1 diff -ruN lynx2-8-3/WWW/Library/Implementation/HTAAUtil.c lynx2-8-3.ssl/WWW/Library/Implementation/HTAAUtil.c
2 --- lynx2-8-3/WWW/Library/Implementation/HTAAUtil.c Wed Oct 13 16:24:23 1999
3 +++ lynx2-8-3.ssl/WWW/Library/Implementation/HTAAUtil.c Tue Dec 7 18:50:28 1999
5 #include <HTAssoc.h> /* Assoc list */
9 +#define free_func free__func
10 +#include <openssl/ssl.h>
12 +PRIVATE SSL * Handle = NULL; /* The SSL Handle */
15 #include <LYStrings.h>
19 /* Reading from socket */
21 if (start_pointer >= end_pointer) {/*Read the next block and continue*/
24 + count = SSL_read(Handle, buffer, BUFFER_SIZE);
26 + count = NETREAD(in_soc, buffer, BUFFER_SIZE);
28 count = NETREAD(in_soc, buffer, BUFFER_SIZE);
33 diff -ruN lynx2-8-3/WWW/Library/Implementation/HTFormat.c lynx2-8-3.ssl/WWW/Library/Implementation/HTFormat.c
34 --- lynx2-8-3/WWW/Library/Implementation/HTFormat.c Wed Dec 1 04:33:02 1999
35 +++ lynx2-8-3.ssl/WWW/Library/Implementation/HTFormat.c Tue Dec 7 18:50:07 1999
41 +#define free_func free__func
42 +#include <openssl/ssl.h>
46 PUBLIC float HTMaxSecs = 1e10; /* No effective limit */
47 PUBLIC float HTMaxLength = 1e10; /* No effective limit */
48 PUBLIC long int HTMaxBytes = 0; /* No effective limit */
50 return FROMASCII((unsigned char)ch);
54 +PUBLIC char HTGetSSLCharacter ARGS1(void *, handle)
57 + interrupted_in_htgetcharacter = 0;
61 + if (input_pointer >= input_limit) {
62 + int status = SSL_read((SSL *)handle,
63 + input_buffer, INPUT_BUFFER_SIZE);
67 + if (status == HT_INTERRUPTED) {
68 + CTRACE((tfp, "HTFormat: Interrupted in HTGetSSLCharacter\n"));
69 + interrupted_in_htgetcharacter = 1;
72 + CTRACE((tfp, "HTFormat: SSL_read error %d\n", status));
73 + return (char)EOF; /* -1 is returned by UCX
74 + at end of HTTP link */
76 + input_pointer = input_buffer;
77 + input_limit = input_buffer + status;
79 + ch = *input_pointer++;
80 + } while (ch == (char) 13); /* Ignore ASCII carriage return */
82 + return FROMASCII(ch);
86 /* Match maintype to any MIME type starting with maintype,
87 * for example: image/gif should match image
95 + status = SSL_read((SSL *)handle, input_buffer, INPUT_BUFFER_SIZE);
97 + status = NETREAD(file_number, input_buffer, INPUT_BUFFER_SIZE);
99 status = NETREAD(file_number, input_buffer, INPUT_BUFFER_SIZE);
100 +#endif /* USE_SSL */
104 diff -ruN lynx2-8-3/WWW/Library/Implementation/HTNews.c lynx2-8-3.ssl/WWW/Library/Implementation/HTNews.c
105 --- lynx2-8-3/WWW/Library/Implementation/HTNews.c Thu Nov 4 03:41:39 1999
106 +++ lynx2-8-3.ssl/WWW/Library/Implementation/HTNews.c Tue Dec 7 18:58:29 1999
108 #define SERVER_FILE "/usr/local/lib/rn/server"
109 #endif /* SERVER_FILE */
112 +#define free_func free__func
