[elinks-dev] [PATCH] lists.h: list_is_singleton() now returns false for empty list

[Kamil Dudka]

We have a crash report of ELinks 0.12pre6 with backtrace going through
bookmark_all_terminals().  I believe it is caused by list_is_singleton()
returning true for an empty list.  Consequently, bookmark_terminal()
attempts to access a list item that does not exist.

While it would be possible to fix bookmark_all_terminals() to explicitly
check the list for emptiness, I propose to fix list_is_singleton() such
that it does not return true for an empty list.  I checked the other
uses of list_is_singleton() and the proposed change should not introduce
any change in the behavior elsewhere.

Bug: https://bugzilla.redhat.com/1075415
---
 src/util/lists.h |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/util/lists.h b/src/util/lists.h
index b577c9f..9da38ae 100644
--- a/src/util/lists.h
+++ b/src/util/lists.h
@@ -146,7 +146,8 @@ do { \
 #define list_empty(x) (list_magic_chkbool(x, "list_empty") && (x).next == &(x))
 
 #define list_is_singleton(x) \
-   (list_magic_chkbool(x, "list_is_singleton") && (x).next == (x).prev)
+   (list_magic_chkbool(x, "list_is_singleton") && (x).next == (x).prev \
+   && !list_empty(x))
 
 #define list_has_prev(l,p) \
(list_magic_chkbool(l, "list_has_prev") && (p)->prev !=  (void *) &(l))
-- 
1.7.1

___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

Re: [elinks-dev] [PATCH] configure.in: add a missing AC_LANG_PROGRAM macro

[Kamil Dudka]

On Monday 25 February 2013 15:45:32 Kamil Dudka wrote:
> ... around the first argument of AC_COMPILE_IFELSE in order to eliminate
> warnings with autoconf 2.68.
> ---
>  configure.in |4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/configure.in b/configure.in
> index 023af06..9d992ee 100644
> --- a/configure.in
> +++ b/configure.in
> @@ -221,7 +221,7 @@ AC_STRUCT_TM
>  AC_C_CONST
>  AC_C_INLINE
>  AC_MSG_CHECKING([[for C99-conforming inline]])
> -AC_COMPILE_IFELSE([[
> +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
>   int add(int change);
> 
>   static int sum;
> @@ -237,7 +237,7 @@ AC_COMPILE_IFELSE([[
>   sub(int change)
>   {
>   return add(-change);
> - }]],
> + }]])],
>   [AC_MSG_RESULT([[yes]])
>AC_DEFINE([NONSTATIC_INLINE], [inline],
>   [Define as inline if the compiler lets you declare a function 
> without
>  inline, then define it with inline, and have that definition refer to
>  identifiers with internal linkage.  This is allowed by C99 6.7.4p6 and
>  6.7.4p3 together.  Otherwise define as nothing.])],

The above patch still applies.  Any chance to get this in?  Thanks in advance!

Kamil
___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

Re: [elinks-dev] update to autoconf 2.69

[Kamil Dudka]

On Tuesday 09 April 2013 02:24:19 Kalle Olavi Niemitalo wrote:
> Kamil Dudka  writes:
> > would it be possible to use autoconf 2.69+ for creating the new releases
> > of elinks in order to support the ARM 64 bit CPU architecture (aarch64)?
> 
> I'm not sure it's permitted under the GPLv2 license of configure.in.
> The license requires that source files are distributed under GPLv2.
> I think /usr/share/autoconf/autoconf/general.m4 may be a source file
> of the resulting configure script, but in Autoconf 2.69, that file
> is under GPLv3-or-later + Autoconf Configure Script Exception v3.
> The exception grants permission to propagate the configure script,
> but not to distribute general.m4 itself under GPLv2.
> 
> I don't see any license problems with upgrading just config.guess
> and config.sub.  The patch linked from
> https://bugzilla.redhat.com/show_bug.cgi?id=925306 does not
> change the GPLv2-or-later license of those files.  Even if we
> upgraded to the 2013-02-12 versions, which are under
> GPLv3-or-later, it seems the "special exception" would allow us
> to distribute them under GPLv2 as part of ELinks, which is
> licensed under GPLv2 and contains a configure script generated by
> Autoconf.  They don't say it has to be the latest version of
> Autoconf.

