Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

[Efraim Flashner]

On Sat, Mar 19, 2016 at 06:29:12PM +0100, Tobias Geerinckx-Rice wrote:
> Leo,
>
> On 04/03/2016, Leo Famulari <address@hidden> wrote:
> > On Fri, Mar 04, 2016 at 03:37:46AM +0100, address@hidden
> > wrote:
> >> From: Tobias Geerinckx-Rice <address@hidden>
> >>
> >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'.
> >> [arguments]: Convert to list; add configure flag for SSL support.
>
> Scratch that.
>
> I assumed that since ‘--with-gnutls’ was already present (and detected
> by ./configure, and listed by ldd...), GnuTLS just wasn't enough to
> provide the full HTTPS experience and OpenSSL was required. I was
> wrong.
>
> > Also, what is role of gnutls once this patch is applied? Does lynx need
> > to refer to both gnutls and openssl?
>
> The actual solution is a bit silly. All that is actually needed to get
> `lynx https://google.com’ working again is:
>
> ---
> diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm
> index 3182b3e..080fbb3 100644
> --- a/gnu/packages/lynx.scm
> +++ b/gnu/packages/lynx.scm
> @@ -57,7 +57,7 @@
>                             "--with-screen=ncurses"
>                             "--with-zlib"
>                             "--with-bzlib"
> -                           "--with-gnutls"
> +                           "--with-gnutls="

Is this supposed to be empty at the end? I would assume it would want
something like (string-append "--with-gnutls=" (assoc-ref %build-inputs
"gnutls")).

>                             ;; "--with-socks5"    ; XXX TODO
>                             "--enable-widec"
>                             "--enable-ascii-ctypes"
> ---
> 
> Yep.
> 
> Is this unusual? Can't say I feel much enthusiasm to read/debug
> autoconf macros...
> 
> > Can you say if you learned anything else... "interesting" about lynx and
> > https support?
> >
> > For example, a couple months ago I was reading our bug reports and saw
> > an old one about https support in w3m (another console browser). I dug a
> > little deeper and realized that https support was completely broken by
> > default. You can see the result in commit 62339e2d493bf87.
> >
> > So, do you know if lynx is still supporting broken ciphers and
> > protocols, or if there are other problems of that nature?
> 
> My main motivation was to have access to HTTPS sites while working on
> my X-less GuixSD box, which works with the patch above. However:
> 
>     ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html
>     Looking up www.ssllabs.com
>     Making HTTPS connection to www.ssllabs.com
>     Retrying connection without TLS.
>     Looking up www.ssllabs.com
>     Making HTTPS connection to www.ssllabs.com
>     Alert!: Unable to make secure connection to remote host.
> 
> Not sure I want to dive into this mess.
> 
> Kind regards,
> 
> T G-R
> 

Wouldn't fix lynx, but I can say that links is working fairly well for
me and I haven't been "locked out" of a non-https website.

--
Efraim Flashner   <address@hidden>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

signature.asc
Description: PGP signature