1
0
mirror of https://github.com/rkd77/elinks.git synced 2024-12-04 14:46:47 -05:00
Commit Graph

72 Commits

Author SHA1 Message Date
Witold Filipczyk
b434b11309 [options] 0 (option_flags) -> OPT_ZERO 2022-01-15 20:10:37 +01:00
Witold Filipczyk
9d2a55d6c3 [uri] URI_DNS_HOST instead of URI_HOST | URI_IDN.
Also could be considered URI_HOST_IDN.
2022-01-15 18:15:55 +01:00
Witold Filipczyk
fb9cc73c20 [openssl] Another try to get rid of warning 2022-01-09 15:58:24 +01:00
Witold Filipczyk
00bc37d8a4 Revert "[ssl] Test commit. Now there is no warning"
This reverts commit 2cf17a731f.
2022-01-09 15:50:23 +01:00
Witold Filipczyk
2cf17a731f [ssl] Test commit. Now there is no warning 2022-01-05 19:39:24 +01:00
Witold Filipczyk
c388d2e397 [ssl] Show GnuTLS version 2021-12-31 15:31:14 +01:00
Witold Filipczyk
7935a4f2aa [ssl] Show OpenSSL version 2021-12-31 15:22:07 +01:00
Witold Filipczyk
0ed9511286 [c] compilation fixes on Pi 2021-12-22 16:12:09 +01:00
Witold Filipczyk
66305fcb50 [gettext] try system gettext. Refs #62
Now, only meson was changed.
-Dnls=true -Dgettext=true
2021-08-08 21:25:08 +02:00
Witold Filipczyk
cba5771c0c [limits.h] limits.h can be included uncoditionally 2021-03-19 14:30:54 +01:00
Witold Filipczyk
0fea79cc8f [cflags] Removed -Wno-pointer-sign
Likely some new bugs were introduced by this change.
The long term goal is clean compilation by g++.
2021-01-02 16:20:27 +01:00
Witold Filipczyk
1f57e72212 [mozjs24] Allow build elinks with g++
SpiderMonkey was updated to mozjs24. If you want to build elinks
with ecmascript support, you must compile using g++ with -fpermissive .
There is a lot of warnings.
There are some memleaks in ecmascript code, especially related to JSAutoCompartment.
I don't know yet, where and how to free it.

Debian does not support mozjs24, so I'm going to gradually update SpiderMonkey version.
2020-10-05 20:14:55 +02:00
Witold Filipczyk
5f87bdbcb2 [meson] meson build scripts.
Not finished yet, but I added to motivate myself and others.
The goal is to get a few seconds faster builds.

autotools still will be available.
2020-09-05 22:06:01 +02:00
Witold Filipczyk
397353a4dc [gnutls] connection.ssl.https_by_default also for gnutls 2020-07-04 13:35:29 +02:00
Guido Cella
a26c5956f4 [ssl] Let requests default to https 2020-06-25 10:40:59 +02:00
Witold Filipczyk
e8cb012ada [ssl] Allow older versions of openssl. Refs #37 2019-12-06 18:50:31 +01:00
Witold Filipczyk
85066d7016 [gnutls] gnutls_compression_get_name is deprecated. 2019-11-15 16:13:17 +01:00
Witold Filipczyk
7456f785ca [ssl] wrong signature of function 2019-11-15 14:33:30 +01:00
Witold Filipczyk
6b9d6c93df [ssl] ASN1_STRING_data is deprecated 2019-11-15 14:24:59 +01:00
Witold Filipczyk
903fc4984d [ssl] RAND_pseudo_bytes is deprecated. 2019-11-15 14:19:47 +01:00
Witold Filipczyk
3d96b0d7d7 Revert "Compile with C++."
This reverts commit 4f4df33638.
2019-04-21 12:27:40 +02:00
Witold Filipczyk
4f4df33638 Compile with C++.
Weak points:
- alignof
- js problems

