[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Lynx-dev] Patch for NSS compatible SSL library
From: |
Zdenek Prikryl |
Subject: |
[Lynx-dev] Patch for NSS compatible SSL library |
Date: |
Thu, 07 Feb 2008 09:45:36 +0100 |
User-agent: |
Thunderbird 2.0.0.9 (X11/20071115) |
Hello,
I'm sending a patch which allows lynx to use NSS compatible Open SSL library for
SSL connections. Please, go through it and if it is possible apply it in next
release of lynx. (This patch is a part of porting all cryptographic things to
NSS compatible Open SSL library in Fedora packages.)
Thanks.
--
Zdenek Prikryl <address@hidden>
Software Engineer - Base Operating Systems Brno
--- lynx2-8-6/configure.in.nss 2006-10-11 01:39:50.000000000 +0200
+++ lynx2-8-6/configure.in 2008-02-05 15:07:02.000000000 +0100
@@ -390,6 +390,13 @@ dnl ------------------------------------
### Look for network libraries first, since some functions (such as
gethostname)
### are used in a lot of places.
+AC_CACHE_CHECK(if you want NSS compatible SSL
libraries,cf_cv_use_libnss_compat,[
+AC_ARG_WITH(nss_compat,
+ [ --with-nss_compat{=path} link with nss_compat library if
available],
+ [cf_cv_use_libnss_compat=$withval],
+ [cf_cv_use_libnss_compat=no])
+])
+
AC_CACHE_CHECK(if you want ssl library,cf_cv_use_libssl,[
AC_ARG_WITH(ssl,
[ --with-ssl{=path} link with ssl library if available],
@@ -397,14 +404,12 @@ AC_ARG_WITH(ssl,
[cf_cv_use_libssl=no])
])
-if test "x$cf_cv_use_libssl" = "xno" ; then
AC_CACHE_CHECK(if you want experimental gnutls support,cf_cv_use_libgnutls,[
AC_ARG_WITH(gnutls,
[ --with-gnutls{=path} link with experimental gnutls support],
[cf_cv_use_libgnutls=$withval],
[cf_cv_use_libgnutls=no])
])
-fi
AC_CACHE_CHECK(if you want socks library,cf_cv_use_libsocks,[
AC_ARG_WITH(socks,
@@ -432,6 +437,8 @@ if test "x$cf_cv_use_libssl" != xno ; t
CF_SSL($cf_cv_use_libssl)
elif test "x$cf_cv_use_libgnutls" != xno ; then
CF_GNUTLS($cf_cv_use_libgnutls)
+elif test "x$cf_cv_use_libnss_compat" != xno ; then
+ CF_NSS_COMPAT($cf_cv_use_libnss_compat)
fi
dnl This has to be cached, since there's a lot of interdependent tests.
--- lynx2-8-6/aclocal.m4.nss 2006-09-04 01:25:39.000000000 +0200
+++ lynx2-8-6/aclocal.m4 2008-02-05 15:07:24.000000000 +0100
@@ -4067,6 +4067,97 @@ else
fi
])dnl
dnl ---------------------------------------------------------------------------
+dnl CF_NSS_COMPAT version: 1 updated: 2008/01/30 18:00:00
+dnl ------
+dnl Check for NSS compatible SSL libraries
+dnl $1 = the [optional] directory in which the library may be found
+AC_DEFUN([CF_NSS_COMPAT],[
+check=`pkg-config --version 2>/dev/null`
+if test -n "$check" ; then
+ cf_ssl_library=`pkg-config --libs nss`
+ cf_ssl_cflags=`pkg-config --cflags nss`
+else
+ # Without pkg-config, we'll kludge in some defaults
+ cf_ssl_library="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread
-ldl"
+ cf_ssl_cflags="-I/usr/include/nss3 -I/usr/include/nspr4"
+fi
+cf_ssl_library="-lnss_compat_ossl $cf_ssl_library"
+
+case "$1" in #(vi
+no) #(vi
+ cf_ssl_root=
+ ;;
+yes) #(vi
+ AC_CHECK_LIB(nss_compat_ossl, SSL_get_version,[],[
+ cf_ssl_root=/usr/local/nss_compat_ossl
+ if test -d $cf_ssl_root ; then
+ CF_VERBOSE(assume it is in $cf_ssl_root)
+ cf_ssl_library="-L$cf_ssl_root/lib $cf_ssl_library"
+ else
+ AC_MSG_ERROR(cannot find NSS compilant libraries)
+ fi
+ ],
+ [-lnss_compat_ossl])
+ ;;
+*)
+ if test -d $1 ; then
+ if test -d $1/include ; then
+ cf_ssl_root=$1
+ elif test -d $1/../include ; then
+ cf_ssl_root=$1/..
