[Lynx-dev] Patch for NSS compatible SSL library

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lynx-dev] Patch for NSS compatible SSL library

From:	Zdenek Prikryl
Subject:	[Lynx-dev] Patch for NSS compatible SSL library
Date:	Thu, 07 Feb 2008 09:45:36 +0100
User-agent:	Thunderbird 2.0.0.9 (X11/20071115)

Hello,
I'm sending a patch which allows lynx to use NSS compatible Open SSL library for
SSL connections. Please, go through it and if it is possible apply it in next
release of lynx. (This patch is a part of porting all cryptographic things to
NSS compatible Open SSL library in Fedora packages.)

Thanks.

-- 
Zdenek Prikryl <address@hidden>
Software Engineer - Base Operating Systems Brno

--- lynx2-8-6/configure.in.nss  2006-10-11 01:39:50.000000000 +0200
+++ lynx2-8-6/configure.in      2008-02-05 15:07:02.000000000 +0100
@@ -390,6 +390,13 @@ dnl ------------------------------------
 
 ### Look for network libraries first, since some functions (such as 
gethostname)
 ### are used in a lot of places.
+AC_CACHE_CHECK(if you want NSS compatible SSL 
libraries,cf_cv_use_libnss_compat,[
+AC_ARG_WITH(nss_compat,
+       [  --with-nss_compat{=path}       link with nss_compat library if 
available],
+       [cf_cv_use_libnss_compat=$withval],
+       [cf_cv_use_libnss_compat=no])
+])
+
 AC_CACHE_CHECK(if you want ssl library,cf_cv_use_libssl,[
 AC_ARG_WITH(ssl,
        [  --with-ssl{=path}       link with ssl library if available],
@@ -397,14 +404,12 @@ AC_ARG_WITH(ssl,
        [cf_cv_use_libssl=no])
 ])
 
-if test "x$cf_cv_use_libssl" = "xno" ; then
 AC_CACHE_CHECK(if you want experimental gnutls support,cf_cv_use_libgnutls,[
 AC_ARG_WITH(gnutls,
        [  --with-gnutls{=path}    link with experimental gnutls support],
        [cf_cv_use_libgnutls=$withval],
        [cf_cv_use_libgnutls=no])
 ])
-fi
 
 AC_CACHE_CHECK(if you want socks library,cf_cv_use_libsocks,[
 AC_ARG_WITH(socks,
@@ -432,6 +437,8 @@ if test "x$cf_cv_use_libssl"  != xno ; t
        CF_SSL($cf_cv_use_libssl)
 elif test "x$cf_cv_use_libgnutls" != xno ; then
        CF_GNUTLS($cf_cv_use_libgnutls)
+elif test "x$cf_cv_use_libnss_compat"  != xno ; then
+       CF_NSS_COMPAT($cf_cv_use_libnss_compat)
 fi
 