Yes, just updating config.guess and config.sub should do the job.  We are 
currently discussing an alternative solution -- replacing those files during 
build by our build system.  Nevertheless, it makes still sense to get the 
upstream tarballs working on aarch64 out of the box, which can be achieved
by using up2date config.guess and config.sub in the tarballs of upcoming 
ELinks' releases as you suggest.

Kamil
___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

[elinks-dev] update to autoconf 2.69

[Kamil Dudka]

Hello,

would it be possible to use autoconf 2.69+ for creating the new releases
of elinks in order to support the ARM 64 bit CPU architecture (aarch64)?

We have the following bug report in Fedora:

https://bugzilla.redhat.com/925306

Thanks in advance!

Kamil
___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

[elinks-dev] [PATCH] configure.in: add a missing AC_LANG_PROGRAM macro

[Kamil Dudka]

... around the first argument of AC_COMPILE_IFELSE in order to eliminate
warnings with autoconf 2.68.
---
 configure.in |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.in b/configure.in
index 023af06..9d992ee 100644
--- a/configure.in
+++ b/configure.in
@@ -221,7 +221,7 @@ AC_STRUCT_TM
 AC_C_CONST
 AC_C_INLINE
 AC_MSG_CHECKING([[for C99-conforming inline]])
-AC_COMPILE_IFELSE([[
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
int add(int change);
 
static int sum;
@@ -237,7 +237,7 @@ AC_COMPILE_IFELSE([[
sub(int change)
{
return add(-change);
-   }]],
+   }]])],
[AC_MSG_RESULT([[yes]])
 AC_DEFINE([NONSTATIC_INLINE], [inline],
[Define as inline if the compiler lets you declare a function 
without inline, then define it with inline, and have that definition refer to 
identifiers with internal linkage.  This is allowed by C99 6.7.4p6 and 6.7.4p3 
together.  Otherwise define as nothing.])],
-- 
1.7.1

___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

[elinks-dev] [PATCH V2] rewrite: add default "ddg" dumb/smart prefixes for DuckDuckGo

[Kamil Dudka]

On Wednesday 19 September 2012 22:02:59 Kalle Olavi Niemitalo wrote:
> Kamil Dudka  writes:
> > +   INIT_OPT_SMART_PREFIX("ddg", "https://duckduckgo.com/?q=%s&t=elinks";),
> 
> ELinks can be built without SSL/TLS support, in which case it
> will pop up an error message when asked to open an https URL.
> This may be why all the other prefixes use http rather than
> https.  If you want to use https whenever possible, you can do
> this:
> 
> #ifdef CONFIG_SSL
>   INIT_OPT_SMART_PREFIX("ddg", "https://duckduckgo.com/?q=%s&t=elinks";),
> #else
>   INIT_OPT_SMART_PREFIX("ddg", "http://duckduckgo.com/?q=%s&t=elinks";),
> #endif
> 
> However, there is a risk that the http variant might get saved to
> ~/.elinks/elinks.conf, in which case ELinks will keep using that
> even if the user later installs an SSL/TLS-capable ELinks binary.
> Such saving happens if the user edits the rewriting rule, or if
> the user sets config.saving_style = 1 or 2.  I don't know whether
> this risk is so bad you'd prefer using https unconditionally.
> 
> The "t=elinks" parameter at the end makes me feel a bit uneasy.
> None of the other prefix definitions has anything like that,
> perhaps indicating the prefixes were added without consulting the
> webmasters.  On the other hand, because ELinks by default reveals
> its name in the User-Agent header, it is OK to include "t=elinks"
> here too.  It might however deserve a note in the documentation
> of protocol.http.user_agent:
> 
> diff --git a/src/protocol/http/http.c b/src/protocol/http/http.c
> index e58c7af..14f89f8 100644
> --- a/src/protocol/http/http.c
> +++ b/src/protocol/http/http.c
> @@ -204,7 +204,8 @@ static struct option_info http_options[] = {
>   "pushing some lite version to them automagically.\n"
>   "\n"
>   "Use \" \" if you don't want any User-Agent header to be sent "
> - "at all.\n"
> + "at all. URI rewriting rules may still include parameters "
> + "that reveal you are using ELinks.\n"
>   "\n"
>   "%v in the string means ELinks version,\n"
>   "%s in the string means system identification,\n"

Thanks for your comments.  Please find the attached new version of the patch, 
which includes the note in the documentation as you suggested above, and uses 
non-SSL URIs to avoid problems on ELinks' builds without the SSL/TLS support.