113 +#include <openssl/ssl.h>
115 +extern SSL_CTX * ssl_ctx;
116 +extern SSL * HTGetSSLHandle NOPARAMS;
117 +PRIVATE SSL * Handle = NULL;
118 +PRIVATE int channel_s = 1;
119 +#define NEWS_NETWRITE(sock, buff, size) \
120 + (Handle ? SSL_write(Handle, buff, size) : NETWRITE(sock, buff, size))
121 +#define NEWS_NETCLOSE(sock) \
122 + { (void)NETCLOSE(sock); if (Handle) SSL_free(Handle); Handle = NULL; }
123 +extern char HTGetSSLCharacter PARAMS((void *handle));
124 +PRIVATE char HTNewsGetCharacter NOPARAMS;
125 +#define NEXT_CHAR HTNewsGetCharacter()
127 #define NEWS_NETWRITE NETWRITE
128 #define NEWS_NETCLOSE NETCLOSE
129 #define NEXT_CHAR HTGetCharacter()
130 +#endif /* USE_SSL */
134 @@ -2201,11 +2218,13 @@
136 strchr(arg, '@') == NULL) && (strchr(arg, '*') != NULL));
139 if (!strncasecomp(arg, "snewspost:", 10) ||
140 !strncasecomp(arg, "snewsreply:", 11)) {
141 HTAlert(FAILED_CANNOT_POST_SSL);
142 return HT_NOT_LOADED;
144 +#endif /* !USE_SSL */
145 if (post_wanted || reply_wanted || spost_wanted || sreply_wanted) {
147 ** Make sure we have a non-zero path for the newsgroup(s). - FM
148 @@ -2294,8 +2313,43 @@
149 StrAllocCopy(NewsHREF, command);
151 else if (!strncasecomp(arg, "snews:", 6)) {
153 + if (((*(arg + 6) == '\0') ||
154 + (!strcmp((arg + 6), "/") ||
155 + !strcmp((arg + 6), "//") ||
156 + !strcmp((arg + 6), "///"))) ||
157 + ((!strncmp((arg + 6), "//", 2)) &&
158 + (!(cp = strchr((arg + 8), '/')) || *(cp + 1) == '\0'))) {
160 + group_wanted = FALSE;
161 + list_wanted = TRUE;
162 + } else if (*(arg + 6) != '/') {
164 + } else if (*(arg + 6) == '/' && *(arg + 7) != '/') {
169 + if (!(cp = HTParse(arg, "", PARSE_HOST)) || *cp == '\0') {
170 + if (s >= 0 && NewsHost && strcasecomp(NewsHost, HTNewsHost)) {
174 + StrAllocCopy(NewsHost, HTNewsHost);
176 + if (s >= 0 && NewsHost && strcasecomp(NewsHost, cp)) {
180 + StrAllocCopy(NewsHost, cp);
183 + sprintf(command, "snews://%.250s/", NewsHost);
184 + StrAllocCopy(NewsHREF, command);
186 HTAlert(gettext("This client does not contain support for SNEWS URLs."));
187 return HT_NOT_LOADED;
188 +#endif /* USE_SSL */
190 else if (!strncasecomp (arg, "news:/", 6)) {
191 if (((*(arg + 6) == '\0') ||
192 @@ -2533,7 +2587,18 @@
194 _HTProgress(gettext("Connecting to NewsHost ..."));
197 + if (!using_proxy &&
198 + (!strncmp(arg, "snews:", 6) ||
199 + !strncmp(arg, "snewspost:", 10) ||
200 + !strncmp(arg, "snewsreply:", 11)))
201 + status = HTDoConnect (url, "NNTPS", SNEWS_PORT, &s);
203 + status = HTDoConnect (url, "NNTP", NEWS_PORT, &s);
205 status = HTDoConnect (url, "NNTP", NEWS_PORT, &s);
206 +#endif /* USE_SSL */
208 if (status == HT_INTERRUPTED) {
210 ** Interrupt cleanly.
