unknown - for cf_ar_flags in -curv curv -crv crv -cqv cqv -rv rv + for cf_ar_flags in -curvU -curv curv -crv crv -cqv cqv -rv rv do # check if $ARFLAGS already contains this choice diff --git a/configure b/configure index c6838570..9c559b48 100755 --- a/configure +++ b/configure @@ -3235,7 +3235,7 @@ if test "${cf_cv_ar_flags+set}" = set; then else cf_cv_ar_flags=unknown - for cf_ar_flags in -curv curv -crv crv -cqv cqv -rv rv + for cf_ar_flags in -curvU -curv curv -crv crv -cqv cqv -rv rv do # check if $ARFLAGS already contains this choice diff --git a/lynx.cfg b/lynx.cfg index 8fcd8b27..170a6f1d 100644 --- a/lynx.cfg +++ b/lynx.cfg @@ -1,4 +1,4 @@ -# $LynxId: lynx.cfg,v 1.261 2015/10/08 08:51:26 Simon.Kainz Exp $ +# $LynxId: lynx.cfg,v 1.262 2015/10/10 00:26:07 tom Exp $ # lynx.cfg file. # The default placement for this file is /usr/local/lib/lynx.cfg (Unix) # or Lynx_Dir:lynx.cfg (VMS) @@ -3563,6 +3563,7 @@ COLOR:6:brightred:black # not set, e.g., # #SSL_CLIENT_CERT_FILE:/home/qux/certs/cert.crt +#SSL_CLIENT_CERT_FILE:NULL .h2 SSL_CLIENT_KEY_FILE # Set SSL_CLIENT_KEY_FILE to the file that contains a client certificate @@ -3570,6 +3571,7 @@ COLOR:6:brightred:black # is not set, e.g., # #SSL_CLIENT_KEY_FILE:/home/qux/certs/cert.key +#SSL_CLIENT_KEY_FILE:NULL .h1 Appearance diff --git a/lynx_help/Lynx_users_guide.html b/lynx_help/Lynx_users_guide.html index d77103bf..1e153040 100644 --- a/lynx_help/Lynx_users_guide.html +++ b/lynx_help/Lynx_users_guide.html @@ -1,4 +1,4 @@ -<!-- $LynxId: Lynx_users_guide.html,v 1.126 2015/09/19 17:40:20 tom Exp $ --> +<!-- $LynxId: Lynx_users_guide.html,v 1.127 2015/10/09 21:42:12 tom Exp $ --> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"> <html> @@ -4333,7 +4333,7 @@ the other two cannot be saved between sessions. options: <a href= "http://lynx.invisible-island.net/release/breakout/lynx_help/cattoc.html"> by category</a> or <a href= - "lynx.http://invisible-island.net/release/breakout/lynx_help/alphatoc.html"> + "http://lynx.invisible-island.net/release/breakout/lynx_help/alphatoc.html"> by alphabet</a>.</p> <p>To view your current configuration derived from lynx.cfg and diff --git a/src/LYMain.c b/src/LYMain.c index a09e9626..003c3516 100644 --- a/src/LYMain.c +++ b/src/LYMain.c @@ -1,5 +1,5 @@ /* - * $LynxId: LYMain.c,v 1.258 2015/10/08 09:24:13 tom Exp $ + * $LynxId: LYMain.c,v 1.259 2015/10/12 00:23:00 tom Exp $ */ #include <HTUtils.h> #include <HTTP.h> @@ -553,7 +553,7 @@ char *XLoadImageCommand = NULL; /* Default image viewer for X */ BOOLEAN LYNoISMAPifUSEMAP = FALSE; /* Omit ISMAP link if MAP present? */ int LYHiddenLinks = HIDDENLINKS_SEPARATE; /* Show hidden links? */ -char *SSL_cert_file = NULL; /*y Default CA CERT file */ +char *SSL_cert_file = NULL; /* Default CA CERT file */ char *SSL_client_cert_file = NULL; char *SSL_client_key_file = NULL; @@ -1590,7 +1590,6 @@ int main(int argc, "HTGetSSLHandle: client keyfile is set to %s by SSL_CLIENT_KEY_FILE\n", client_keyfile)); StrAllocCopy(SSL_client_key_file, client_keyfile); - } if ((client_certfile = LYGetEnv("SSL_CLIENT_CERT_FILE")) != NULL) { diff --git a/src/LYReadCFG.c b/src/LYReadCFG.c index 6dd1e306..81950c64 100644 --- a/src/LYReadCFG.c +++ b/src/LYReadCFG.c @@ -1,5 +1,5 @@ /* - * $LynxId: LYReadCFG.c,v 1.185 2015/10/08 08:51:26 Simon.Kainz Exp $ + * $LynxId: LYReadCFG.c,v 1.186 2015/10/10 00:31:57 tom Exp $ */ #ifndef NO_RULES #include <HTRules.h> @@ -1719,8 +1719,8 @@ static Config_Type Config_Table [] = PARSE_ENU(RC_SOURCE_CACHE_FOR_ABORTED, LYCacheSourceForAborted, tbl_abort_source_cache), #endif