]>
Commit | Line | Data |
---|---|---|
dae5a450 | 1 | diff -ruN lynx2-8-3/WWW/Library/Implementation/HTAAUtil.c lynx2-8-3.ssl/WWW/Library/Implementation/HTAAUtil.c |
2 | --- lynx2-8-3/WWW/Library/Implementation/HTAAUtil.c Wed Oct 13 16:24:23 1999 | |
13ca32bb | 3 | +++ lynx2-8-3.ssl/WWW/Library/Implementation/HTAAUtil.c Tue Dec 7 18:50:28 1999 |
dae5a450 | 4 | @@ -49,6 +49,13 @@ |
5 | #include <HTAssoc.h> /* Assoc list */ | |
6 | #include <HTTCP.h> | |
7 | ||
8 | +#ifdef USE_SSL | |
9 | +#define free_func free__func | |
13ca32bb | 10 | +#include <openssl/ssl.h> |
dae5a450 | 11 | +#undef free_func |
12 | +PRIVATE SSL * Handle = NULL; /* The SSL Handle */ | |
13 | +#endif /* USE_SSL */ | |
14 | + | |
15 | #include <LYStrings.h> | |
16 | #include <LYLeaks.h> | |
17 | ||
18 | @@ -554,7 +561,14 @@ | |
19 | /* Reading from socket */ | |
20 | ||
21 | if (start_pointer >= end_pointer) {/*Read the next block and continue*/ | |
22 | +#ifdef USE_SSL | |
23 | + if (Handle) | |
24 | + count = SSL_read(Handle, buffer, BUFFER_SIZE); | |
25 | + else | |
26 | + count = NETREAD(in_soc, buffer, BUFFER_SIZE); | |
27 | +#else | |
28 | count = NETREAD(in_soc, buffer, BUFFER_SIZE); | |
29 | +#endif /* USE_SSL */ | |
30 | if (count <= 0) { | |
31 | in_soc = -1; | |
32 | return line; | |
33 | diff -ruN lynx2-8-3/WWW/Library/Implementation/HTFormat.c lynx2-8-3.ssl/WWW/Library/Implementation/HTFormat.c | |
34 | --- lynx2-8-3/WWW/Library/Implementation/HTFormat.c Wed Dec 1 04:33:02 1999 | |
13ca32bb | 35 | +++ lynx2-8-3.ssl/WWW/Library/Implementation/HTFormat.c Tue Dec 7 18:50:07 1999 |
dae5a450 | 36 | @@ -16,6 +16,12 @@ |
37 | */ | |
38 | #include <HTFormat.h> | |
39 | ||
40 | +#ifdef USE_SSL | |
41 | +#define free_func free__func | |
13ca32bb | 42 | +#include <openssl/ssl.h> |
dae5a450 | 43 | +#undef free_func |
44 | +#endif /* USE_SSL */ | |
45 | + | |
46 | PUBLIC float HTMaxSecs = 1e10; /* No effective limit */ | |
47 | PUBLIC float HTMaxLength = 1e10; /* No effective limit */ | |
48 | PUBLIC long int HTMaxBytes = 0; /* No effective limit */ | |
49 | @@ -258,6 +264,39 @@ | |
50 | return FROMASCII((unsigned char)ch); | |
51 | } | |
52 | ||
53 | +#ifdef USE_SSL | |
54 | +PUBLIC char HTGetSSLCharacter ARGS1(void *, handle) | |
55 | +{ | |
56 | + char ch; | |
57 | + interrupted_in_htgetcharacter = 0; | |
58 | + if(!handle) | |
59 | + return (char)EOF; | |
60 | + do { | |
61 | + if (input_pointer >= input_limit) { | |
62 | + int status = SSL_read((SSL *)handle, | |
63 | + input_buffer, INPUT_BUFFER_SIZE); | |
64 | + if (status <= 0) { | |
65 | + if (status == 0) | |
66 | + return (char)EOF; | |
67 | + if (status == HT_INTERRUPTED) { | |
13ca32bb | 68 | + CTRACE((tfp, "HTFormat: Interrupted in HTGetSSLCharacter\n")); |
dae5a450 | 69 | + interrupted_in_htgetcharacter = 1; |
70 | + return (char)EOF; | |
71 | + } | |
13ca32bb | 72 | + CTRACE((tfp, "HTFormat: SSL_read error %d\n", status)); |
dae5a450 | 73 | + return (char)EOF; /* -1 is returned by UCX |
74 | + at end of HTTP link */ | |
75 | + } | |
76 | + input_pointer = input_buffer; | |
77 | + input_limit = input_buffer + status; | |
78 | + } | |
79 | + ch = *input_pointer++; | |
80 | + } while (ch == (char) 13); /* Ignore ASCII carriage return */ | |
81 | + | |
82 | + return FROMASCII(ch); | |
83 | +} | |
84 | +#endif /* USE_SSL */ | |
85 | + | |
86 | /* Match maintype to any MIME type starting with maintype, | |