Kamil
From f303462740495e79111b1b02dc71b966d37c913c Mon Sep 17 00:00:00 2001
From: Kamil Dudka 
Date: Tue, 18 Sep 2012 15:32:31 +0200
Subject: [PATCH] rewrite: add default "ddg" dumb/smart prefixes for DuckDuckGo

... and mention that URI rewriting rules may leak ELinks' identity
in the documentation of protocol.http.user_agent.

Originally requested at <https://bugzilla.redhat.com/856348>.
---
 src/protocol/http/http.c   |3 ++-
 src/protocol/rewrite/rewrite.c |2 ++
 2 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/src/protocol/http/http.c b/src/protocol/http/http.c
index ce14031..98053c0 100644
--- a/src/protocol/http/http.c
+++ b/src/protocol/http/http.c
@@ -204,7 +204,8 @@ static struct option_info http_options[] = {
 		"pushing some lite version to them automagically.\n"
 		"\n"
 		"Use \" \" if you don't want any User-Agent header to be sent "
-		"at all.\n"
+		"at all. URI rewriting rules may still include parameters "
+		"that reveal you are using ELinks.\n"
 		"\n"
 		"%v in the string means ELinks version,\n"
 		"%s in the string means system identification,\n"
diff --git a/src/protocol/rewrite/rewrite.c b/src/protocol/rewrite/rewrite.c
index dd5c7ab..e01da74 100644
--- a/src/protocol/rewrite/rewrite.c
+++ b/src/protocol/rewrite/rewrite.c
@@ -121,6 +121,7 @@ static struct option_info uri_rewrite_options[] = {
 	INIT_OPT_DUMB_PREFIX("cia", "http://cia.navi.cx/";),
 	INIT_OPT_DUMB_PREFIX("b", "http://babelfish.altavista.com/babelfish/tr";),
 	INIT_OPT_DUMB_PREFIX("d", "http://www.dict.org";),
+	INIT_OPT_DUMB_PREFIX("ddg", "http://duckduckgo.com/?t=elinks";),
 	INIT_OPT_DUMB_PREFIX("g", "http://www.google.com/";),
 	INIT_OPT_DUMB_PREFIX("gg", "http://www.google.com/";),
 	INIT_OPT_DUMB_PREFIX("go", "http://www.google.com/";),
@@ -158,6 +159,7 @@ static struct option_info uri_rewrite_options[] = {
 	INIT_OPT_SMART_PREFIX("cambridge", "http://dictionary.cambridge.org/results.asp?searc

Re: [elinks-dev] [PATCH] rewrite: add default "ddg" dumb/smart prefixes for DuckDuckGo

[Kamil Dudka]

On Wednesday 19 September 2012 22:02:59 Kalle Olavi Niemitalo wrote:
> Kamil Dudka  writes:
> > +   INIT_OPT_SMART_PREFIX("ddg", "https://duckduckgo.com/?q=%s&t=elinks";),
> 
> ELinks can be built without SSL/TLS support, in which case it
> will pop up an error message when asked to open an https URL.
> This may be why all the other prefixes use http rather than
> https.  If you want to use https whenever possible, you can do
> this:
> 
> #ifdef CONFIG_SSL
>   INIT_OPT_SMART_PREFIX("ddg", "https://duckduckgo.com/?q=%s&t=elinks";),
> #else
>   INIT_OPT_SMART_PREFIX("ddg", "http://duckduckgo.com/?q=%s&t=elinks";),
> #endif
> 
> However, there is a risk that the http variant might get saved to
> ~/.elinks/elinks.conf, in which case ELinks will keep using that
> even if the user later installs an SSL/TLS-capable ELinks binary.
> Such saving happens if the user edits the rewriting rule, or if
> the user sets config.saving_style = 1 or 2.  I don't know whether
> this risk is so bad you'd prefer using https unconditionally.

