rpms/elinks/F-11 elinks-nss-inc.patch, NONE, 1.1 elinks.conf, NONE, 1.1 elinks-nss.patch, 1.4, 1.5 elinks.spec, 1.69, 1.70
Kamil Dudka
kdudka at fedoraproject.org
Thu Apr 30 07:57:39 UTC 2009
Author: kdudka
Update of /cvs/extras/rpms/elinks/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23617
Modified Files:
elinks-nss.patch elinks.spec
Added Files:
elinks-nss-inc.patch elinks.conf
Log Message:
backport from elinks-0.12-0.15.pre3.fc12 (#495532)
elinks-nss-inc.patch:
--- NEW FILE elinks-nss-inc.patch ---
diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.c elinks-0.12pre3/src/network/ssl/ssl.c
--- elinks-0.12pre3.orig/src/network/ssl/ssl.c 2009-04-29 12:48:26.250878000 +0200
+++ elinks-0.12pre3/src/network/ssl/ssl.c 2009-04-29 13:03:51.318746893 +0200
@@ -48,10 +48,20 @@ SSL_CTX *context = NULL;
static void
init_openssl(struct module *module)
{
+ unsigned char *ca_file;
SSLeay_add_ssl_algorithms();
context = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(context, SSL_OP_ALL);
+#ifdef CONFIG_NSS_COMPAT_OSSL
+ ca_file = get_opt_str("connection.ssl.trusted_ca_file");
+ if (*ca_file)
+ SSL_CTX_load_verify_locations(context, ca_file, NULL);
+ else
+ SSL_CTX_set_default_verify_paths(context);
+#else
+ (void) ca_file;
SSL_CTX_set_default_verify_paths(context);
+#endif
}
static void
@@ -61,10 +71,30 @@ done_openssl(struct module *module)
}
static struct option_info openssl_options[] = {
+#ifdef CONFIG_NSS_COMPAT_OSSL
+ INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
+ "cert_verify", 0, 0,
+ N_("Verify the peer's SSL certificate.")),
+
+ INIT_OPT_STRING("connection.ssl", N_("Trusted CA file"),
+ "trusted_ca_file", 0, "/etc/pki/tls/certs/ca-bundle.crt",
+ N_("The location of a file containing certificates of "
+ "trusted certification authorities in PEM format. "
+ "ELinks then trusts certificates issued by these CAs.\n"
+ "\n"
+ "If you set this option to an empty string, default NSS root"
+ "certificates are loaded.\n"
+ "\n"
+ "If you change this option or the file, you must "
+ "restart ELinks for the changes to take effect. "
+ "This option affects GnuTLS and nss_compat_ossl but not "
+ "OpenSSL.")),
+#else
INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
"cert_verify", 0, 0,
N_("Verify the peer's SSL certificate. Note that this "
"needs extensive configuration of OpenSSL by the user.")),
+#endif
INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),
"client_cert", OPT_SORT,
@@ -187,7 +217,8 @@ static struct option_info gnutls_options
"\n"
"If you change this option or the file, you must "
"restart ELinks for the changes to take effect. "
- "This option affects GnuTLS but not OpenSSL.")),
+ "This option affects GnuTLS and nss_compat_ossl but not "
+ "OpenSSL.")),
NULL_OPTION_INFO,
};