87 | * for example: image/gif should match image | |
88 | */ | |
89 | @@ -636,7 +675,14 @@ | |
90 | goto finished; | |
91 | } | |
92 | ||
93 | +#ifdef USE_SSL | |
94 | + if (handle) | |
95 | + status = SSL_read((SSL *)handle, input_buffer, INPUT_BUFFER_SIZE); | |
96 | + else | |
97 | + status = NETREAD(file_number, input_buffer, INPUT_BUFFER_SIZE); | |
98 | +#else | |
99 | status = NETREAD(file_number, input_buffer, INPUT_BUFFER_SIZE); | |
100 | +#endif /* USE_SSL */ | |
101 | ||
102 | if (status <= 0) { | |
103 | if (status == 0) { | |
104 | diff -ruN lynx2-8-3/WWW/Library/Implementation/HTNews.c lynx2-8-3.ssl/WWW/Library/Implementation/HTNews.c | |
105 | --- lynx2-8-3/WWW/Library/Implementation/HTNews.c Thu Nov 4 03:41:39 1999 | |
e7bed7b0 | 106 | +++ lynx2-8-3.ssl/WWW/Library/Implementation/HTNews.c Tue Dec 7 18:58:29 1999 |
dae5a450 | 107 | @@ -36,9 +36,26 @@ |
108 | #define SERVER_FILE "/usr/local/lib/rn/server" | |
109 | #endif /* SERVER_FILE */ | |
110 | ||
111 | +#ifdef USE_SSL | |
112 | +#define free_func free__func | |
13ca32bb | 113 | +#include <openssl/ssl.h> |
dae5a450 | 114 | +#undef free_func |
115 | +extern SSL_CTX * ssl_ctx; | |
116 | +extern SSL * HTGetSSLHandle NOPARAMS; | |
117 | +PRIVATE SSL * Handle = NULL; | |
118 | +PRIVATE int channel_s = 1; | |
119 | +#define NEWS_NETWRITE(sock, buff, size) \ | |
120 | + (Handle ? SSL_write(Handle, buff, size) : NETWRITE(sock, buff, size)) | |
121 | +#define NEWS_NETCLOSE(sock) \ | |
122 | + { (void)NETCLOSE(sock); if (Handle) SSL_free(Handle); Handle = NULL; } | |
123 | +extern char HTGetSSLCharacter PARAMS((void *handle)); | |
124 | +PRIVATE char HTNewsGetCharacter NOPARAMS; | |
125 | +#define NEXT_CHAR HTNewsGetCharacter() | |
126 | +#else | |
127 | #define NEWS_NETWRITE NETWRITE | |
128 | #define NEWS_NETCLOSE NETCLOSE | |
129 | #define NEXT_CHAR HTGetCharacter() | |
130 | +#endif /* USE_SSL */ | |
131 | ||
132 | #include <HTML.h> | |
133 | #include <HTParse.h> | |
134 | @@ -2201,11 +2218,13 @@ | |
135 | group_wanted) && | |
136 | strchr(arg, '@') == NULL) && (strchr(arg, '*') != NULL)); | |
137 | ||
138 | +#ifndef USE_SSL | |
139 | if (!strncasecomp(arg, "snewspost:", 10) || | |
140 | !strncasecomp(arg, "snewsreply:", 11)) { | |
141 | HTAlert(FAILED_CANNOT_POST_SSL); | |
142 | return HT_NOT_LOADED; | |
143 | } | |
144 | +#endif /* !USE_SSL */ | |
145 | if (post_wanted || reply_wanted || spost_wanted || sreply_wanted) { | |
146 | /* | |
147 | ** Make sure we have a non-zero path for the newsgroup(s). - FM | |
148 | @@ -2294,8 +2313,43 @@ | |
149 | StrAllocCopy(NewsHREF, command); | |
150 | } | |
151 | else if (!strncasecomp(arg, "snews:", 6)) { | |
152 | +#ifdef USE_SSL | |
153 | + if (((*(arg + 6) == '\0') || | |
154 | + (!strcmp((arg + 6), "/") || | |
155 | + !strcmp((arg + 6), "//") || | |
156 | + !strcmp((arg + 6), "///"))) || | |
157 | + ((!strncmp((arg + 6), "//", 2)) && | |
158 | + (!(cp = strchr((arg + 8), '/')) || *(cp + 1) == '\0'))) { | |
159 | + p1 = "*"; | |
160 | + group_wanted = FALSE; | |
161 | + list_wanted = TRUE; | |
162 | + } else if (*(arg + 6) != '/') { | |
163 | + p1 = (arg + 6); | |
164 | + } else if (*(arg + 6) == '/' && *(arg + 7) != '/') { | |
165 | + p1 = (arg + 7); | |
166 | + } else { | |
167 | + p1 = (cp + 1); | |
168 | + } | |
169 | + if (!(cp = HTParse(arg, "", PARSE_HOST)) || *cp == '\0') { | |