Prakash, is it fine to use the non-SSL URLs (starting with http://)
for elinks?  They appear working to me...

Kamil
___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

[elinks-dev] [PATCH] rewrite: add default "ddg" dumb/smart prefixes for DuckDuckGo

[Kamil Dudka]

Originally requested at .
---
 src/protocol/rewrite/rewrite.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/src/protocol/rewrite/rewrite.c b/src/protocol/rewrite/rewrite.c
index dd5c7ab..b87fd99 100644
--- a/src/protocol/rewrite/rewrite.c
+++ b/src/protocol/rewrite/rewrite.c
@@ -121,6 +121,7 @@ static struct option_info uri_rewrite_options[] = {
INIT_OPT_DUMB_PREFIX("cia", "http://cia.navi.cx/";),
INIT_OPT_DUMB_PREFIX("b", 
"http://babelfish.altavista.com/babelfish/tr";),
INIT_OPT_DUMB_PREFIX("d", "http://www.dict.org";),
+   INIT_OPT_DUMB_PREFIX("ddg", "https://duckduckgo.com/?t=elinks";),
INIT_OPT_DUMB_PREFIX("g", "http://www.google.com/";),
INIT_OPT_DUMB_PREFIX("gg", "http://www.google.com/";),
INIT_OPT_DUMB_PREFIX("go", "http://www.google.com/";),
@@ -158,6 +159,7 @@ static struct option_info uri_rewrite_options[] = {
INIT_OPT_SMART_PREFIX("cambridge", 
"http://dictionary.cambridge.org/results.asp?searchword=%s";),
INIT_OPT_SMART_PREFIX("cliki", 
"http://www.cliki.net/admin/search?words=%s";),
INIT_OPT_SMART_PREFIX("d", 
"http://www.dict.org/bin/Dict?Query=%s&Form=Dict1&Strategy=*&Database=*&submit=Submit+query";),
+   INIT_OPT_SMART_PREFIX("ddg", "https://duckduckgo.com/?q=%s&t=elinks";),
INIT_OPT_SMART_PREFIX("dmoz", 
"http://search.dmoz.org/cgi-bin/search?search=%s";),
INIT_OPT_SMART_PREFIX("foldoc", 
"http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?%s";),
INIT_OPT_SMART_PREFIX("g", 
"http://www.google.com/search?q=%s&btnG=Google+Search";),
-- 
1.7.1

___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

[elinks-dev] elink's command-line option -force-html

[Kamil Dudka]

Hello,

we have a bug in our bugzilla, reported by Joel Uckelman (CC'd):

https://bugzilla.redhat.com/601332

Semantic of the -force-html option is a bit counter-intuitive.  One would 
expect that an option named "force*" indeed forces something.  However it
just changes the default type for unknown documents only, thus does not
force anything.

I see the same option in lynx, where it indeed forces the type of document
and works properly.  Would it be possible to change behavior of that option?

If not, does it make sense to add another option doing the same as lynx's
-force-html?

Thanks in advance for answers!

Kamil
___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

Re: [elinks-dev] Patch to enable Spidermonkey feature compilation against xulrunner

[Kamil Dudka]

On Wednesday 31 of March 2010 13:06:22 أحمد المحمودي wrote:
> Hello,
>
>   This is a patch I prepared to enable Spidermonkey feature to be
>   compiled against xulrunner. This is useful for distributions such as
>   Ubuntu that ceased to ship a proper libmozjs, yet instead provide it
>   as part of xulrunner.

Let me note the file 'configure' is generated.  You need to modify 
'configure.in' instead.  Otherwise your changes will be blown out
on the next run of autoconf.

Kamil
___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

Re: [elinks-dev] [PATCH] Add support for nss_compat_ossl library (OpenSSL replacement).

[Kamil Dudka]

On Saturday 27 of September 2008 12:40:32 Kalle Olavi Niemitalo wrote:
> I'm going to apply this version, but I noticed something odd.
Thank you!