--- NEW FILE elinks.conf ---
## ELinks 0.12pre3 configuration file
## This is ELinks global configuration file. You can keep global ELinks
## configuration here. Each user can also save its own ELinks configuration
## to ~/.elinks/elinks.conf. The per user configuration file can be edited
## by ELinks when you save options through UI.
## connection
# Connection options.
## connection.ssl
# SSL options.
## connection.ssl.cert_verify [0|1]
# Verify the peer's SSL certificate.
set connection.ssl.cert_verify = 1
## connection.ssl.trusted_ca_file <str>
# The location of a file containing certificates of trusted certification
# authorities in PEM format. ELinks then trusts certificates issued by
# these CAs.
#
# If you set this option to an empty string, default NSS root certificates
# are loaded.
#
# If you change this option or the file, you must restart ELinks for the
# changes to take effect. This option affects GnuTLS and nss_compat_ossl
# but not OpenSSL.
set connection.ssl.trusted_ca_file = "/etc/pki/tls/certs/ca-bundle.crt"
elinks-nss.patch:
Index: elinks-nss.patch
===================================================================
RCS file: /cvs/extras/rpms/elinks/F-11/elinks-nss.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- elinks-nss.patch 14 Apr 2009 11:59:45 -0000 1.4
+++ elinks-nss.patch 30 Apr 2009 07:57:08 -0000 1.5
@@ -1,6 +1,6 @@
diff -ruNp elinks-0.12pre3.orig/configure.in elinks-0.12pre3/configure.in
---- elinks-0.12pre3.orig/configure.in 2009-04-14 13:46:26.749379000 +0200
-+++ elinks-0.12pre3/configure.in 2009-04-14 13:47:13.702846713 +0200
+--- elinks-0.12pre3.orig/configure.in 2009-04-28 12:19:38.816628000 +0200
++++ elinks-0.12pre3/configure.in 2009-04-28 12:56:07.343999815 +0200
@@ -1014,6 +1014,7 @@ gnutls_withval="$withval"
if test "$enable_gnutls" = yes; then
@@ -62,7 +62,7 @@ diff -ruNp elinks-0.12pre3.orig/configur
diff -ruNp elinks-0.12pre3.orig/src/network/ssl/socket.c elinks-0.12pre3/src/network/ssl/socket.c
--- elinks-0.12pre3.orig/src/network/ssl/socket.c 2009-03-29 00:14:03.000000000 +0100
-+++ elinks-0.12pre3/src/network/ssl/socket.c 2009-04-14 13:47:13.704846733 +0200
++++ elinks-0.12pre3/src/network/ssl/socket.c 2009-04-28 13:01:02.116180177 +0200
@@ -6,6 +6,10 @@
#ifdef CONFIG_OPENSSL
@@ -153,8 +153,8 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
#elif defined(CONFIG_GNUTLS)
int err = rd;
diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.c elinks-0.12pre3/src/network/ssl/ssl.c
---- elinks-0.12pre3.orig/src/network/ssl/ssl.c 2009-04-14 13:46:26.739379000 +0200
-+++ elinks-0.12pre3/src/network/ssl/ssl.c 2009-04-14 13:52:15.813854125 +0200
+--- elinks-0.12pre3.orig/src/network/ssl/ssl.c 2009-04-28 12:19:38.782627000 +0200
++++ elinks-0.12pre3/src/network/ssl/ssl.c 2009-04-28 12:59:09.000000000 +0200
@@ -7,6 +7,10 @@
#ifdef CONFIG_OPENSSL
#include <openssl/ssl.h>
@@ -175,42 +175,24 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
#ifndef PATH_MAX
#define PATH_MAX 256 /* according to my /usr/include/bits/posix1_lim.h */
-@@ -57,10 +61,18 @@ done_openssl(struct module *module)
- }
-
- static struct option_info openssl_options[] = {
-+#ifdef CONFIG_NSS_COMPAT_OSSL
-+ INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
-+ "cert_verify", 0, 0,
-+ N_("Verify the peer's SSL certificate. The NSS database "
-+ "location can be changed by SSL_DIR environment variable. "
-+ "The database can be also shared with Mozilla browsers.")),
-+#else
- INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
- "cert_verify", 0, 0,
- N_("Verify the peer's SSL certificate. Note that this "
- "needs extensive configuration of OpenSSL by the user.")),
-+#endif
-
- INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),
- "client_cert", OPT_SORT,
-@@ -71,12 +83,27 @@ static struct option_info openssl_option
+@@ -71,12 +75,28 @@ static struct option_info openssl_option
N_("Enable or not the sending of X509 client certificates "
"to servers which request them.")),
+#ifdef CONFIG_NSS_COMPAT_OSSL
+ INIT_OPT_STRING("connection.ssl.client_cert", N_("Certificate nickname"),
+ "nickname", 0, "",
-+ N_("The nickname of the client certificate stored in NSS "
-+ "database. If this value is unset, the nickname from "
-+ "the X509_CLIENT_CERT variable is used instead. If you "
-+ "have a PKCS#12 file containing client certificate, you "
-+ "can import it into your NSS database with: "
-+ "$ pk12util -i mycert.p12 -d /path/to/database "
-+ " "
-+ "The NSS database location can be changed by SSL_DIR "
-+ "environment variable. The database can be also shared "
-+ "with Mozilla browsers.")),
++ N_("The nickname of the client certificate stored in NSS "
++ "database. If this value is unset, the nickname from "
++ "the X509_CLIENT_CERT variable is used instead. If you "
++ "have a PKCS#12 file containing client certificate, you "
++ "can import it into your NSS database with:\n"