 dnl This has to be cached, since there's a lot of interdependent tests.
--- lynx2-8-6/aclocal.m4.nss    2006-09-04 01:25:39.000000000 +0200
+++ lynx2-8-6/aclocal.m4        2008-02-05 15:07:24.000000000 +0100
@@ -4067,6 +4067,97 @@ else
 fi
 ])dnl
 dnl ---------------------------------------------------------------------------
+dnl CF_NSS_COMPAT version: 1 updated: 2008/01/30 18:00:00
+dnl ------
+dnl Check for NSS compatible SSL libraries
+dnl $1 = the [optional] directory in which the library may be found
+AC_DEFUN([CF_NSS_COMPAT],[
+check=`pkg-config --version 2>/dev/null`
+if test -n "$check" ; then
+       cf_ssl_library=`pkg-config --libs nss`
+       cf_ssl_cflags=`pkg-config --cflags nss`
+else
+       # Without pkg-config, we'll kludge in some defaults
+       cf_ssl_library="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread 
-ldl"
+       cf_ssl_cflags="-I/usr/include/nss3 -I/usr/include/nspr4"
+fi
+cf_ssl_library="-lnss_compat_ossl $cf_ssl_library"
+
+case "$1" in #(vi
+no) #(vi
+       cf_ssl_root=
+       ;;
+yes) #(vi
+       AC_CHECK_LIB(nss_compat_ossl, SSL_get_version,[],[
+               cf_ssl_root=/usr/local/nss_compat_ossl
+               if test -d $cf_ssl_root ; then
+                       CF_VERBOSE(assume it is in $cf_ssl_root)
+                       cf_ssl_library="-L$cf_ssl_root/lib $cf_ssl_library"
+               else
+                       AC_MSG_ERROR(cannot find NSS compilant libraries)
+               fi
+       ],
+       [-lnss_compat_ossl])
+       ;;
+*)
+       if test -d $1 ; then
+               if test -d $1/include ; then
+                       cf_ssl_root=$1
+               elif test -d $1/../include ; then
+                       cf_ssl_root=$1/..
+               else
+                       AC_MSG_ERROR(cannot find NSS compilant library under $1)
+               fi
+               cf_ssl_library="-L$cf_ssl_root/lib $cf_ssl_library"
+       else
+               AC_MSG_WARN(expected a directory: $1)
+       fi
+       ;;
+esac
+LIBS="$cf_ssl_library $LIBS"
+
+cf_ssl_subincs=yes
+if test -n "$cf_ssl_root" ; then
+       if test -d $cf_ssl_root/include ; then
+               cf_ssl_cflags="-I$cf_ssl_root/include  $cf_ssl_cflags"
+               test -d $cf_ssl_root/include/nss_compat_ossl || 
cf_ssl_subincs=no
+       fi
+fi
+CF_ADD_CFLAGS($cf_ssl_cflags)
+
+if test "$cf_ssl_subincs" = yes ; then
+AC_MSG_CHECKING(for NSS compilant include directory)
+AC_TRY_COMPILE([
+#include <stdio.h>
+#include <nss_compat_ossl/nss_compat_ossl.h>],
+       [SSL_shutdown((SSL *)0)],
+       [cf_ssl_incl=yes],
+       [cf_ssl_incl=no])
+AC_MSG_RESULT($cf_ssl_incl)
+test "$cf_ssl_incl" = yes && AC_DEFINE(USE_NSS_COMPAT_INCL)
+fi
+
+AC_MSG_CHECKING(if we can link to NSS compilant library)
+AC_TRY_LINK([
+#include <stdio.h>
+#ifdef USE_NSS_COMPAT_INCL
+#include <nss_compat_ossl/nss_compat_ossl.h>
+#else
+#include <ssl.h>
+#endif
+],
+       [SSL_shutdown((SSL *)0)],
+       [cf_ssl_library=yes],
+       [cf_ssl_library=no])
+AC_MSG_RESULT($cf_ssl_library)
+if test "$cf_ssl_library" = yes ; then
+       AC_DEFINE(USE_SSL)
+       AC_DEFINE(USE_X509_SUPPORT)
+else
+       AC_ERROR(Cannot link with NSS compilant libraries)
+fi
+])dnl
+dnl ---------------------------------------------------------------------------
 dnl CF_STRIP_G_OPT version: 3 updated: 2002/12/21 19:25:52
 dnl --------------
 dnl    Remove "-g" option from the compiler options
--- lynx2-8-6/WWW/Library/Implementation/HTUtils.h.nss  2006-09-01 
01:37:53.000000000 +0200
+++ lynx2-8-6/WWW/Library/Implementation/HTUtils.h      2008-02-05 
15:49:56.000000000 +0100
@@ -591,6 +591,7 @@ extern int WWW_TraceMask;
 #define SHORTENED_RBIND                /* FIXME: do this in configure-script */
 
 #ifdef USE_SSL
+
 #define free_func free__func
 
 #ifdef USE_OPENSSL_INCL
@@ -610,6 +611,10 @@ extern int WWW_TraceMask;
 #ifndef SSL_VERIFY_PEER
 #define SSL_VERIFY_PEER                        0x01
 #endif
+#else
+
+#ifdef USE_NSS_COMPAT_INCL
+#include <nss_compat_ossl/nss_compat_ossl.h>
 
 #else /* assume SSLeay */
 #include <ssl.h>
@@ -617,10 +622,10 @@ extern int WWW_TraceMask;
 #include <rand.h>
 #include <err.h>
 #endif
+#endif
 #endif /* USE_OPENSSL_INCL */
 
 #undef free_func
-
 #endif /* USE_SSL */
 
 #ifdef HAVE_LIBDMALLOC
--- lynx2-8-6/WWW/Library/Implementation/HTTP.c.nss     2006-09-01 
01:37:53.000000000 +0200
+++ lynx2-8-6/WWW/Library/Implementation/HTTP.c 2008-02-05 15:41:17.000000000 
+0100
@@ -67,6 +67,7 @@ static int HTSSLCallback(int preverify_o
     char *msg = NULL;
     int result = 1;
 
+#ifndef USE_NSS_COMPAT_INCL
     if (!(preverify_ok || ssl_okay || ssl_noprompt)) {
 #ifdef USE_X509_SUPPORT
        HTSprintf0(&msg, SSL_FORCED_PROMPT,
@@ -79,6 +80,7 @@ static int HTSSLCallback(int preverify_o
 
        FREE(msg);
     }
+#endif
     return result;
 }
 
@@ -607,8 +609,10 @@ static int HTLoadHTTP(const char *arg,
        SSL_handle = handle = HTGetSSLHandle();
        SSL_set_fd(handle, s);
 #if SSLEAY_VERSION_NUMBER >= 0x0900
+#ifndef USE_NSS_COMPAT_INCL
        if (!try_tls)
            handle->options |= SSL_OP_NO_TLSv1;
+#endif
 #endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */
        HTSSLInitPRNG();
        status = SSL_connect(handle);

[Prev in Thread]

Current Thread

[Next in Thread]

[Lynx-dev] Patch for NSS compatible SSL library, Zdenek Prikryl <=
- Re: [Lynx-dev] Patch for NSS compatible SSL library, Thomas Dickey, 2008/02/07

Prev by Date: Re: [Lynx-dev] viewing of local .c and .h files
Next by Date: Re: [Lynx-dev] Patch for NSS compatible SSL library
Previous by thread: [Lynx-dev] Lynx under Vista
Next by thread: Re: [Lynx-dev] Patch for NSS compatible SSL library
Index(es):
- Date
- Thread