170 | + if (s >= 0 && NewsHost && strcasecomp(NewsHost, HTNewsHost)) { | |
171 | + NEWS_NETCLOSE(s); | |
172 | + s = -1; | |
173 | + } | |
174 | + StrAllocCopy(NewsHost, HTNewsHost); | |
175 | + } else { | |
176 | + if (s >= 0 && NewsHost && strcasecomp(NewsHost, cp)) { | |
177 | + NEWS_NETCLOSE(s); | |
178 | + s = -1; | |
179 | + } | |
180 | + StrAllocCopy(NewsHost, cp); | |
181 | + } | |
182 | + FREE(cp); | |
183 | + sprintf(command, "snews://%.250s/", NewsHost); | |
184 | + StrAllocCopy(NewsHREF, command); | |
185 | +#else | |
186 | HTAlert(gettext("This client does not contain support for SNEWS URLs.")); | |
187 | return HT_NOT_LOADED; | |
188 | +#endif /* USE_SSL */ | |
189 | } | |
190 | else if (!strncasecomp (arg, "news:/", 6)) { | |
191 | if (((*(arg + 6) == '\0') || | |
192 | @@ -2533,7 +2587,18 @@ | |
193 | ||
194 | _HTProgress(gettext("Connecting to NewsHost ...")); | |
195 | ||
196 | +#ifdef USE_SSL | |
197 | + if (!using_proxy && | |
198 | + (!strncmp(arg, "snews:", 6) || | |
199 | + !strncmp(arg, "snewspost:", 10) || | |
200 | + !strncmp(arg, "snewsreply:", 11))) | |
201 | + status = HTDoConnect (url, "NNTPS", SNEWS_PORT, &s); | |
202 | + else | |
203 | + status = HTDoConnect (url, "NNTP", NEWS_PORT, &s); | |
204 | +#else | |
205 | status = HTDoConnect (url, "NNTP", NEWS_PORT, &s); | |
206 | +#endif /* USE_SSL */ | |
207 | + | |
208 | if (status == HT_INTERRUPTED) { | |
209 | /* | |
210 | ** Interrupt cleanly. | |
211 | @@ -2549,6 +2614,12 @@ | |
212 | FREE(ProxyHost); | |
213 | FREE(ProxyHREF); | |
214 | FREE(ListArg); | |
215 | +#ifdef USE_SSL | |
216 | + if (Handle) { | |
217 | + SSL_free(Handle); | |
218 | + Handle = NULL; | |
219 | + } | |
220 | +#endif /* USE_SSL */ | |
221 | if (postfile) { | |
222 | HTSYS_remove(postfile); | |
223 | FREE(postfile); | |
224 | @@ -2579,6 +2650,50 @@ | |
225 | } else { | |
226 | CTRACE((tfp, "HTNews: Connected to news host %s.\n", | |
227 | NewsHost)); | |
228 | +#ifdef USE_SSL | |
229 | + /* | |
230 | + ** If this is an snews url, | |
231 | + ** then do the SSL stuff here | |
232 | + */ | |
233 | + if (!using_proxy && | |
234 | + (!strncmp(url, "snews", 5) || | |
235 | + !strncmp(url, "snewspost:", 10) || | |
236 | + !strncmp(url, "snewsreply:", 11))) { | |
237 | + Handle = HTGetSSLHandle(); | |
238 | + SSL_set_fd(Handle, s); | |
239 | + status = SSL_connect(Handle); | |
240 | + | |
241 | + if (status <= 0) { | |
e7bed7b0 | 242 | + CTRACE((tfp, |
dae5a450 | 243 | +"HTNews: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n", |
e7bed7b0 | 244 | + url, status)); |
dae5a450 | 245 | + HTAlert( |
246 | + "Unable to make secure connection to remote host."); | |
247 | + NEWS_NETCLOSE(s); | |
248 | + s = -1; | |
249 | + if (!(post_wanted || reply_wanted || | |
250 | + spost_wanted || sreply_wanted)) | |
251 | + (*targetClass._abort)(target, NULL); | |
252 | + FREE(NewsHost); | |
253 | + FREE(NewsHREF); | |
254 | + FREE(ProxyHost); | |
255 | + FREE(ProxyHREF); | |
256 | + FREE(ListArg); | |
257 | + if (postfile) { | |
258 | +#ifdef VMS | |
259 | + while (remove(postfile) == 0) | |
260 | + ; /* loop through all versions */ | |
261 | +#else | |
262 | + remove(postfile); | |
263 | +#endif /* VMS */ | |
264 | + FREE(postfile); | |
265 | + } | |
266 | + return HT_NOT_LOADED; | |
267 | + } | |
268 | + _HTProgress(SSL_get_cipher(Handle)); | |
269 | + } | |