Todo:
- make js work with C++ and mozjs-17
- then mozjs-24
- then mozjs-52
- then mozjs-60
- decrease number of warnings
2019-02-17 20:46:16 +01:00
أحمد المحمودي (Ahmed El-Mahmoudy)
a1bea9349f Compat with gnutls 3.6.4 2019-01-24 07:53:19 +01:00
Witold Filipczyk
8a8af596e0 gnutls: GNUTLS_E_PREMATURE_TERMINATION on www.raspberrypi.org 2017-12-23 14:51:43 +01:00
Guillem Jover
85b8dd8f42 SSL authentication using client certs 2017-11-22 01:46:30 +01:00
Witold Filipczyk
4c4717b82a Repeat gnutls_handshake until success
It's blocking, but better than SSL errors.
2017-11-15 01:01:36 +01:00
Witold Filipczyk
91beac7ee3 gnutls_certificate_set_x509_system_trust
If this function is available and gnutls is used,
and connection.ssl.trusted_ca_file is "",
gnutls_certificate_set_x509_system_trust is called
to load certificates.
2017-11-14 16:02:22 +01:00
Witold Filipczyk
442f4936dc Use blacklist to skip verification of certificates 2017-07-23 18:59:05 +02:00
Witold Filipczyk
f43f5714e8 Let users retry connection in case of error. Especially SSL error.
Also verify ssl certificates by default.
It has some weak points, for example in load_uri not always data
is a session.
2017-07-23 14:33:40 +02:00
Witold Filipczyk
54ebe365b7 Compilation fix for OpenSSL-1.1 2017-03-06 17:39:36 +01:00
Fabienne Ducroquet
73b09749ac Use the proxied URI to verify server certificates
Otherwise, the verification fails when using a HTTPS proxy because ELinks checks
whether the proxy matches the certificate.

Signed-off-by: Fabienne Ducroquet <fabiduc@gmail.com>
2016-04-12 21:41:46 +02:00
Kylie McClain
f4a58ba3b5 ssl: Make RAND_egd optional
Fixes compilation with LibreSSL.
2015-12-30 11:12:35 +01:00
Witold Filipczyk
e015e2be21 -VERS-SSL3.0 in gnutls to avoid SSL error. 2015-07-01 16:23:19 +02:00
Kalle Olavi Niemitalo
8b00e1ef70 bug 764: Initialize the right member of union option_value
INIT_OPTION used to initialize union option_value at compile time by
casting the default value to LIST_OF(struct option) *, which is the
type of the first member.  On sparc64 and other big-endian systems
where sizeof(int) < sizeof(struct list_head *), this tended to leave
option->value.number as zero, thus messing up OPT_INT and OPT_BOOL
at least.  OPT_LONG however tended to work right.

This would be easy to fix with C99 designated initializers,
but doc/hacking.txt says ELinks must be kept C89 compatible.
Another solution would be to make register_options() read the
value from option->value.tree (the first member), cast it back
to the right type, and write it to the appropriate member;
but that would still require somewhat dubious conversions
between integers, data pointers, and function pointers.

So here's a rather more invasive solution.  Add struct option_init,
which is somewhat similar to struct option but has non-overlapping
members for different types of values, to ensure nothing is lost
in compile-time conversions.  Move unsigned char *path from struct
option_info to struct option_init, and replace struct option_info
with a union that contains struct option_init and struct option.
Now, this union can be initialized with no portability problems,
and register_options() then moves the values from struct option_init
to their final places in struct option.

In my x86 ELinks build with plenty of options configured in, this
change bloated the text section by 340 bytes but compressed the data
section by 2784 bytes, presumably because union option_info is a
pointer smaller than struct option_info was.
(cherry picked from elinks-0.12 commit e5f6592ee2)

Conflicts:
	src/protocol/fsp/fsp.c: All options had been removed in 0.13.GIT.
	src/protocol/smb/smb2.c: Ditto.
2012-11-03 22:16:32 +02:00
mancha
bc3fcb4696 Fix hostname verification code.
[ From bug 1123 attachment 569.  --KON ]
2012-07-18 12:37:55 +03:00
witekfl
7328bb9c9e gnutls_transport_ptr is deprecated. 2012-05-08 13:41:26 +02:00
Kalle Olavi Niemitalo
0c3f3e09a7 1024: Verify server certificate hostname with OpenSSL
Not tested with nss-compat-ossl.
2011-07-28 17:23:51 +03:00
Kalle Olavi Niemitalo
7c40e03421 1024: Always disable TLS1.1 with GnuTLS
Using the RFC 3546 server_name TLS extension with TLS 1.1 made
https://bugzilla.novell.com/ never respond to negotiation.
Disable TLS 1.1 with GnuTLS, like it has already been disabled with
OpenSSL.  And if an SSL error is detected, disable TLS 1.2 as well.
2011-07-28 17:23:51 +03:00
Kalle Olavi Niemitalo
6c84978cf5 1024: Use RFC 3546 server_name TLS extension
For both GnuTLS and OpenSSL.  Not tested with nss-compat-openssl.
2011-07-28 17:23:51 +03:00
Kalle Olavi Niemitalo
5d0e4e2452 1024: Reject OpenPGP certificates 2011-07-28 17:23:51 +03:00
Witold Filipczyk
a15216863f 1024: Verify hostname and expiration time of the certificate.
GnuTLS only.