PARSE_STR(RC_SSL_CERT_FILE, SSL_cert_file), - PARSE_STR(RC_SSL_CLIENT_CERT_FILE, SSL_client_cert_file), - PARSE_STR(RC_SSL_CLIENT_KEY_FILE, SSL_client_key_file), + PARSE_STR(RC_SSL_CLIENT_CERT_FILE, SSL_client_cert_file), + PARSE_STR(RC_SSL_CLIENT_KEY_FILE, SSL_client_key_file), PARSE_FUN(RC_STARTFILE, startfile_fun), PARSE_FUN(RC_STATUS_BUFFER_SIZE, status_buffer_size_fun), PARSE_SET(RC_STRIP_DOTDOT_URLS, LYStripDotDotURLs), diff --git a/src/tidy_tls.c b/src/tidy_tls.c index 559dca06..d94ba5cf 100644 --- a/src/tidy_tls.c +++ b/src/tidy_tls.c @@ -1,5 +1,5 @@ /* - * $LynxId: tidy_tls.c,v 1.29 2015/10/08 08:51:26 Simon.Kainz Exp $ + * $LynxId: tidy_tls.c,v 1.31 2015/10/12 00:31:21 tom Exp $ * Copyright 2008-2014,2015 Thomas E. Dickey * with fix Copyright 2008 by Thomas Viehmann * @@ -70,7 +70,7 @@ static int ExtractCertificate(const gnutls_datum_t *cert, X509_NAME * result, in const char *ERR_error_string(unsigned long e, char *buffer) { (void) buffer; - return gnutls_strerror(-e); + return gnutls_strerror((int) -e); } /* @@ -82,7 +82,7 @@ unsigned long ERR_get_error(void) { unsigned long rc; - rc = -last_error; + rc = (unsigned long) (-last_error); last_error = 0; return rc; @@ -96,7 +96,7 @@ int RAND_bytes(unsigned char *buffer, int num) int rc; #ifdef HAVE_GNUTLS_RND - rc = gnutls_rnd(GNUTLS_RND_KEY, buffer, num); + rc = gnutls_rnd(GNUTLS_RND_KEY, buffer, (size_t) num); #else gcry_randomize(buffer, num, GCRY_VERY_STRONG_RANDOM); rc = 1; @@ -125,7 +125,7 @@ const char *RAND_file_name(char *buffer, size_t len) int RAND_load_file(const char *name, long maxbytes) { (void) name; - return maxbytes; + return (int) maxbytes; } /* @@ -168,7 +168,7 @@ int SSL_CIPHER_get_bits(SSL_CIPHER * cipher, int *bits) int result = 0; if (cipher) { - result = (8 * gnutls_cipher_get_key_size(cipher->encrypts)); + result = (8 * (int) gnutls_cipher_get_key_size(cipher->encrypts)); } if (bits) @@ -457,13 +457,13 @@ int SSL_read(SSL * ssl, void *buffer, int length) { int rc; - rc = gnutls_record_recv(ssl->gnutls_state, buffer, length); + rc = (int) gnutls_record_recv(ssl->gnutls_state, buffer, (size_t) length); if (rc < 0 && gnutls_error_is_fatal(rc) == 0) { if (rc == GNUTLS_E_REHANDSHAKE) { rc = gnutls_handshake(ssl->gnutls_state); - gnutls_record_send(ssl->gnutls_state, ssl->sendbuffer, ssl->bytes_sent); - rc = gnutls_record_recv(ssl->gnutls_state, buffer, length); + gnutls_record_send(ssl->gnutls_state, ssl->sendbuffer, (size_t) ssl->bytes_sent); + rc = (int) gnutls_record_recv(ssl->gnutls_state, buffer, (size_t) length); } } @@ -495,18 +495,18 @@ int SSL_write(SSL * ssl, const void *buffer, int length) { int rc; - rc = gnutls_record_send(ssl->gnutls_state, buffer, length); + rc = (int) gnutls_record_send(ssl->gnutls_state, buffer, (size_t) length); ssl->last_error = rc; if (rc < 0) { last_error = rc; rc = 0; } else { - if (ssl->sendbuffer) { - free(ssl->sendbuffer); - } - ssl->sendbuffer = malloc(rc); - ssl->bytes_sent = rc; + size_t need = (size_t) rc; + + free(ssl->sendbuffer); + ssl->sendbuffer = malloc(need); + ssl->bytes_sent = need; } return rc; @@ -587,7 +587,7 @@ SSL_METHOD *SSLv23_client_method(void) static int add_name(char *target, int len, const char *tag, const char *data) { if (*data != '\0') { - int need = strlen(tag) + 2; + int need = (int) strlen(tag) + 2; target += strlen(target); if (need < len) { @@ -597,10 +597,10 @@ static int add_name(char *target, int len, const char *tag, const char *data) len -= need; target += need; } - need = strlen(data); + need = (int) strlen(data); if (need >= len - 1) need = len - 1; - strncat(target, data, need)[need] = '\0'; + strncat(target, data, (size_t) need)[need] = '\0'; } return len; } |