rpms/elinks/devel elinks-nss-inc.patch, NONE, 1.1 elinks-nss.patch, 1.4, 1.5 elinks.spec, 1.69, 1.70
Kamil Dudka
kdudka at fedoraproject.org
Tue Apr 28 11:46:51 UTC 2009
- Previous message (by thread): rpms/kernel/devel linux-2.6-missing-rfc2465-stats.patch, NONE, 1.1 kernel.spec, 1.1534, 1.1535
- Next message (by thread): rpms/xfce4-power-manager/devel .cvsignore, 1.6, 1.7 sources, 1.6, 1.7 xfce4-power-manager.spec, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kdudka
Update of /cvs/extras/rpms/elinks/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28373
Modified Files:
elinks-nss.patch elinks.spec
Added Files:
elinks-nss-inc.patch
Log Message:
support for trusted CA certificates loading from file in PEM format
elinks-nss-inc.patch:
--- NEW FILE elinks-nss-inc.patch ---
diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.c elinks-0.12pre3/src/network/ssl/ssl.c
--- elinks-0.12pre3.orig/src/network/ssl/ssl.c 2009-04-28 13:12:19.365660000 +0200
+++ elinks-0.12pre3/src/network/ssl/ssl.c 2009-04-28 13:26:39.287600358 +0200
@@ -48,10 +48,16 @@ SSL_CTX *context = NULL;
static void
init_openssl(struct module *module)
{
+ unsigned char *ca_file;
SSLeay_add_ssl_algorithms();
context = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(context, SSL_OP_ALL);
+#ifdef CONFIG_NSS_COMPAT_OSSL
+ ca_file = get_opt_str("connection.ssl.trusted_ca_file");
+ SSL_CTX_load_verify_locations(context, ca_file, NULL);
+#else
SSL_CTX_set_default_verify_paths(context);
+#endif
}
static void
@@ -61,10 +67,27 @@ done_openssl(struct module *module)
}
static struct option_info openssl_options[] = {
+#ifdef CONFIG_NSS_COMPAT_OSSL
+ INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
+ "cert_verify", 0, 0,
+ N_("Verify the peer's SSL certificate.")),
+
+ INIT_OPT_STRING("connection.ssl", N_("Trusted CA file"),
+ "trusted_ca_file", 0, "/etc/pki/tls/certs/ca-bundle.crt",
+ N_("The location of a file containing certificates of "
+ "trusted certification authorities in PEM format. "
+ "ELinks then trusts certificates issued by these CAs.\n"
+ "\n"
+ "If you change this option or the file, you must "
+ "restart ELinks for the changes to take effect. "
+ "This option affects GnuTLS and nss_compat_ossl but not "
+ "OpenSSL.")),
+#else
INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
"cert_verify", 0, 0,
N_("Verify the peer's SSL certificate. Note that this "
"needs extensive configuration of OpenSSL by the user.")),
+#endif
INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),
"client_cert", OPT_SORT,
@@ -187,7 +210,8 @@ static struct option_info gnutls_options
"\n"
"If you change this option or the file, you must "
"restart ELinks for the changes to take effect. "
- "This option affects GnuTLS but not OpenSSL.")),
+ "This option affects GnuTLS and nss_compat_ossl but not "
+ "OpenSSL.")),
NULL_OPTION_INFO,
};
elinks-nss.patch:
Index: elinks-nss.patch
===================================================================
RCS file: /cvs/extras/rpms/elinks/devel/elinks-nss.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- elinks-nss.patch 14 Apr 2009 11:59:45 -0000 1.4
+++ elinks-nss.patch 28 Apr 2009 11:46:48 -0000 1.5
@@ -1,6 +1,6 @@
diff -ruNp elinks-0.12pre3.orig/configure.in elinks-0.12pre3/configure.in
---- elinks-0.12pre3.orig/configure.in 2009-04-14 13:46:26.749379000 +0200
-+++ elinks-0.12pre3/configure.in 2009-04-14 13:47:13.702846713 +0200
+--- elinks-0.12pre3.orig/configure.in 2009-04-28 12:19:38.816628000 +0200
++++ elinks-0.12pre3/configure.in 2009-04-28 12:56:07.343999815 +0200
@@ -1014,6 +1014,7 @@ gnutls_withval="$withval"
if test "$enable_gnutls" = yes; then