270 | +#endif /* USE_SSL */ | |
271 | + | |
272 | HTInitInput(s); /* set up buffering */ | |
273 | if (proxycmd[0]) { | |
274 | status = NEWS_NETWRITE(s, proxycmd, strlen(proxycmd)); | |
275 | @@ -2928,6 +3043,45 @@ | |
276 | */ | |
277 | free_NNTP_AuthInfo(); | |
278 | } | |
279 | + | |
280 | +#ifdef USE_SSL | |
281 | +PRIVATE char HTNewsGetCharacter NOARGS | |
282 | +{ | |
283 | + if (!Handle) | |
284 | + return HTGetCharacter(); | |
285 | + else | |
286 | + return HTGetSSLCharacter((void *)Handle); | |
287 | +} | |
288 | + | |
289 | +PUBLIC int HTNewsProxyConnect ARGS5 (int, sock, CONST char *, url, | |
290 | + HTParentAnchor *, anAnchor, | |
291 | + HTFormat, format_out, | |
292 | + HTStream *, sink) | |
293 | +{ | |
294 | + int status; | |
295 | + CONST char * arg = url; | |
296 | + | |
297 | + s = channel_s = sock; | |
298 | + Handle = HTGetSSLHandle(); | |
299 | + SSL_set_fd(Handle, s); | |
300 | + status = SSL_connect(Handle); | |
301 | + | |
302 | + if (status <= 0) { | |
303 | + channel_s = -1; | |
e7bed7b0 | 304 | + CTRACE((tfp, |
dae5a450 | 305 | +"HTTP: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n", |
e7bed7b0 | 306 | + url, status)); |
dae5a450 | 307 | + HTAlert("Unable to make secure connection to remote host."); |
308 | + NEWS_NETCLOSE(s); | |
309 | + s = -1; | |
310 | + return HT_NOT_LOADED; | |
311 | + } | |
312 | + _HTProgress(SSL_get_cipher(Handle)); | |
313 | + status = HTLoadNews(arg, anAnchor, format_out, sink); | |
314 | + channel_s = -1; | |
315 | + return status; | |
316 | +} | |
317 | +#endif /* USE_SSL */ | |
318 | ||
319 | #ifdef GLOBALDEF_IS_MACRO | |
320 | #define _HTNEWS_C_1_INIT { "news", HTLoadNews, NULL } | |
321 | diff -ruN lynx2-8-3/WWW/Library/Implementation/HTTP.c lynx2-8-3.ssl/WWW/Library/Implementation/HTTP.c | |
322 | --- lynx2-8-3/WWW/Library/Implementation/HTTP.c Thu Nov 18 05:08:08 1999 | |
13ca32bb | 323 | +++ lynx2-8-3.ssl/WWW/Library/Implementation/HTTP.c Tue Dec 7 18:47:14 1999 |
dae5a450 | 324 | @@ -13,6 +13,13 @@ |
325 | #include <HTTP.h> | |
326 | #include <LYUtils.h> | |
327 | ||
328 | +#ifdef USE_SSL | |
329 | +#define free_func free__func | |
5df70b4a | 330 | +#include <openssl/ssl.h> |
331 | +#include <openssl/crypto.h> | |
dae5a450 | 332 | +#undef free_func |
333 | +#endif /* USE_SSL */ | |
334 | + | |
335 | #define HTTP_VERSION "HTTP/1.0" | |
336 | ||
337 | #define HTTP_PORT 80 | |
338 | @@ -67,9 +74,51 @@ | |
339 | extern BOOL traversal; /* TRUE if we are doing a traversal */ | |
340 | extern BOOL dump_output_immediately; /* TRUE if no interactive user */ | |
341 | ||
342 | +#ifdef USE_SSL | |
343 | +PUBLIC SSL_CTX * ssl_ctx = NULL; /* SSL ctx */ | |
344 | + | |
345 | +PRIVATE void free_ssl_ctx NOARGS | |
346 | +{ | |
347 | + if (ssl_ctx != NULL) | |
348 | + SSL_CTX_free(ssl_ctx); | |
349 | +} | |
350 | + | |
351 | +PUBLIC SSL * HTGetSSLHandle NOARGS | |
352 | +{ | |
353 | + if (ssl_ctx == NULL) { | |
354 | + /* | |
355 | + * First time only. | |
356 | + */ | |
357 | +#if SSLEAY_VERSION_NUMBER < 0x0800 | |
358 | + ssl_ctx = SSL_CTX_new(); | |
359 | + X509_set_default_verify_paths(ssl_ctx->cert); | |
360 | +#else | |
361 | + SSLeay_add_ssl_algorithms(); | |
362 | + ssl_ctx = SSL_CTX_new(SSLv23_client_method()); | |
363 | + SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); | |
364 | + SSL_CTX_set_default_verify_paths(ssl_ctx); | |