211 @@ -2549,6 +2614,12 @@
220 +#endif /* USE_SSL */
222 HTSYS_remove(postfile);
224 @@ -2579,6 +2650,50 @@
226 CTRACE((tfp, "HTNews: Connected to news host %s.\n",
230 + ** If this is an snews url,
231 + ** then do the SSL stuff here
233 + if (!using_proxy &&
234 + (!strncmp(url, "snews", 5) ||
235 + !strncmp(url, "snewspost:", 10) ||
236 + !strncmp(url, "snewsreply:", 11))) {
237 + Handle = HTGetSSLHandle();
238 + SSL_set_fd(Handle, s);
239 + status = SSL_connect(Handle);
243 +"HTNews: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n",
246 + "Unable to make secure connection to remote host.");
249 + if (!(post_wanted || reply_wanted ||
250 + spost_wanted || sreply_wanted))
251 + (*targetClass._abort)(target, NULL);
259 + while (remove(postfile) == 0)
260 + ; /* loop through all versions */
266 + return HT_NOT_LOADED;
268 + _HTProgress(SSL_get_cipher(Handle));
270 +#endif /* USE_SSL */
272 HTInitInput(s); /* set up buffering */
274 status = NEWS_NETWRITE(s, proxycmd, strlen(proxycmd));
275 @@ -2928,6 +3043,45 @@
277 free_NNTP_AuthInfo();
281 +PRIVATE char HTNewsGetCharacter NOARGS
284 + return HTGetCharacter();
286 + return HTGetSSLCharacter((void *)Handle);
289 +PUBLIC int HTNewsProxyConnect ARGS5 (int, sock, CONST char *, url,
290 + HTParentAnchor *, anAnchor,
291 + HTFormat, format_out,
295 + CONST char * arg = url;
297 + s = channel_s = sock;
298 + Handle = HTGetSSLHandle();
299 + SSL_set_fd(Handle, s);
300 + status = SSL_connect(Handle);
305 +"HTTP: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n",
307 + HTAlert("Unable to make secure connection to remote host.");
310 + return HT_NOT_LOADED;
312 + _HTProgress(SSL_get_cipher(Handle));
313 + status = HTLoadNews(arg, anAnchor, format_out, sink);
317 +#endif /* USE_SSL */
319 #ifdef GLOBALDEF_IS_MACRO
320 #define _HTNEWS_C_1_INIT { "news", HTLoadNews, NULL }
321 diff -ruN lynx2-8-3/WWW/Library/Implementation/HTTP.c lynx2-8-3.ssl/WWW/Library/Implementation/HTTP.c
322 --- lynx2-8-3/WWW/Library/Implementation/HTTP.c Thu Nov 18 05:08:08 1999
323 +++ lynx2-8-3.ssl/WWW/Library/Implementation/HTTP.c Tue Dec 7 18:47:14 1999
329 +#define free_func free__func
330 +#include <openssl/ssl.h>
331 +#include <openssl/crypto.h>
333 +#endif /* USE_SSL */
335 #define HTTP_VERSION "HTTP/1.0"
339 extern BOOL traversal; /* TRUE if we are doing a traversal */
340 extern BOOL dump_output_immediately; /* TRUE if no interactive user */
343 +PUBLIC SSL_CTX * ssl_ctx = NULL; /* SSL ctx */
345 +PRIVATE void free_ssl_ctx NOARGS
347 + if (ssl_ctx != NULL)
348 + SSL_CTX_free(ssl_ctx);
351 +PUBLIC SSL * HTGetSSLHandle NOARGS
353 + if (ssl_ctx == NULL) {
357 +#if SSLEAY_VERSION_NUMBER < 0x0800
358 + ssl_ctx = SSL_CTX_new();
359 + X509_set_default_verify_paths(ssl_ctx->cert);
361 + SSLeay_add_ssl_algorithms();
362 + ssl_ctx = SSL_CTX_new(SSLv23_client_method());