[ From bug 1024 attachment 483.  Resolved conflicts with 0.13.GIT.  --KON ]
2011-07-28 17:23:51 +03:00
Kalle Olavi Niemitalo
5ddf20b85e GNUTLS: Make anon_cred and xcred static
anon_cred and xcred are defined in src/network/ssl/ssl.c and not
mentioned in any other file.  Make them static.
2011-05-02 14:55:17 +03:00
Kalle Olavi Niemitalo
6457a13005 GNUTLS: #if 0 arrays needed by deprecated functions
src/network/ssl/ssl.c defined some constant arrays for passing to
GnuTLS functions.  Those functions have been deprecated and their
calls are in #if 0 nowadays.  Put #if 0 around the arrays as well.
2011-05-02 14:55:17 +03:00
Kalle Olavi Niemitalo
2d8fd9cecf bug 1115: Check status after gnutls_certificate_verify_peers2
The deprecated gnutls_certificate_verify_peers function returns -1
if it fails, or a set of gnutls_certificate_status_t bits; each bit
indicates some kind of problem, so the result is zero if the
certificate is OK.

The newer gnutls_certificate_verify_peers2 function returns -1 if it
fails, or 0 if it succeeds; and writes the status bits via a pointer.
When using that function, ELinks must check the status separately.
Do that.

Also, if GnuTLS is not being used, do not declare a status variable,
because leaving it unused would break the debug build:

/home/Kalle/src/elinks-0.13/src/network/ssl/socket.c: In function ‘ssl_want_read’:
/home/Kalle/src/elinks-0.13/src/network/ssl/socket.c:87: error: unused variable ‘status’
/home/Kalle/src/elinks-0.13/src/network/ssl/socket.c: In function ‘ssl_connect’:
/home/Kalle/src/elinks-0.13/src/network/ssl/socket.c:121: error: unused variable ‘status’
2011-05-01 02:27:19 +03:00
witekfl
b228fe82ab bug 1115: Avoid deprecated functions when compile --with-gnutls 2011-04-28 18:21:40 +02:00
witekfl
5a99cca30b gcry_create_nounce is part of libgcrypt.
Lack of -lgcrypt caused linking error when compiled --with-gnutls.
2011-04-28 18:02:00 +02:00
Kalle Olavi Niemitalo
683cfe4c86 Merge branch 'elinks-0.12' into elinks-0.13
Conflicts:
	NEWS: merged
	configure.in: VERSION changed in elinks-0.12; kept 0.13.GIT
	doc/man/man1/elinks.1.in: regenerated
	doc/man/man5/elinks.conf.5: regenerated
	doc/man/man5/elinkskeys.5: regenerated
	po/fr.po: kept 0.13.GIT
	po/pl.po: kept 0.13.GIT
2009-05-31 16:18:23 +03:00
Kalle Olavi Niemitalo
681e377027 Debian bug 528661: Check for gnutls_priority_set_direct
Avoid compilation error with GNUTLS 1.2.9:

/home/Kalle/src/elinks-0.12/src/network/ssl/ssl.c:258: error: implicit declaration of function ‘gnutls_priority_set_direct’

If the function is not available, use gnutls_set_default_priority instead.
Perhaps it'll work with bugzilla.novell.com, perhaps not.
2009-05-30 14:34:01 +03:00
Witold Filipczyk
864fa0b56a Debian bug 528661: Disable some TLS extensions on GNUTLS.
- gnutls_handshake_set_private_extensions: Do not enable private cipher
  suites that might not be supported by anything other than GNUTLS.
  The GNUTLS 2.8.0 documentation notes that enabling these extensions
  can cause interoperability problems.
- gnutls_set_default_priority: Explicitly disable OpenPGP certificates.
- gnutls_certificate_type_set_priority: Do not enable OpenPGP certificates.
  The GNUTLS 2.8.0 documentation notes that OpenPGP certificate support
  requires libgnutls-extra.  Because libgnutls-extra 2.2.0 and later are
  under GPLv3-or-later and thus not GPLv2 compatible, ELinks doesn't use
  libgnutls-extra, so OpenPGP certificates didn't work anyway.
- gnutls_server_name_set: Do not tell the server the hostname from the URL.
  This was supposed to let the server choose the appropriate certificate
  for each name-based virtual host, but ELinks actually always sent just
  "localhost", so it didn't work anyway.  This will have to be revisited
  when ELinks is changed to actually verify the subject name from the
  server's certificate (ELinks bug 1024).

These changes should help ELinks negotiate SSL with bugzilla.novell.com.

[NEWS and commit message by me.  --KON]
2009-05-30 11:21:17 +03:00
Kalle Olavi Niemitalo
1bb71f3732 Merge branch 'elinks-0.12' into elinks-0.13
Conflicts:
	src/config/conf.c
	src/network/ssl/ssl.c
2009-03-12 08:46:02 +02:00