diff options
| -rw-r--r-- | CHANGES | 5 | ||||
| -rw-r--r-- | WWW/Library/Implementation/HTTP.c | 27 | ||||
| -rw-r--r-- | WWW/Library/Implementation/tidy_tls.h | 7 | ||||
| -rw-r--r-- | lynx.cfg | 16 | ||||
| -rw-r--r-- | src/LYGlobalDefs.h | 4 | ||||
| -rw-r--r-- | src/LYMain.c | 26 | ||||
| -rw-r--r-- | src/LYOptions.c | 24 | ||||
| -rw-r--r-- | src/LYReadCFG.c | 4 | ||||
| -rw-r--r-- | src/LYrcFile.h | 4 | ||||
| -rw-r--r-- | src/tidy_tls.c | 10 |
10 files changed, 111 insertions, 16 deletions
diff --git a/CHANGES b/CHANGES index 8866e4a8..7daea02a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,4 @@ --- $LynxId: CHANGES,v 1.816 2015/10/08 00:49:51 tom Exp $ +-- $LynxId: CHANGES,v 1.818 2015/10/08 09:26:03 tom Exp $ =============================================================================== Changes since Lynx 2.8 release =============================================================================== @@ -12,6 +12,7 @@ Changes since Lynx 2.8 release https://wiki.debian.org/ReproducibleBuilds/TimestampsFromCPPMacros + add -n option to gzip when making gzip'd helpfiles (patch by Andreas Metzler). + + add support for client certificates (patch by Simon Kainz, Debian #797901). * use POSIX locale when sorting entries in cfg_defs.h (patch by Reiner Hermann, Debian #792770). * move homepage for Lynx from @@ -30,7 +31,7 @@ Changes since Lynx 2.8 release http://translationproject.org/latest/lynx * use gnutls_set_default_priority() to simplify algorithm priorities in the gnutls configuration as well as track occassional changes in that library - (patch by Andreas Metzler). + (patch by Andreas Metzler, Debian #789189, Debian #784430). * correct logic in LYsetRcValue() from 2.8.8dev.13, which would free the wrong pointer if the input had leading blanks (patch by Ruda Moura). * fix CF_CHECK_SIZEOF autoconf macro to work when its working variables have diff --git a/WWW/Library/Implementation/HTTP.c b/WWW/Library/Implementation/HTTP.c index 86846add..6dc6adf8 100644 --- a/WWW/Library/Implementation/HTTP.c +++ b/WWW/Library/Implementation/HTTP.c @@ -1,5 +1,5 @@ /* - * $LynxId: HTTP.c,v 1.142 2015/05/06 23:34:07 tom Exp $ + * $LynxId: HTTP.c,v 1.143 2015/10/08 08:52:00 Simon.Kainz Exp $ * * HyperText Tranfer Protocol - Client implementation HTTP.c * ========================== @@ -162,6 +162,9 @@ SSL *HTGetSSLHandle(void) { #ifdef USE_GNUTLS_INCL static char *certfile = NULL; + static char *client_keyfile = NULL; + static char *client_certfile = NULL; + #endif if (ssl_ctx == NULL) { @@ -204,6 +207,7 @@ SSL *HTGetSSLHandle(void) } #endif #ifdef USE_GNUTLS_INCL + if ((certfile = LYGetEnv("SSL_CERT_FILE")) != NULL) { CTRACE((tfp, "HTGetSSLHandle: certfile is set to %s by SSL_CERT_FILE\n", @@ -225,10 +229,31 @@ SSL *HTGetSSLHandle(void) } #endif atexit(free_ssl_ctx); + } #ifdef USE_GNUTLS_INCL + + if (non_empty(SSL_client_key_file)) { + client_keyfile = SSL_client_key_file; + CTRACE((tfp, + "HTGetSSLHandle: client key file is set to %s by config SSL_CLIENT_KEY_FILE\n", + client_keyfile)); + } + + if (non_empty(SSL_client_cert_file)) { + client_certfile = SSL_client_cert_file; + CTRACE((tfp, + "HTGetSSLHandle: client cert file is set to %s by config SSL_CLIENT_CERT_FILE\n", + client_certfile)); + } + ssl_ctx->certfile = certfile; ssl_ctx->certfile_type = GNUTLS_X509_FMT_PEM; + ssl_ctx->client_keyfile = client_keyfile; + ssl_ctx->client_keyfile_type = GNUTLS_X509_FMT_PEM; + ssl_ctx->client_certfile = client_certfile; + ssl_ctx->client_certfile_type = GNUTLS_X509_FMT_PEM; + #endif ssl_okay = 0; return (SSL_new(ssl_ctx)); diff --git a/WWW/Library/Implementation/tidy_tls.h b/WWW/Library/Implementation/tidy_tls.h index 631e8a2a..1674c81b 100644 --- a/WWW/Library/Implementation/tidy_tls.h +++ b/WWW/Library/Implementation/tidy_tls.h @@ -1,5 +1,5 @@ /* - * $LynxId: tidy_tls.h,v 1.6 2015/09/02 01:16:04 tom Exp $ + * $LynxId: tidy_tls.h,v 1.7 2015/10/08 08:51:26 Simon.Kainz Exp $ * Copyright 2008-2013,2015 Thomas E. Dickey */ #ifndef TIDY_TLS_H @@ -78,6 +78,11 @@ typedef struct _SSL_CTX { int (*verify_callback) (int, X509_STORE_CTX *); int verify_mode; + char *client_certfile; + int client_certfile_type; + char *client_keyfile; + int client_keyfile_type; + } SSL_CTX; struct _SSL { diff --git a/lynx.cfg b/lynx.cfg index 2654b371..8fcd8b27 100644 --- a/lynx.cfg +++ b/lynx.cfg @@ -1,4 +1,4 @@ -# $LynxId: lynx.cfg,v 1.260 2015/09/19 17:36:28 tom Exp $ +# $LynxId: lynx.cfg,v 1.261 2015/10/08 08:51:26 Simon.Kainz Exp $ # lynx.cfg file. # The default placement for this file is /usr/local/lib/lynx.cfg (Unix) # or Lynx_Dir:lynx.cfg (VMS) @@ -3557,6 +3557,20 @@ COLOR:6:brightred:black #SSL_CERT_FILE:/etc/ssl/certs/ca-certificates.crt #SSL_CERT_FILE:NULL +.h2 SSL_CLIENT_CERT_FILE +# Set SSL_CLIENT_CERT_FILE to the file that contains a client certificate +# (in PEM format) in case the $SSL_CLIENT_CERT_FILE environment variable is +# not set, e.g., +# +#SSL_CLIENT_CERT_FILE:/home/qux/certs/cert.crt + +.h2 SSL_CLIENT_KEY_FILE +# Set SSL_CLIENT_KEY_FILE to the file that contains a client certificate +# key (in PEM format), in case the $SSL_CLIENT_KEY_FILE environment variable +# is not set, e.g., +# +#SSL_CLIENT_KEY_FILE:/home/qux/certs/cert.key + .h1 Appearance .h2 SCREEN_SIZE diff --git a/src/LYGlobalDefs.h b/src/LYGlobalDefs.h index 59e34cf9..0fc576e8 100644 --- a/src/LYGlobalDefs.h +++ b/src/LYGlobalDefs.h @@ -1,5 +1,5 @@ /* - * $LynxId: LYGlobalDefs.h,v 1.138 2014/02/04 01:25:39 tom Exp $ + * $LynxId: LYGlobalDefs.h,v 1.139 2015/10/08 08:51:26 Simon.Kainz Exp $ * * global variable definitions */ @@ -536,6 +536,8 @@ extern "C" { extern int LYHiddenLinks; extern char *SSL_cert_file; /* Default CA CERT file */ + extern char *SSL_client_cert_file; /* Default client CERT file */ + extern char *SSL_client_key_file; /* Default client key