+ else
+ AC_MSG_ERROR(cannot find NSS compilant library under $1)
+ fi
+ cf_ssl_library="-L$cf_ssl_root/lib $cf_ssl_library"
+ else
+ AC_MSG_WARN(expected a directory: $1)
+ fi
+ ;;
+esac
+LIBS="$cf_ssl_library $LIBS"
+
+cf_ssl_subincs=yes
+if test -n "$cf_ssl_root" ; then
+ if test -d $cf_ssl_root/include ; then
+ cf_ssl_cflags="-I$cf_ssl_root/include $cf_ssl_cflags"
+ test -d $cf_ssl_root/include/nss_compat_ossl ||
cf_ssl_subincs=no
+ fi
+fi
+CF_ADD_CFLAGS($cf_ssl_cflags)
+
+if test "$cf_ssl_subincs" = yes ; then
+AC_MSG_CHECKING(for NSS compilant include directory)
+AC_TRY_COMPILE([
+#include <stdio.h>
+#include <nss_compat_ossl/nss_compat_ossl.h>],
+ [SSL_shutdown((SSL *)0)],
+ [cf_ssl_incl=yes],
+ [cf_ssl_incl=no])
+AC_MSG_RESULT($cf_ssl_incl)
+test "$cf_ssl_incl" = yes && AC_DEFINE(USE_NSS_COMPAT_INCL)
+fi
+
+AC_MSG_CHECKING(if we can link to NSS compilant library)
+AC_TRY_LINK([
+#include <stdio.h>
+#ifdef USE_NSS_COMPAT_INCL
+#include <nss_compat_ossl/nss_compat_ossl.h>
+#else
+#include <ssl.h>
+#endif
+],
+ [SSL_shutdown((SSL *)0)],
+ [cf_ssl_library=yes],
+ [cf_ssl_library=no])
+AC_MSG_RESULT($cf_ssl_library)
+if test "$cf_ssl_library" = yes ; then
+ AC_DEFINE(USE_SSL)
+ AC_DEFINE(USE_X509_SUPPORT)
+else
+ AC_ERROR(Cannot link with NSS compilant libraries)
+fi
+])dnl
+dnl ---------------------------------------------------------------------------
dnl CF_STRIP_G_OPT version: 3 updated: 2002/12/21 19:25:52
dnl --------------
dnl Remove "-g" option from the compiler options
--- lynx2-8-6/WWW/Library/Implementation/HTUtils.h.nss 2006-09-01
01:37:53.000000000 +0200
+++ lynx2-8-6/WWW/Library/Implementation/HTUtils.h 2008-02-05
15:49:56.000000000 +0100
@@ -591,6 +591,7 @@ extern int WWW_TraceMask;
#define SHORTENED_RBIND /* FIXME: do this in configure-script */
#ifdef USE_SSL
+
#define free_func free__func
#ifdef USE_OPENSSL_INCL
@@ -610,6 +611,10 @@ extern int WWW_TraceMask;
#ifndef SSL_VERIFY_PEER
#define SSL_VERIFY_PEER 0x01
#endif
+#else
+
+#ifdef USE_NSS_COMPAT_INCL
+#include <nss_compat_ossl/nss_compat_ossl.h>
#else /* assume SSLeay */
#include <ssl.h>
@@ -617,10 +622,10 @@ extern int WWW_TraceMask;
#include <rand.h>
#include <err.h>
#endif
+#endif
#endif /* USE_OPENSSL_INCL */
#undef free_func
-
#endif /* USE_SSL */
#ifdef HAVE_LIBDMALLOC
--- lynx2-8-6/WWW/Library/Implementation/HTTP.c.nss 2006-09-01
01:37:53.000000000 +0200
+++ lynx2-8-6/WWW/Library/Implementation/HTTP.c 2008-02-05 15:41:17.000000000
+0100
@@ -67,6 +67,7 @@ static int HTSSLCallback(int preverify_o
char *msg = NULL;
int result = 1;
+#ifndef USE_NSS_COMPAT_INCL
if (!(preverify_ok || ssl_okay || ssl_noprompt)) {
#ifdef USE_X509_SUPPORT
HTSprintf0(&msg, SSL_FORCED_PROMPT,
@@ -79,6 +80,7 @@ static int HTSSLCallback(int preverify_o
FREE(msg);
}
+#endif
return result;
}
@@ -607,8 +609,10 @@ static int HTLoadHTTP(const char *arg,
SSL_handle = handle = HTGetSSLHandle();
SSL_set_fd(handle, s);
#if SSLEAY_VERSION_NUMBER >= 0x0900
+#ifndef USE_NSS_COMPAT_INCL
if (!try_tls)
handle->options |= SSL_OP_NO_TLSv1;
+#endif
#endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */
HTSSLInitPRNG();
status = SSL_connect(handle);
- [Lynx-dev] Patch for NSS compatible SSL library,
Zdenek Prikryl <=