363 + SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
364 + SSL_CTX_set_default_verify_paths(ssl_ctx);
365 +#endif /* SSLEAY_VERSION_NUMBER < 0x0800 */
366 + atexit(free_ssl_ctx);
368 + return(SSL_new(ssl_ctx));
371 +#define HTTP_NETREAD(sock, buff, size, handle) \
372 + (handle ? SSL_read(handle, buff, size) : NETREAD(sock, buff, size))
373 +#define HTTP_NETWRITE(sock, buff, size, handle) \
374 + (handle ? SSL_write(handle, buff, size) : NETWRITE(sock, buff, size))
375 +#define HTTP_NETCLOSE(sock, handle) \
376 + { (void)NETCLOSE(sock); if (handle) SSL_free(handle); handle = NULL; }
378 +extern int HTNewsProxyConnect PARAMS (( int sock, CONST char *url,
379 + HTParentAnchor *anAnchor,
380 + HTFormat format_out,
383 #define HTTP_NETREAD(a, b, c, d) NETREAD(a, b, c)
384 #define HTTP_NETWRITE(a, b, c, d) NETWRITE(a, b, c)
385 #define HTTP_NETCLOSE(a, b) (void)NETCLOSE(a)
386 +#endif /* USE_SSL */
388 #ifdef _WINDOWS /* 1997/11/06 (Thu) 13:00:08 */
391 BOOL doing_redirect, already_retrying = FALSE, bad_location = FALSE;
395 + BOOL do_connect = FALSE; /* ARE WE going to use a proxy tunnel ? */
396 + BOOL did_connect = FALSE; /* ARE WE actually using a proxy tunnel ? */
397 + CONST char *connect_url = NULL; /* The URL being proxied */
398 + char *connect_host = NULL; /* The host being proxied */
399 + SSL * handle = NULL; /* The SSL handle */
400 +#if SSLEAY_VERSION_NUMBER >= 0x0900
401 + BOOL try_tls = TRUE;
402 +#endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */
404 void * handle = NULL;
405 +#endif /* USE_SSL */
407 if (anAnchor->isHEAD)
414 + if (using_proxy && !strncmp(url, "http://", 7)) {
415 + if (connect_url = strstr((url+7), "https://")) {
417 + connect_host = HTParse(connect_url, "https", PARSE_HOST);
418 + if (!strchr(connect_host, ':')) {
419 + sprintf(temp, ":%d", HTTPS_PORT);
420 + StrAllocCat(connect_host, temp);
422 + CTRACE((tfp, "HTTP: connect_url = '%s'\n", connect_url));
423 + CTRACE((tfp, "HTTP: connect_host = '%s'\n", connect_host));
424 + } else if (connect_url = strstr((url+7), "snews://")) {
426 + connect_host = HTParse(connect_url, "snews", PARSE_HOST);
427 + if (!strchr(connect_host, ':')) {
428 + sprintf(temp, ":%d", SNEWS_PORT);
429 + StrAllocCat(connect_host, temp);
431 + CTRACE((tfp, "HTTP: connect_url = '%s'\n", connect_url));
432 + CTRACE((tfp, "HTTP: connect_host = '%s'\n", connect_host));
435 +#endif /* USE_SSL */
437 sprintf(crlf, "%c%c", CR, LF);
440 @@ -339,12 +423,18 @@
441 line_kept_clean = NULL;
443 if (!strncmp(url, "https", 5))
445 + status = HTDoConnect (url, "HTTPS", HTTPS_PORT, &s);
447 + status = HTDoConnect (url, "HTTP", HTTP_PORT, &s);
450 HTAlert(gettext("This client does not contain support for HTTPS URLs."));
451 status = HT_NOT_LOADED;
454 status = HTDoConnect (arg, "HTTP", HTTP_PORT, &s);
455 +#endif /* USE_SSL */
456 if (status == HT_INTERRUPTED) {
458 ** Interrupt cleanly.