file */ extern int Old_DTD; diff --git a/src/LYMain.c b/src/LYMain.c index a15c9447..a09e9626 100644 --- a/src/LYMain.c +++ b/src/LYMain.c @@ -1,5 +1,5 @@ /* - * $LynxId: LYMain.c,v 1.256 2015/10/08 00:41:48 tom Exp $ + * $LynxId: LYMain.c,v 1.258 2015/10/08 09:24:13 tom Exp $ */ #include <HTUtils.h> #include <HTTP.h> @@ -553,7 +553,9 @@ char *XLoadImageCommand = NULL; /* Default image viewer for X */ BOOLEAN LYNoISMAPifUSEMAP = FALSE; /* Omit ISMAP link if MAP present? */ int LYHiddenLinks = HIDDENLINKS_SEPARATE; /* Show hidden links? */ -char *SSL_cert_file = NULL; /* Default CA CERT file */ +char *SSL_cert_file = NULL; /*y Default CA CERT file */ +char *SSL_client_cert_file = NULL; +char *SSL_client_key_file = NULL; int Old_DTD = NO; static BOOLEAN DTD_recovery = NO; @@ -1579,6 +1581,26 @@ int main(int argc, */ read_cfg(lynx_cfg_file, "main program", 1, (FILE *) 0); + { + static char *client_keyfile = NULL; + static char *client_certfile = NULL; + + if ((client_keyfile = LYGetEnv("SSL_CLIENT_KEY_FILE")) != NULL) { + CTRACE((tfp, + "HTGetSSLHandle: client keyfile is set to %s by SSL_CLIENT_KEY_FILE\n", + client_keyfile)); + StrAllocCopy(SSL_client_key_file, client_keyfile); + + } + + if ((client_certfile = LYGetEnv("SSL_CLIENT_CERT_FILE")) != NULL) { + CTRACE((tfp, + "HTGetSSLHandle: client certfile is set to %s by SSL_CLIENT_CERT_FILE\n", + client_certfile)); + StrAllocCopy(SSL_client_cert_file, client_certfile); + } + } + #if defined(USE_COLOR_STYLE) if (!dump_output_immediately) { init_color_styles(&lynx_lss_file2, default_color_styles); diff --git a/src/LYOptions.c b/src/LYOptions.c index 5e7415eb..76815bb2 100644 --- a/src/LYOptions.c +++ b/src/LYOptions.c @@ -1,4 +1,4 @@ -/* $LynxId: LYOptions.c,v 1.165 2014/12/21 21:27:45 tom Exp $ */ +/* $LynxId: LYOptions.c,v 1.166 2015/10/08 08:52:00 Simon.Kainz Exp $ */ #include <HTUtils.h> #include <HTFTP.h> #include <HTTP.h> /* 'reloading' flag */ @@ -2444,6 +2444,9 @@ static const char *preferred_doc_lang_string = RC_PREFERRED_LANGUAGE; static const char *send_user_agent_string = RC_SEND_USERAGENT; static const char *user_agent_string = RC_USERAGENT; +static const char *ssl_client_certificate_file = RC_SSL_CLIENT_CERT_FILE; +static const char *ssl_client_key_file = RC_SSL_CLIENT_KEY_FILE; + #define PutHeader(fp, Name) \ fprintf(fp, "\n%s<em>%s</em>\n", MARGIN_STR, LYEntifyTitle(&buffer, Name)); @@ -3260,6 +3263,16 @@ int postoptions(DocInfo *newdoc) LYSendUserAgent = (BOOLEAN) !strcasecomp(data[i].value, "ON"); } + if (!strcmp(data[i].tag, ssl_client_certificate_file)) { + FREE(SSL_client_cert_file); + StrAllocCopy(SSL_client_cert_file, data[i].value); + } + + if (!strcmp(data[i].tag, ssl_client_key_file)) { + FREE(SSL_client_key_file); + StrAllocCopy(SSL_client_key_file, data[i].value); + } + /* User Agent: INPUT */ if (!strcmp(data[i].tag, user_agent_string) && (!no_useragent)) { if (strcmp(LYUserAgent, data[i].value)) { @@ -3729,6 +3742,15 @@ static int gen_options(char **newfile) BeginSelect(fp0, ssl_prompt_string); PutOptValues(fp0, ssl_noprompt, prompt_values); EndSelect(fp0); + + PutLabel(fp0, gettext("SSL client certificate file"), ssl_client_certificate_file); + PutTextInput(fp0, ssl_client_certificate_file, + NonNull(SSL_client_cert_file), text_len, ""); + + PutLabel(fp0, gettext("SSL client key file"), ssl_client_key_file); + PutTextInput(fp0, ssl_client_key_file, + NonNull(SSL_client_key_file), text_len, ""); + #endif PutHeader(fp0, gettext("Keyboard Input")); diff --git a/src/LYReadCFG.c b/src/LYReadCFG.c index 6266ff98..6dd1e306 100644 --- a/src/LYReadCFG.c +++ b/src/LYReadCFG.c @@ -1,5 +1,5 @@ /* - * $LynxId: LYReadCFG.c,v 1.184 2014/02/12 23:59:11 tom Exp $ + * $LynxId: LYReadCFG.c,v 1.185 2015/10/08 08:51:26 Simon.Kainz Exp $ */ #ifndef NO_RULES #include <HTRules.h> @@ -1719,6 +1719,8 @@ static Config_Type Config_Table [] = PARSE_ENU(RC_SOURCE_CACHE_FOR_ABORTED, LYCacheSourceForAborted, tbl_abort_source_cache), #endif PARSE_STR(RC_SSL_CERT_FILE, SSL_cert_file), + PARSE_STR(RC_SSL_CLIENT_CERT_FILE, SSL_client_cert_file), + PARSE_STR(RC_SSL_CLIENT_KEY_FILE, SSL_client_key_file), PARSE_FUN(RC_STARTFILE, startfile_fun), PARSE_FUN(RC_STATUS_BUFFER_SIZE, status_buffer_size_fun), PARSE_SET(RC_STRIP_DOTDOT_URLS, LYStripDotDotURLs), diff --git a/src/LYrcFile.h b/src/LYrcFile.h index 5c8a4e1f..6cd00658 100644 --- a/src/LYrcFile.h +++ b/src/LYrcFile.h @@ -1,5 +1,5 @@ /* - * $LynxId: LYrcFile.h,v 1.45 2014/02/12 23:42:24 tom Exp $ + * $LynxId: LYrcFile.h,v 1.46 2015/10/08 08:51:26 Simon.Kainz Exp $ */ #ifndef LYRCFILE_H #define LYRCFILE_H @@ -234,6 +234,8 @@ #define RC_SOURCE_CACHE "source_cache" #define RC_SOURCE_CACHE_FOR_ABORTED "source_cache_for_aborted" #define RC_SSL_CERT_FILE "ssl_cert_file" +#define RC_SSL_CLIENT_CERT_FILE "ssl_client_cert_file" +#define RC_SSL_CLIENT_KEY_FILE "ssl_client_key_file" #define RC_STARTFILE "startfile" #define RC_STATUS_BUFFER_SIZE "status_buffer_size" #define RC_STRIP_DOTDOT_URLS "strip_dotdot_urls" diff --git a/src/tidy_tls.c b/src/tidy_tls.c index 5dca26c3..559dca06 100644 --- a/src/tidy_tls.c +++ b/src/tidy_tls.c @@ -1,5 +1,5 @@ /* - * $LynxId: tidy_tls.c,v 1.28 2015/09/02 00:16:04 Simon.Kainz Exp $ + * $LynxId: tidy_tls.c,v 1.29 2015/10/08 08:51:26 Simon.Kainz Exp $ * Copyright 2008-2014,2015 Thomas E. Dickey * with fix Copyright 2008 by Thomas Viehmann * @@ -429,11 +429,11 @@ SSL *SSL_new(SSL_CTX * ctx) gnutls_certificate_set_x509_trust_file(ssl->gnutls_cred, ctx->certfile, ctx->certfile_type); - if (ctx->keyfile) + if (ctx->client_keyfile) gnutls_certificate_set_x509_key_file(ssl->gnutls_cred, - ctx->certfile, - ctx->keyfile, - ctx->keyfile_type); + ctx->client_certfile, + ctx->client_keyfile, + ctx->client_keyfile_type); ssl->verify_mode = ctx->verify_mode; ssl->verify_callback = ctx->verify_callback; |