mirror of
https://github.com/rkd77/elinks.git
synced 2024-12-04 14:46:47 -05:00
1022: NEWS and option documentation
This commit is contained in:
parent
2e1983ce93
commit
abe4927d69
6
NEWS
6
NEWS
@ -21,10 +21,14 @@ includes the changes listed under "ELinks 0.11.4.GIT now" below.
|
||||
JS_CallFunction, which can crash if given a closure.
|
||||
* critical bug 1031: Use the same JSRuntime for both user SMJS and
|
||||
scripts on web pages, to work around SpiderMonkey bug 378918.
|
||||
* bug 1022: Add connection.ssl.trusted_ca_file setting for GnuTLS.
|
||||
Before this, ELinks did not trust any certificate authorities when
|
||||
it used GnuTLS, so certificate verification always failed if you
|
||||
enabled it at connection.ssl.cert_verify.
|
||||
* bug 1040: Blacklist servers that don't support TLS. This reduces
|
||||
SSL errors especially in HTTP POST requests using GnuTLS.
|
||||
* minor bug 951: SpiderMonkey scripting objects used to prevent ELinks
|
||||
from removing files from the memory cache
|
||||
from removing files from the memory cache.
|
||||
|
||||
Bugs that should be removed from NEWS before the 0.12.0 release:
|
||||
|
||||
|
@ -142,7 +142,7 @@ init_gnutls(struct module *module)
|
||||
/* FIXME: check returned values. --witekfl */
|
||||
gnutls_certificate_set_x509_trust_file(xcred, ca_file,
|
||||
GNUTLS_X509_FMT_PEM);
|
||||
|
||||
|
||||
gnutls_certificate_set_verify_flags(xcred,
|
||||
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
|
||||
}
|
||||
@ -160,12 +160,26 @@ done_gnutls(struct module *module)
|
||||
static struct option_info gnutls_options[] = {
|
||||
INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
|
||||
"cert_verify", 0, 0,
|
||||
N_("Verify the peer's SSL certificate. Note that this\n"
|
||||
"probably doesn't work properly at all with GnuTLS.")),
|
||||
/* FIXME: Better description. */
|
||||
N_("Verify the peer's SSL certificate. If you enable\n"
|
||||
"this, set also \"Trusted CA file\".")),
|
||||
|
||||
/* The default value of the following option points to a file
|
||||
* generated by the ca-certificates Debian package. Don't use
|
||||
* CONFDIR here: if someone installs ELinks in $HOME and wants
|
||||
* to have a user-specific trust list, he or she can just
|
||||
* change the file name via the option manager. Distributors
|
||||
* of binary packages should of course change the default to
|
||||
* suit their systems.
|
||||
* TODO: If the file name is relative, look in elinks_home? */
|
||||
INIT_OPT_STRING("connection.ssl", N_("Trusted CA file"),
|
||||
"trusted_ca_file", 0, "/etc/ssl/certs/ca-certificates.crt",
|
||||
N_("The location of the trusted CA file.")),
|
||||
N_("The location of a file containing certificates of\n"
|
||||
"trusted certification authorities in PEM format.\n"
|
||||
"ELinks then trusts certificates issued by these CAs.\n"
|
||||
"If you change this option or the file, you must\n"
|
||||
"restart ELinks for the changes to take effect.\n"
|
||||
"This option affects GnuTLS but not OpenSSL.")),
|
||||
|
||||
NULL_OPTION_INFO,
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user