Simon Josefsson <[EMAIL PROTECTED]> writes: > The patch to socket.? removes some never needed code with GnuTLS, and > removes the need for the no_tls variable and the ssl_set_no_tls() > function altogether by replacing each occurrence of setting the no_tls > variable, and calling the function if that variable is set, with the > actions done by that function (for the OpenSSL case, no such code is > needed for GnuTLS). I have not tested this with OpenSSL, so please > double check it.
It seems wrong to me. Previously, ssl_connect() could set socket->no_tls = 1, and then call connect_socket(), which would indirectly call done_ssl_connection(), which sets socket->ssl = NULL; the next call to ssl_connect() would then construct a new ssl_t, make socket->ssl point to it, and see that socket->no_tls is 1. That is, socket->no_tls used to outlive socket->ssl. With your change, ssl_connect() now alters *socket->ssl directly, and this effect is lost in done_ssl_connection(). The no_tls flag was already present (as no_tsl) in connect.c when it was first imported to the ELinks CVS repository on 2001-10-27. I don't know why it was originally added, but I'm guessing it works around buggy servers that happily negotiate TLS but then fail to implement it properly. Could you explain why you think ELinks does not need such a workaround with GnuTLS? Of course, it is possible that all the buggy servers have already been fixed and we can remove the workaround for OpenSSL too, but even in that case it should be done as a separate patch, so it's easier to revert if necessary. If your patches are applied to ELinks, I would like to add your name and email address (as shown above) to the AUTHORS file and to the author field of the commits in the ELinks Git repository. From there, they would then propagate to an unknown number of mirrors and other systems (e.g. CIA.vc) worldwide. It would be difficult to remove this information afterwards. Do you consent to this, or would you rather like to e.g. obscure the email address?
pgpvbVV6QTtGA.pgp
Description: PGP signature
_______________________________________________ elinks-dev mailing list elinks-dev@linuxfromscratch.org http://linuxfromscratch.org/mailman/listinfo/elinks-dev