365 | +#endif /* SSLEAY_VERSION_NUMBER < 0x0800 */ | |
366 | + atexit(free_ssl_ctx); | |
367 | + } | |
368 | + return(SSL_new(ssl_ctx)); | |
369 | +} | |
370 | + | |
371 | +#define HTTP_NETREAD(sock, buff, size, handle) \ | |
372 | + (handle ? SSL_read(handle, buff, size) : NETREAD(sock, buff, size)) | |
373 | +#define HTTP_NETWRITE(sock, buff, size, handle) \ | |
374 | + (handle ? SSL_write(handle, buff, size) : NETWRITE(sock, buff, size)) | |
375 | +#define HTTP_NETCLOSE(sock, handle) \ | |
376 | + { (void)NETCLOSE(sock); if (handle) SSL_free(handle); handle = NULL; } | |
377 | + | |
378 | +extern int HTNewsProxyConnect PARAMS (( int sock, CONST char *url, | |
379 | + HTParentAnchor *anAnchor, | |
380 | + HTFormat format_out, | |
381 | + HTStream *sink )); | |
382 | +#else | |
383 | #define HTTP_NETREAD(a, b, c, d) NETREAD(a, b, c) | |
384 | #define HTTP_NETWRITE(a, b, c, d) NETWRITE(a, b, c) | |
385 | #define HTTP_NETCLOSE(a, b) (void)NETCLOSE(a) | |
386 | +#endif /* USE_SSL */ | |
387 | ||
388 | #ifdef _WINDOWS /* 1997/11/06 (Thu) 13:00:08 */ | |
389 | ||
390 | @@ -298,7 +347,18 @@ | |
391 | BOOL doing_redirect, already_retrying = FALSE, bad_location = FALSE; | |
392 | int len = 0; | |
393 | ||
394 | +#ifdef USE_SSL | |
395 | + BOOL do_connect = FALSE; /* ARE WE going to use a proxy tunnel ? */ | |
396 | + BOOL did_connect = FALSE; /* ARE WE actually using a proxy tunnel ? */ | |
397 | + CONST char *connect_url = NULL; /* The URL being proxied */ | |
398 | + char *connect_host = NULL; /* The host being proxied */ | |
399 | + SSL * handle = NULL; /* The SSL handle */ | |
400 | +#if SSLEAY_VERSION_NUMBER >= 0x0900 | |
401 | + BOOL try_tls = TRUE; | |
402 | +#endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */ | |
403 | +#else | |
404 | void * handle = NULL; | |
405 | +#endif /* USE_SSL */ | |
406 | ||
407 | if (anAnchor->isHEAD) | |
408 | do_head = TRUE; | |
409 | @@ -316,6 +376,30 @@ | |
410 | goto done; | |
411 | } | |
412 | ||
413 | +#ifdef USE_SSL | |
414 | + if (using_proxy && !strncmp(url, "http://", 7)) { | |
415 | + if (connect_url = strstr((url+7), "https://")) { | |
416 | + do_connect = TRUE; | |
417 | + connect_host = HTParse(connect_url, "https", PARSE_HOST); | |
418 | + if (!strchr(connect_host, ':')) { | |
419 | + sprintf(temp, ":%d", HTTPS_PORT); | |
420 | + StrAllocCat(connect_host, temp); | |
421 | + } | |
5659dc68 | 422 | + CTRACE((tfp, "HTTP: connect_url = '%s'\n", connect_url)); |
423 | + CTRACE((tfp, "HTTP: connect_host = '%s'\n", connect_host)); | |
dae5a450 | 424 | + } else if (connect_url = strstr((url+7), "snews://")) { |
425 | + do_connect = TRUE; | |
426 | + connect_host = HTParse(connect_url, "snews", PARSE_HOST); | |
427 | + if (!strchr(connect_host, ':')) { | |
428 | + sprintf(temp, ":%d", SNEWS_PORT); | |
429 | + StrAllocCat(connect_host, temp); | |
430 | + } | |
5659dc68 | 431 | + CTRACE((tfp, "HTTP: connect_url = '%s'\n", connect_url)); |
432 | + CTRACE((tfp, "HTTP: connect_host = '%s'\n", connect_host)); | |
dae5a450 | 433 | + } |
434 | + } | |
435 | +#endif /* USE_SSL */ | |
436 | + | |
437 | sprintf(crlf, "%c%c", CR, LF); | |
438 | ||
439 | /* | |
440 | @@ -339,12 +423,18 @@ | |
441 | line_kept_clean = NULL; | |
442 | ||
443 | if (!strncmp(url, "https", 5)) | |
444 | +#ifdef USE_SSL | |
445 | + status = HTDoConnect (url, "HTTPS", HTTPS_PORT, &s); | |
446 | + else | |
