[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] Problem with SSL certificates in Lynx
|
From: |
Thorsten Glaser |
|
Subject: |
Re: [Lynx-dev] Problem with SSL certificates in Lynx |
|
Date: |
Wed, 5 Jul 2006 15:30:58 +0000 (UTC) |
Thomas Dickey dixit:
[ ... ]
>> > Debian stable uses gnutls by default...
>> >
>> > Aki Tuomi
While I don't care about either Debian stale, nor GnuTLS,
this is dangerously near touching my code ;) so I thought
I could hack up something. It took me about three minutes.
>I saw the initial report, but did not notice the (much later) patch.
How about this patch? I didn't care about indentation or
line lengths here because I see your style is different
from our KNF, and thought you'd rather like to do that yourself.
Didn't test it - I have OpenSSL.
Index: HTTP.c
===================================================================
RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c,v
retrieving revision 1.6
diff -u -p -r1.6 HTTP.c
--- HTTP.c 2 Jun 2006 19:32:53 -0000 1.6
+++ HTTP.c 5 Jul 2006 15:28:47 -0000
@@ -623,7 +623,21 @@ static int HTLoadHTTP(const char *arg,
}
X509_NAME_oneline(X509_get_subject_name(SSL_get_peer_certificate(handle)),
+#ifndef USE_GNUTLS_INCL
ssl_dn, sizeof(ssl_dn));
+#else
+ ssl_dn + 1, sizeof(ssl_dn) - 1);
+
+ /* Iterate over DN in incompatible GnuTLS format to bring it into
OpenSSL format */
+ ssl_dn[0] = '/';
+ ssl_dn_start = ssl_dn;
+ while (*ssl_dn_start)
+ if ((*ssl_dn_start == ',') && (*(ssl_dn_start+1) == ' ')) {
+ *ssl_dn_start++ = '/';
+ memmove(ssl_dn_start, ssl_dn_start + 1,
strlen(ssl_dn_start + 1) + /* NUL */ 1);
+ } else
+ ssl_dn_start++;
+#endif
/*
* X.509 DN validation taking ALL CN fields into account
bye,
//mirabile
--
I believe no one can invent an algorithm. One just happens to hit upon it
when God enlightens him. Or only God invents algorithms, we merely copy them.
If you don't believe in God, just consider God as Nature if you won't deny
existence. -- Coywolf Qi Hunt