459 @@ -374,12 +464,79 @@
460 * This is a nice long function as well. *sigh* -RJP
466 + ** If this is an https document
467 + ** then do the SSL stuff here
469 + if (did_connect || !strncmp(url, "https", 5)) {
470 + handle = HTGetSSLHandle();
471 + SSL_set_fd(handle, s);
472 +#if SSLEAY_VERSION_NUMBER >= 0x0900
474 + handle->options|=SSL_OP_NO_TLSv1;
475 +#endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */
476 + status = SSL_connect(handle);
479 +#if SSLEAY_VERSION_NUMBER >= 0x0900
481 + CTRACE((tfp, "HTTP: Retrying connection without TLS\n"));
482 + _HTProgress("Retrying connection.");
485 + HTTP_NETCLOSE(s, handle);
489 +"HTTP: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n",
491 + HTAlert("Unable to make secure connection to remote host.");
493 + HTTP_NETCLOSE(s, handle);
494 + status = HT_NOT_LOADED;
499 +"HTTP: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n",
501 + HTAlert("Unable to make secure connection to remote host.");
503 + HTTP_NETCLOSE(s, handle);
504 + status = HT_NOT_LOADED;
506 +#endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */
508 + _HTProgress (SSL_get_cipher(handle));
511 + if (strcmp(HTParse(url, "", PARSE_HOST),
512 + strstr(X509_NAME_oneline(
513 + X509_get_subject_name(
514 + handle->session->peer)),"/CN=")+4)) {
515 + HTAlert("Certificate is for different host name");
516 + HTAlert(strstr(X509_NAME_oneline(
517 + X509_get_subject_name(
518 + handle->session->peer)),"/CN=")+4);
520 +#endif /* NOTDEFINED */
522 +#endif /* USE_SSL */
524 /* Ask that node for the document,
525 ** omitting the host name & anchor
528 char * p1 = (HTParse(url, "", PARSE_PATH|PARSE_PUNCTUATION));
532 + METHOD = "CONNECT";
533 + StrAllocCopy(command, "CONNECT ");
535 +#endif /* USE_SSL */
538 StrAllocCopy(command, "POST ");
540 ** of say: /gopher://a;lkdjfl;ajdf;lkj/;aldk/adflj
541 ** so that just gopher://.... is sent.
544 + if (using_proxy && !did_connect) {
546 + StrAllocCat(command, connect_host);
548 + StrAllocCat(command, p1+1);
552 StrAllocCat(command, p1+1);
553 +#endif /* USE_SSL */
555 StrAllocCat(command, p1);
559 if (traversal || dump_output_immediately)
560 HTAlert(FAILED_NEED_PASSWD);
563 + HTTP_NETCLOSE(s, handle);
564 +#endif /* USE_SSL */
573 + if (!do_connect && do_post) {
576 +#endif /* USE_SSL */
577 CTRACE((tfp, "HTTP: Doing post, content-type '%s'\n",
578 anAnchor->post_content_type ? anAnchor->post_content_type
582 StrAllocCat(command, crlf); /* Blank line means "end" of headers */
585 + CTRACE ((tfp, "Writing:\n%s%s----------------------------------\n",
587 + (anAnchor->post_data && !do_connect ? crlf : "")));
589 CTRACE((tfp, "Writing:\n%s%s----------------------------------\n",
591 (anAnchor->post_data ? crlf : "")));
594 _HTProgress (gettext("Sending HTTP request."));
596 @@ -1159,6 +1339,35 @@
598 * All should return something to display.