447 | + status = HTDoConnect (url, "HTTP", HTTP_PORT, &s); | |
448 | +#else | |
449 | { | |
450 | HTAlert(gettext("This client does not contain support for HTTPS URLs.")); | |
451 | status = HT_NOT_LOADED; | |
452 | goto done; | |
453 | } | |
454 | status = HTDoConnect (arg, "HTTP", HTTP_PORT, &s); | |
455 | +#endif /* USE_SSL */ | |
456 | if (status == HT_INTERRUPTED) { | |
457 | /* | |
458 | ** Interrupt cleanly. | |
459 | @@ -374,12 +464,79 @@ | |
460 | * This is a nice long function as well. *sigh* -RJP | |
461 | */ | |
462 | ||
463 | +#ifdef USE_SSL | |
464 | +use_tunnel: | |
465 | + /* | |
466 | + ** If this is an https document | |
467 | + ** then do the SSL stuff here | |
468 | + */ | |
469 | + if (did_connect || !strncmp(url, "https", 5)) { | |
470 | + handle = HTGetSSLHandle(); | |
471 | + SSL_set_fd(handle, s); | |
472 | +#if SSLEAY_VERSION_NUMBER >= 0x0900 | |
473 | + if (!try_tls) | |
474 | + handle->options|=SSL_OP_NO_TLSv1; | |
475 | +#endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */ | |
476 | + status = SSL_connect(handle); | |
477 | + | |
478 | + if (status <= 0) { | |
479 | +#if SSLEAY_VERSION_NUMBER >= 0x0900 | |
480 | + if (try_tls) { | |
13ca32bb | 481 | + CTRACE((tfp, "HTTP: Retrying connection without TLS\n")); |
dae5a450 | 482 | + _HTProgress("Retrying connection."); |
483 | + try_tls = FALSE; | |
484 | + if (did_connect) | |
485 | + HTTP_NETCLOSE(s, handle); | |
486 | + goto try_again; | |
487 | + } else { | |
13ca32bb | 488 | + CTRACE((tfp, |
dae5a450 | 489 | +"HTTP: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n", |
13ca32bb | 490 | + url, status)); |
dae5a450 | 491 | + HTAlert("Unable to make secure connection to remote host."); |
492 | + if (did_connect) | |
493 | + HTTP_NETCLOSE(s, handle); | |
494 | + status = HT_NOT_LOADED; | |
495 | + goto done; | |
496 | + } | |
497 | +#else | |
5659dc68 | 498 | + CTRACE((tfp, |
dae5a450 | 499 | +"HTTP: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n", |
5659dc68 | 500 | + url, status)); |
dae5a450 | 501 | + HTAlert("Unable to make secure connection to remote host."); |
502 | + if (did_connect) | |
503 | + HTTP_NETCLOSE(s, handle); | |
504 | + status = HT_NOT_LOADED; | |
505 | + goto done; | |
506 | +#endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */ | |
507 | + } | |
508 | + _HTProgress (SSL_get_cipher(handle)); | |
509 | + | |
510 | +#ifdef NOTDEFINED | |
511 | + if (strcmp(HTParse(url, "", PARSE_HOST), | |
512 | + strstr(X509_NAME_oneline( | |
513 | + X509_get_subject_name( | |
514 | + handle->session->peer)),"/CN=")+4)) { | |
515 | + HTAlert("Certificate is for different host name"); | |
516 | + HTAlert(strstr(X509_NAME_oneline( | |
517 | + X509_get_subject_name( | |
518 | + handle->session->peer)),"/CN=")+4); | |
519 | + } | |
520 | +#endif /* NOTDEFINED */ | |
521 | + } | |
522 | +#endif /* USE_SSL */ | |
523 | + | |
524 | /* Ask that node for the document, | |
525 | ** omitting the host name & anchor | |
526 | */ | |
527 | { | |
528 | char * p1 = (HTParse(url, "", PARSE_PATH|PARSE_PUNCTUATION)); | |
529 | ||
530 | +#ifdef USE_SSL | |
531 | + if (do_connect) { | |
532 | + METHOD = "CONNECT"; | |
533 | + StrAllocCopy(command, "CONNECT "); | |
534 | + } else | |
535 | +#endif /* USE_SSL */ | |
536 | if (do_post) { | |
537 | METHOD = "POST"; | |
538 | StrAllocCopy(command, "POST "); | |
539 | @@ -396,8 +553,17 @@ | |