++ "\n"
++ "$ pk12util -i mycert.p12 -d /path/to/database\n"
++ "\n"
++ "The NSS database location can be changed by SSL_DIR "
++ "environment variable. The database can be also shared "
++ "with Mozilla browsers.")),
+#else
INIT_OPT_STRING("connection.ssl.client_cert", N_("Certificate File"),
"file", 0, "",
@@ -222,7 +204,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
NULL_OPTION_INFO,
};
-@@ -182,7 +209,7 @@ static struct module gnutls_module = str
+@@ -182,7 +202,7 @@ static struct module gnutls_module = str
/* done: */ done_gnutls
);
@@ -231,7 +213,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
static struct option_info ssl_options[] = {
INIT_OPT_TREE("connection", N_("SSL"),
-@@ -193,7 +220,7 @@ static struct option_info ssl_options[]
+@@ -193,7 +213,7 @@ static struct option_info ssl_options[]
};
static struct module *ssl_modules[] = {
@@ -240,7 +222,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
&openssl_module,
#elif defined(CONFIG_GNUTLS)
&gnutls_module,
-@@ -214,7 +241,7 @@ struct module ssl_module = struct_module
+@@ -214,7 +234,7 @@ struct module ssl_module = struct_module
int
init_ssl_connection(struct socket *socket)
{
@@ -249,7 +231,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
socket->ssl = SSL_new(context);
if (!socket->ssl) return S_SSL_ERROR;
#elif defined(CONFIG_GNUTLS)
-@@ -263,7 +290,7 @@ done_ssl_connection(struct socket *socke
+@@ -263,7 +283,7 @@ done_ssl_connection(struct socket *socke
ssl_t *ssl = socket->ssl;
if (!ssl) return;
@@ -258,7 +240,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
SSL_free(ssl);
#elif defined(CONFIG_GNUTLS)
gnutls_deinit(*ssl);
-@@ -280,7 +307,7 @@ get_ssl_connection_cipher(struct socket
+@@ -280,7 +300,7 @@ get_ssl_connection_cipher(struct socket
if (!init_string(&str)) return NULL;
@@ -269,7 +251,7 @@ diff -ruNp elinks-0.12pre3.orig/src/netw
SSL_get_cipher_version(ssl),
diff -ruNp elinks-0.12pre3.orig/src/network/ssl/ssl.h elinks-0.12pre3/src/network/ssl/ssl.h
--- elinks-0.12pre3.orig/src/network/ssl/ssl.h 2009-03-29 00:14:03.000000000 +0100
-+++ elinks-0.12pre3/src/network/ssl/ssl.h 2009-04-14 13:47:13.706846753 +0200
++++ elinks-0.12pre3/src/network/ssl/ssl.h 2009-04-28 12:56:59.000000000 +0200
@@ -22,7 +22,7 @@ unsigned char *get_ssl_connection_cipher
/* Internal type used in ssl module. */
Index: elinks.spec
===================================================================
RCS file: /cvs/extras/rpms/elinks/F-11/elinks.spec,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -p -r1.69 -r1.70
--- elinks.spec 14 Apr 2009 16:53:45 -0000 1.69
+++ elinks.spec 30 Apr 2009 07:57:09 -0000 1.70
@@ -1,11 +1,12 @@
Name: elinks
Summary: A text-mode Web browser
Version: 0.12
-Release: 0.12.pre3%{?dist}
+Release: 0.13.pre3%{?dist}
License: GPLv2
URL: http://elinks.or.cz
Group: Applications/Internet
Source: http://elinks.or.cz/download/elinks-%{version}pre3.tar.bz2
+Source2: elinks.conf
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: automake
@@ -35,6 +36,7 @@ Patch6: elinks-0.11.0-union.patch
Patch7: elinks-0.11.3-macropen.patch
Patch8: elinks-scroll.patch
Patch9: elinks-nss.patch
+Patch10: elinks-nss-inc.patch
%description
Elinks is a text-based Web browser. Elinks does not display any images,
@@ -62,8 +64,10 @@ quickly and swiftly displays Web pages.
%patch7 -p1
#upstream fix for out of screen dialogs
%patch8 -p1
-# Port elinks to use NSS library for cryptography (#346861)
+# Port elinks to use NSS library for cryptography (#346861) - accepted upstream
%patch9 -p1
+# Port elinks to use NSS library for cryptography (#346861) - incremental patch
+%patch10 -p1
%build
./autogen.sh
@@ -77,6 +81,8 @@ make %{?_smp_mflags}
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
rm -f $RPM_BUILD_ROOT%{_datadir}/locale/locale.alias
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}
+install -m 644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/elinks.conf
touch $RPM_BUILD_ROOT%{_bindir}/links
touch $RPM_BUILD_ROOT%{_mandir}/man1/links.1.gz
%find_lang elinks
@@ -110,15 +116,22 @@ exit 0
rm -rf $RPM_BUILD_ROOT
%files -f elinks.lang
-%defattr(-,root,root)
+%defattr(-,root,root,-)
%doc README SITES TODO COPYING
%ghost %verify(not md5 size mtime) %{_bindir}/links
%{_bindir}/elinks
%ghost %verify(not md5 size mtime) %{_mandir}/man1/links.1.gz
+%config(noreplace) %{_sysconfdir}/elinks.conf
%{_mandir}/man1/elinks.1*
%{_mandir}/man5/*
%changelog
+* Thu Apr 30 2009 Kamil Dudka <kdudka at redhat.com> 0.12-0.13.pre3
+- use appropriate BuildRequires for nss_compat_ossl
+- support for trusted CA certificates loading from file in PEM format
+- enable certificate verification by default via configuration
+ file(#495532)
+
* Fri Apr 03 2009 Ondrej Vasik <ovasik at redhat.com> 0.12.0.12.pre3
- use word Elinks instead of Links in package description
More information about the fedora-extras-commits
mailing list