602 + CTRACE((tfp, "HTTP: Proxy tunnel to '%s' established.\n",
604 + do_connect = FALSE;
607 + FREE(line_kept_clean);
608 + if (!strncmp(connect_url, "snews", 5)) {
610 + " Will attempt handshake and snews connection.\n"));
611 + status = HTNewsProxyConnect(s, url, anAnchor,
615 + did_connect = TRUE;
616 + already_retrying = TRUE;
618 + bytes_already_read = 0;
621 + doing_redirect = FALSE;
622 + permanent_redirection = FALSE;
625 + " Will attempt handshake and resubmit headers.\n"));
628 +#endif /* USE_SSL */
629 HTProgress(line_buffer);
630 } /* case 2 switch */
632 @@ -1716,6 +1925,13 @@
633 gettext("Retrying with access authorization information."));
635 FREE(line_kept_clean);
637 + if (using_proxy && !strncmp(url, "https://", 8)) {
640 + did_connect = FALSE;
642 +#endif /* USE_SSL */
644 } else if (!(traversal || dump_output_immediately) &&
645 HTConfirm(gettext("Show the 401 message body?"))) {
646 @@ -2021,6 +2237,15 @@
651 + do_connect = FALSE;
652 + did_connect = FALSE;
653 + FREE(connect_host);
658 +#endif /* USE_SSL */
662 diff -ruN lynx2-8-3/makefile.in lynx2-8-3.ssl/makefile.in
663 --- lynx2-8-3/makefile.in Thu Nov 18 05:08:08 1999
664 +++ lynx2-8-3.ssl/makefile.in Tue Dec 7 19:05:43 1999
666 COMPRESS_PROG=@COMPRESS_PROG@
667 COMPRESS_EXT=@COMPRESS_EXT@
669 +# !!!!!!!!!! SSL Support (HTTPS connections) !!!!!!!!!!!!!!!!!!!!!!!!!!!
670 +# To build a Lynx binary which supports the Secure Sockets Layer (SSL), you
671 +# must compile in the crypto and SSL libraries from the OpenSSL (formerly
672 +# SSLeay) library, available at ftp://ftp.psy.uq.oz.au/pub/Crypto/OpenSSL/.
673 +# Once you have installed OpenSSL or SSLeay, change the location of the
674 +# crypto and SSL libraries in SSL_LIBS and the location of ssl.h and
675 +# crypto.h in SSL_DEFINES if necessary. USE_SSL, defined below, enables
676 +# Lynx to use the SSL and crypto libraries for handling "https" and "snews"
679 +# This feature is added by a patch to Lynx (which has been applied,
680 +# otherwise you wouldn't be seeing this message). For more information
681 +# about the SSL patch for Lynx, please see http://www.moxienet.com/lynx/.
682 +# This page also contains links which enable you to test your copy of Lynx'
683 +# ability to make SSL connections.
684 +SSL_LIBS= -lssl -lcrypto # in PLD there are in /usr/lib
685 +SSL_DIR= /usr/include/openssl
686 +SSL_DEFINES= -I$(SSL_DIR) -DUSE_SSL
688 # !!!!!!!!!!! SUN resolv LIBRARY !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
689 # To include resolv in the LIBS="" list for SUN 3, 4 or Solaris OS,
690 # point RESOLVLIB to that library. You need this if you get the message
691 @@ -104,13 +123,13 @@
693 # If you apply patches which require linking to site-specific libraries, set
694 # SITE_LIBS to those libraries.
695 -SITE_LIBS= # Your libraries here
696 +SITE_LIBS= $(SSL_LIBS) # Your libraries here
698 # Set SITE_LYDEFS to one or more of the defines for the WWW Library:
699 -SITE_LYDEFS = # Your defines here
700 +SITE_LYDEFS = $(SSL_DEFINES) # Your defines here
702 # Set SITE_DEFS to one or more of the defines for lynx below:
703 -SITE_DEFS = # Your defines here
704 +SITE_DEFS = $(SSL_DEFINES) # Your defines here
706 # defines for which there are no configure options:
707 # -DHP_TERMINAL For DIM workaround to REVERSE problems on HP terminals.