@@ -62,7 +62,7 @@ diff -ruNp elinks-0.12pre3.orig/configur
diff -ruNp elinks-0.12pre3.orig/src/network/ssl/socket.c elinks-0.12pre3/src/network/ssl/socket.c
--- elinks-0.12pre3.orig/src/network/ssl/socket.c 2009-03-29 00:14:03.000000000 +0100
-+++ elinks-0.12pre3/src/network/ssl/socket.c 2009-04-14 13:47:13.704846733 +0200
++++ elinks-0.12pre3/src/network/ssl/socket.c 2009-04-28 13:01:02.116180177 +0200
@@ -6,6 +6,10 @@
#ifdef CONFIG_OPENSSL
@@ -153,8 +153,8 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
#elif defined(CONFIG_GNUTLS)
int err = rd;
diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.c elinks-0.12pre3/src/network/ssl/ssl.c
---- elinks-0.12pre3.orig/src/network/ssl/ssl.c 2009-04-14 13:46:26.739379000 +0200
-+++ elinks-0.12pre3/src/network/ssl/ssl.c 2009-04-14 13:52:15.813854125 +0200
+--- elinks-0.12pre3.orig/src/network/ssl/ssl.c 2009-04-28 12:19:38.782627000 +0200
++++ elinks-0.12pre3/src/network/ssl/ssl.c 2009-04-28 12:59:09.000000000 +0200
@@ -7,6 +7,10 @@
#ifdef CONFIG_OPENSSL
#include <openssl/ssl.h>
@@ -175,42 +175,24 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
#ifndef PATH_MAX
#define PATH_MAX 256 /* according to my /usr/include/bits/posix1_lim.h */
-@@ -57,10 +61,18 @@ done_openssl(struct module *module)
- }
-
- static struct option_info openssl_options[] = {
-+#ifdef CONFIG_NSS_COMPAT_OSSL
-+ INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
-+ "cert_verify", 0, 0,
-+ N_("Verify the peer's SSL certificate. The NSS database "
-+ "location can be changed by SSL_DIR environment variable. "
-+ "The database can be also shared with Mozilla browsers.")),
-+#else
- INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
- "cert_verify", 0, 0,
- N_("Verify the peer's SSL certificate. Note that this "
- "needs extensive configuration of OpenSSL by the user.")),
-+#endif
-
- INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),
- "client_cert", OPT_SORT,
-@@ -71,12 +83,27 @@ static struct option_info openssl_option
+@@ -71,12 +75,28 @@ static struct option_info openssl_option
N_("Enable or not the sending of X509 client certificates "
"to servers which request them.")),
+#ifdef CONFIG_NSS_COMPAT_OSSL
+ INIT_OPT_STRING("connection.ssl.client_cert", N_("Certificate nickname"),
+ "nickname", 0, "",
-+ N_("The nickname of the client certificate stored in NSS "
-+ "database. If this value is unset, the nickname from "
-+ "the X509_CLIENT_CERT variable is used instead. If you "
-+ "have a PKCS#12 file containing client certificate, you "
-+ "can import it into your NSS database with: "
-+ "$ pk12util -i mycert.p12 -d /path/to/database "
-+ " "
-+ "The NSS database location can be changed by SSL_DIR "
-+ "environment variable. The database can be also shared "
-+ "with Mozilla browsers.")),
++ N_("The nickname of the client certificate stored in NSS "
++ "database. If this value is unset, the nickname from "
++ "the X509_CLIENT_CERT variable is used instead. If you "
++ "have a PKCS#12 file containing client certificate, you "
++ "can import it into your NSS database with:\n"
++ "\n"
++ "$ pk12util -i mycert.p12 -d /path/to/database\n"
++ "\n"
++ "The NSS database location can be changed by SSL_DIR "
++ "environment variable. The database can be also shared "
++ "with Mozilla browsers.")),
+#else
INIT_OPT_STRING("connection.ssl.client_cert", N_("Certificate File"),
"file", 0, "",
@@ -222,7 +204,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
NULL_OPTION_INFO,
};
-@@ -182,7 +209,7 @@ static struct module gnutls_module = str
+@@ -182,7 +202,7 @@ static struct module gnutls_module = str
/* done: */ done_gnutls
);