540 | ** of say: /gopher://a;lkdjfl;ajdf;lkj/;aldk/adflj | |
541 | ** so that just gopher://.... is sent. | |
542 | */ | |
543 | +#ifdef USE_SSL | |
544 | + if (using_proxy && !did_connect) { | |
545 | + if (do_connect) | |
546 | + StrAllocCat(command, connect_host); | |
547 | + else | |
548 | + StrAllocCat(command, p1+1); | |
549 | + } | |
550 | +#else | |
551 | if (using_proxy) | |
552 | StrAllocCat(command, p1+1); | |
553 | +#endif /* USE_SSL */ | |
554 | else | |
555 | StrAllocCat(command, p1); | |
556 | FREE(p1); | |
557 | @@ -649,6 +815,10 @@ | |
558 | } else { | |
559 | if (traversal || dump_output_immediately) | |
560 | HTAlert(FAILED_NEED_PASSWD); | |
561 | +#ifdef USE_SSL | |
562 | + if(did_connect) | |
563 | + HTTP_NETCLOSE(s, handle); | |
564 | +#endif /* USE_SSL */ | |
565 | FREE(command); | |
566 | FREE(hostname); | |
567 | FREE(docname); | |
568 | @@ -764,7 +934,11 @@ | |
569 | auth_proxy = NO; | |
570 | } | |
571 | ||
572 | +#ifdef USE_SSL | |
573 | + if (!do_connect && do_post) { | |
574 | +#else | |
575 | if (do_post) { | |
576 | +#endif /* USE_SSL */ | |
577 | CTRACE((tfp, "HTTP: Doing post, content-type '%s'\n", | |
578 | anAnchor->post_content_type ? anAnchor->post_content_type | |
579 | : "lose")); | |
580 | @@ -794,9 +968,15 @@ | |
581 | else | |
582 | StrAllocCat(command, crlf); /* Blank line means "end" of headers */ | |
583 | ||
584 | +#ifdef USE_SSL | |
5659dc68 | 585 | + CTRACE ((tfp, "Writing:\n%s%s----------------------------------\n", |
dae5a450 | 586 | + command, |
5659dc68 | 587 | + (anAnchor->post_data && !do_connect ? crlf : ""))); |
dae5a450 | 588 | +#else |
589 | CTRACE((tfp, "Writing:\n%s%s----------------------------------\n", | |
590 | command, | |
591 | (anAnchor->post_data ? crlf : ""))); | |
592 | +#endif | |
593 | ||
594 | _HTProgress (gettext("Sending HTTP request.")); | |
595 | ||
596 | @@ -1159,6 +1339,35 @@ | |
597 | * > 206 is unknown. | |
598 | * All should return something to display. | |
599 | */ | |
600 | +#ifdef USE_SSL | |
601 | + if (do_connect) { | |
5659dc68 | 602 | + CTRACE((tfp, "HTTP: Proxy tunnel to '%s' established.\n", |
603 | + connect_host)); | |
dae5a450 | 604 | + do_connect = FALSE; |
605 | + url = connect_url; | |
606 | + FREE(line_buffer); | |
607 | + FREE(line_kept_clean); | |
608 | + if (!strncmp(connect_url, "snews", 5)) { | |
5659dc68 | 609 | + CTRACE((tfp, |
610 | + " Will attempt handshake and snews connection.\n")); | |
dae5a450 | 611 | + status = HTNewsProxyConnect(s, url, anAnchor, |
612 | + format_out, sink); | |
613 | + goto done; | |
614 | + } | |
615 | + did_connect = TRUE; | |
616 | + already_retrying = TRUE; | |
617 | + eol = 0; | |
618 | + bytes_already_read = 0; | |
619 | + had_header = NO; | |
620 | + length = 0; | |
621 | + doing_redirect = FALSE; | |
622 | + permanent_redirection = FALSE; | |
623 | + target = NULL; | |
5659dc68 | 624 | + CTRACE((tfp, |
625 | + " Will attempt handshake and resubmit headers.\n")); | |
dae5a450 | 626 | + goto use_tunnel; |
627 | + } | |
628 | +#endif /* USE_SSL */ | |
629 | HTProgress(line_buffer); | |
630 | } /* case 2 switch */ | |
631 | break; | |
632 | @@ -1716,6 +1925,13 @@ | |
633 | gettext("Retrying with access authorization information.")); | |
634 | FREE(line_buffer); | |
635 | FREE(line_kept_clean); | |
636 | +#ifdef USE_SSL | |
637 | + if (using_proxy && !strncmp(url, "https://", 8)) { | |
