aniani/elinks
1
0
Fork 0
mirror of https://github.com/rkd77/elinks.git synced 2024-11-02 08:57:19 -04:00
Code

[ssl] Introduced option "connection.ssl.gemini_cert_verify"

Browse Source 
gemini sites often have self-signed certificates.
This option allow to enable or disable verification
of certificates independently from https protocol.
This commit is contained in:
Witold Filipczyk 2022-10-13 11:57:24 +02:00
parent c05e1567e1
commit 40884da51f
2 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/network/ssl/socket.c
View File

@ -479,11 +479,24 @@ ssl_connect(struct socket *socket)
SSL_set_fd((SSL *)socket->ssl, ssl_sock_fd); SSL_set_fd((SSL *)socket->ssl, ssl_sock_fd);
#endif #endif
if (socket->verify && get_opt_bool("connection.ssl.cert_verify", NULL)) if (socket->verify) {
SSL_set_verify((SSL *)socket->ssl, SSL_VERIFY_PEER if (conn->proxied_uri->protocol == PROTOCOL_HTTPS) {
if (get_opt_bool("connection.ssl.cert_verify", NULL)) {
SSL_set_verify((SSL *)socket->ssl, SSL_VERIFY_PEER
| SSL_VERIFY_FAIL_IF_NO_PEER_CERT, | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback); verify_callback);
}
}
#ifdef CONFIG_GEMINI
else if (conn->proxied_uri->protocol == PROTOCOL_GEMINI) {
if (get_opt_bool("connection.ssl.gemini_cert_verify", NULL)) {
SSL_set_verify((SSL *)socket->ssl, SSL_VERIFY_PEER
| SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
verify_callback);
}
}
}
#endif
if (get_opt_bool("connection.ssl.client_cert.enable", NULL)) { if (get_opt_bool("connection.ssl.client_cert.enable", NULL)) {
char *client_cert; char *client_cert;

14
src/network/ssl/ssl.c
View File

@ -177,7 +177,12 @@ static union option_info openssl_options[] = {
"cert_verify", OPT_ZERO, 1, "cert_verify", OPT_ZERO, 1,
N_("Verify the peer's SSL certificate. Note that this " N_("Verify the peer's SSL certificate. Note that this "
"needs extensive configuration of OpenSSL by the user.")), "needs extensive configuration of OpenSSL by the user.")),
#ifdef CONFIG_GEMINI
INIT_OPT_BOOL("connection.ssl", N_("Verify certificates for gemini protocol"),
"gemini_cert_verify", OPT_ZERO, 1,
N_("Verify the peer's SSL certificate for gemini protocol. Note that this "
"needs extensive configuration of OpenSSL by the user.")),
#endif
INIT_OPT_BOOL("connection.ssl", N_("Use HTTPS by default"), INIT_OPT_BOOL("connection.ssl", N_("Use HTTPS by default"),
"https_by_default", OPT_ZERO, 0, "https_by_default", OPT_ZERO, 0,
N_("Use HTTPS when a URL scheme is not provided.")), N_("Use HTTPS when a URL scheme is not provided.")),
@ -312,7 +317,12 @@ static union option_info gnutls_options[] = {
"cert_verify", OPT_ZERO, 0, "cert_verify", OPT_ZERO, 0,
N_("Verify the peer's SSL certificate. If you enable " N_("Verify the peer's SSL certificate. If you enable "
"this, set also \"Trusted CA file\".")), "this, set also \"Trusted CA file\".")),
#ifdef CONFIG_GEMINI
INIT_OPT_BOOL("connection.ssl", N_("Verify certificates for gemini protocol"),
"gemini_cert_verify", OPT_ZERO, 1,
N_("Verify the peer's SSL certificate for gemini protocol. If you enable "
"this, set also \"Trusted CA file\".")),
#endif
INIT_OPT_BOOL("connection.ssl", N_("Use HTTPS by default"), INIT_OPT_BOOL("connection.ssl", N_("Use HTTPS by default"),
"https_by_default", OPT_ZERO, 0, "https_by_default", OPT_ZERO, 0,
N_("Use HTTPS when a URL scheme is not provided.")), N_("Use HTTPS when a URL scheme is not provided.")),