@@ -231,7 +213,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
static struct option_info ssl_options[] = {
INIT_OPT_TREE("connection", N_("SSL"),
-@@ -193,7 +220,7 @@ static struct option_info ssl_options[]
+@@ -193,7 +213,7 @@ static struct option_info ssl_options[]
};
static struct module *ssl_modules[] = {
@@ -240,7 +222,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
&openssl_module,
#elif defined(CONFIG_GNUTLS)
&gnutls_module,
-@@ -214,7 +241,7 @@ struct module ssl_module = struct_module
+@@ -214,7 +234,7 @@ struct module ssl_module = struct_module
int
init_ssl_connection(struct socket *socket)
{
@@ -249,7 +231,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
socket->ssl = SSL_new(context);
if (!socket->ssl) return S_SSL_ERROR;
#elif defined(CONFIG_GNUTLS)
-@@ -263,7 +290,7 @@ done_ssl_connection(struct socket *socke
+@@ -263,7 +283,7 @@ done_ssl_connection(struct socket *socke
ssl_t *ssl = socket->ssl;
if (!ssl) return;
@@ -258,7 +240,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
SSL_free(ssl);
#elif defined(CONFIG_GNUTLS)
gnutls_deinit(*ssl);
-@@ -280,7 +307,7 @@ get_ssl_connection_cipher(struct socket
+@@ -280,7 +300,7 @@ get_ssl_connection_cipher(struct socket
if (!init_string(&str)) return NULL;
@@ -269,7 +251,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
SSL_get_cipher_version(ssl),
diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.h elinks-0.12pre3/src/network/ssl/ssl.h
--- elinks-0.12pre3.orig/src/network/ssl/ssl.h 2009-03-29 00:14:03.000000000 +0100
-+++ elinks-0.12pre3/src/network/ssl/ssl.h 2009-04-14 13:47:13.706846753 +0200
++++ elinks-0.12pre3/src/network/ssl/ssl.h 2009-04-28 12:56:59.000000000 +0200
@@ -22,7 +22,7 @@ unsigned char *get_ssl_connection_cipher
/* Internal type used in ssl module. */
Index: elinks.spec
===================================================================
RCS file: /cvs/extras/rpms/elinks/devel/elinks.spec,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -p -r1.69 -r1.70
--- elinks.spec 14 Apr 2009 16:53:45 -0000 1.69
+++ elinks.spec 28 Apr 2009 11:46:48 -0000 1.70
@@ -1,6 +1,6 @@
Name: elinks
Summary: A text-mode Web browser
-Version: 0.12
+Version: 0.13
Release: 0.12.pre3%{?dist}
License: GPLv2
URL: http://elinks.or.cz
@@ -35,6 +35,7 @@ Patch6: elinks-0.11.0-union.patch
Patch7: elinks-0.11.3-macropen.patch
Patch8: elinks-scroll.patch
Patch9: elinks-nss.patch
+Patch10: elinks-nss-inc.patch
%description
Elinks is a text-based Web browser. Elinks does not display any images,
@@ -62,8 +63,10 @@ quickly and swiftly displays Web pages.
%patch7 -p1
#upstream fix for out of screen dialogs
%patch8 -p1
-# Port elinks to use NSS library for cryptography (#346861)
+# Port elinks to use NSS library for cryptography (#346861) - accepted upstream
%patch9 -p1
+# Port elinks to use NSS library for cryptography (#346861) - incremental patch
+%patch10 -p1
%build
./autogen.sh
@@ -119,6 +122,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man5/*
%changelog
+* Tue Apr 28 2009 Kamil Dudka <kdudka at redhat.com> 0.12-0.13.pre3
+- use appropriate BuildRequires for nss_compat_ossl (#495532)
+- support for trusted CA certificates loading from file in PEM format
+
* Fri Apr 03 2009 Ondrej Vasik <ovasik at redhat.com> 0.12.0.12.pre3
- use word Elinks instead of Links in package description
- Previous message (by thread): rpms/kernel/devel linux-2.6-missing-rfc2465-stats.patch, NONE, 1.1 kernel.spec, 1.1534, 1.1535
- Next message (by thread): rpms/xfce4-power-manager/devel .cvsignore, 1.6, 1.7 sources, 1.6, 1.7 xfce4-power-manager.spec, 1.8, 1.9
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list