638 | + url = arg; | |
639 | + do_connect = TRUE; | |
640 | + did_connect = FALSE; | |
641 | + } | |
642 | +#endif /* USE_SSL */ | |
643 | goto try_again; | |
644 | } else if (!(traversal || dump_output_immediately) && | |
645 | HTConfirm(gettext("Show the 401 message body?"))) { | |
646 | @@ -2021,6 +2237,15 @@ | |
647 | do_head = FALSE; | |
648 | do_post = FALSE; | |
649 | reloading = FALSE; | |
650 | +#ifdef USE_SSL | |
651 | + do_connect = FALSE; | |
652 | + did_connect = FALSE; | |
653 | + FREE(connect_host); | |
654 | + if (handle) { | |
655 | + SSL_free(handle); | |
656 | + handle = NULL; | |
657 | + } | |
658 | +#endif /* USE_SSL */ | |
659 | return status; | |
660 | } | |
661 | ||
662 | diff -ruN lynx2-8-3/makefile.in lynx2-8-3.ssl/makefile.in | |
663 | --- lynx2-8-3/makefile.in Thu Nov 18 05:08:08 1999 | |
e7bed7b0 | 664 | +++ lynx2-8-3.ssl/makefile.in Tue Dec 7 19:05:43 1999 |
dae5a450 | 665 | @@ -70,6 +70,25 @@ |
666 | COMPRESS_PROG=@COMPRESS_PROG@ | |
667 | COMPRESS_EXT=@COMPRESS_EXT@ | |
668 | ||
669 | +# !!!!!!!!!! SSL Support (HTTPS connections) !!!!!!!!!!!!!!!!!!!!!!!!!!! | |
670 | +# To build a Lynx binary which supports the Secure Sockets Layer (SSL), you | |
671 | +# must compile in the crypto and SSL libraries from the OpenSSL (formerly | |
672 | +# SSLeay) library, available at ftp://ftp.psy.uq.oz.au/pub/Crypto/OpenSSL/. | |
673 | +# Once you have installed OpenSSL or SSLeay, change the location of the | |
674 | +# crypto and SSL libraries in SSL_LIBS and the location of ssl.h and | |
675 | +# crypto.h in SSL_DEFINES if necessary. USE_SSL, defined below, enables | |
676 | +# Lynx to use the SSL and crypto libraries for handling "https" and "snews" | |
677 | +# URLs. | |
678 | +# | |
679 | +# This feature is added by a patch to Lynx (which has been applied, | |
680 | +# otherwise you wouldn't be seeing this message). For more information | |
681 | +# about the SSL patch for Lynx, please see http://www.moxienet.com/lynx/. | |
682 | +# This page also contains links which enable you to test your copy of Lynx' | |
683 | +# ability to make SSL connections. | |
cfcac771 | 684 | +SSL_LIBS= -lssl -lcrypto # in PLD there are in /usr/lib |
e7bed7b0 | 685 | +SSL_DIR= /usr/include/openssl |
686 | +SSL_DEFINES= -I$(SSL_DIR) -DUSE_SSL | |
dae5a450 | 687 | + |
688 | # !!!!!!!!!!! SUN resolv LIBRARY !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | |
689 | # To include resolv in the LIBS="" list for SUN 3, 4 or Solaris OS, | |
690 | # point RESOLVLIB to that library. You need this if you get the message | |
691 | @@ -104,13 +123,13 @@ | |
692 | ||
693 | # If you apply patches which require linking to site-specific libraries, set | |
694 | # SITE_LIBS to those libraries. | |
695 | -SITE_LIBS= # Your libraries here | |
696 | +SITE_LIBS= $(SSL_LIBS) # Your libraries here | |
697 | ||
698 | # Set SITE_LYDEFS to one or more of the defines for the WWW Library: | |
699 | -SITE_LYDEFS = # Your defines here | |
700 | +SITE_LYDEFS = $(SSL_DEFINES) # Your defines here | |
701 | ||
702 | # Set SITE_DEFS to one or more of the defines for lynx below: | |
703 | -SITE_DEFS = # Your defines here | |
704 | +SITE_DEFS = $(SSL_DEFINES) # Your defines here | |
705 | ||
706 | # defines for which there are no configure options: | |
707 | # -DHP_TERMINAL For DIM workaround to REVERSE problems on HP terminals. |