1
0
mirror of https://github.com/rkd77/elinks.git synced 2024-06-15 23:35:34 +00:00

1022: NEWS and option documentation

This commit is contained in:
Kalle Olavi Niemitalo 2008-07-27 18:23:42 +03:00 committed by Kalle Olavi Niemitalo
parent 2e1983ce93
commit abe4927d69
2 changed files with 24 additions and 6 deletions

6
NEWS
View File

@ -21,10 +21,14 @@ includes the changes listed under "ELinks 0.11.4.GIT now" below.
JS_CallFunction, which can crash if given a closure.
* critical bug 1031: Use the same JSRuntime for both user SMJS and
scripts on web pages, to work around SpiderMonkey bug 378918.
* bug 1022: Add connection.ssl.trusted_ca_file setting for GnuTLS.
Before this, ELinks did not trust any certificate authorities when
it used GnuTLS, so certificate verification always failed if you
enabled it at connection.ssl.cert_verify.
* bug 1040: Blacklist servers that don't support TLS. This reduces
SSL errors especially in HTTP POST requests using GnuTLS.
* minor bug 951: SpiderMonkey scripting objects used to prevent ELinks
from removing files from the memory cache
from removing files from the memory cache.
Bugs that should be removed from NEWS before the 0.12.0 release:

View File

@ -142,7 +142,7 @@ init_gnutls(struct module *module)
/* FIXME: check returned values. --witekfl */
gnutls_certificate_set_x509_trust_file(xcred, ca_file,
GNUTLS_X509_FMT_PEM);
gnutls_certificate_set_verify_flags(xcred,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
}
@ -160,12 +160,26 @@ done_gnutls(struct module *module)
static struct option_info gnutls_options[] = {
INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
"cert_verify", 0, 0,
N_("Verify the peer's SSL certificate. Note that this\n"
"probably doesn't work properly at all with GnuTLS.")),
/* FIXME: Better description. */
N_("Verify the peer's SSL certificate. If you enable\n"
"this, set also \"Trusted CA file\".")),
/* The default value of the following option points to a file
* generated by the ca-certificates Debian package. Don't use
* CONFDIR here: if someone installs ELinks in $HOME and wants
* to have a user-specific trust list, he or she can just
* change the file name via the option manager. Distributors
* of binary packages should of course change the default to
* suit their systems.
* TODO: If the file name is relative, look in elinks_home? */
INIT_OPT_STRING("connection.ssl", N_("Trusted CA file"),
"trusted_ca_file", 0, "/etc/ssl/certs/ca-certificates.crt",
N_("The location of the trusted CA file.")),
N_("The location of a file containing certificates of\n"
"trusted certification authorities in PEM format.\n"
"ELinks then trusts certificates issued by these CAs.\n"
"If you change this option or the file, you must\n"
"restart ELinks for the changes to take effect.\n"
"This option affects GnuTLS but not OpenSSL.")),
NULL_OPTION_INFO,
};