> It appears you made the configure script run "pkg-config nss"
> only if given --with-nss_compat_ossl without the DIR argument.
> When given --with-nss_compat_ossl=DIR, it does not add the output
> of "pkg-config --cflags nss" to CFLAGS, for example.  Did you
> intend this?  If not, please post a separate patch to fix it.
Yes, if you specify DIR manually, pkg-config is not used. I think the same 
approach as here:
https://fedoraproject.org/wiki/Nss_compat_ossl#Sample_Application


Kamil
___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

Re: [elinks-dev] [PATCH] Add support for nss_compat_ossl library (OpenSSL replacement).

[Kamil Dudka]

On Saturday 20 September 2008 19:55:53 Kalle Olavi Niemitalo wrote:
> Perhaps your ELinks changes are stable.  However, nss_compat_ossl
> 0.9.2 itself is not stable enough.  Its SSL_library_init() calls
> exit(1) with no error message at all if NSS_Init(certDir) fails.
> That is just ridiculous; ELinks should still be able to access
> non-SSL sites.
This should be reported. If you agree I forward this report to nss_compat_ossl 
maintainer.

> Please change the configure script to select nss_compat_ossl only
> if explicitly requested by the user.  ELinks should not use it by
> default, even if no other SSL library is available.  This can be
> revisited after an improved version of nss_compat_ossl has been
> released and the configure script can check the version.
Well, fixed. Support for nss_compat_ossl must be requested by user now.

> Also, the configure script should remove NSS from CFLAGS and LIBS
> again if it notices nss_compat_ossl has not been installed.
Fixed.

> Your patch added a NEWS entry into the section about ELinks 0.11.3,
> which has already been released.  I will move that to the right
> place.  Also, I would like to refer to the Fedora bugzilla:
>
> * Fedora enhancement 346861: Add support for nss_compat_ossl library
>   (OpenSSL replacement).
Fixed.

> I had some trouble building nss_compat_ossl 0.9.2 on Debian:
>
> - Here, the libnss3-dev package contains e.g. /usr/include/nss/ssl.h, and
>   pkg-config --cflags nss outputs "-I/usr/include/nss -I/usr/include/nspr",
>   but nss_compat_ossl-0.9.2/src/nss_compat_ossl.h does #include
> . As there is no actual nss3 directory, nor a symlink, this
> does not work.
>
> - Likewise with #include .
>
> - Similarly, we have /usr/lib/nss/libsoftokn3.so, but pkg-config --libs nss
>   does not output any -L options, so -lsoftokn3 in
>   nss_compat_ossl-0.9.2/src/Makefile.am doesn't find the library;
>   however, if I remove that -lsoftokn3, then nss_compat_ossl builds.
>
> Browsing the source code, I noticed RAND_load_file() can get
> stuck in a loop if I/O errors occur: fread() and feof() both
> return 0.  And RAND_write_file() should check for errors on
> fwrite() and fclose().  I gave up on reviewing ssl.c because
> I don't know NSPR and SSL well enough.
I will forward this to nss_compat_ossl maintainer since this is fundamental 
package of further Fedora release. CryptoConsolidation tracking bug covers 
over 200 bugs, so these issues should be fixed as soon as possible.

New patch in attachment. Let me just mention the configure --help indentation 
patch which has been not applied yet.


Have a nice day
Kamil
From 9bc26d3b5f5fe39e449cbbb5d69206f9bcfd1fa0 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <[EMAIL PROTECTED]>
Date: Tue, 23 Sep 2008 13:27:47 +0200
Subject: [PATCH] add support for nss_compat_ossl library (OpenSSL replacement)

 * configure.in: New configure parameter --with-nss_compat_ossl.
 * socket.c: New configure option connection.ssl.client_cert.nickname.
 * ssl.h: Handle CONFIG_NSS_COMPAT_OSSL macro.
 * ssl.c: Add support for nss_compat_ossl.
 * TODO: Remove completed task.
 * NEWS: Mention the change.
---
 NEWS |2 ++
 configure.in |   35 ++-
 src/network/ssl/TODO |4 
 src/network/ssl/socket.c |   29 ++---
 src/network/ssl/ssl.c|   32 +---
 src/network/ssl/ssl.h|2 +-
 6 files changed, 84 insertions(+), 20 deletions(-)

diff --git a/NEWS b/NEWS
index 5267b83..e6bff6d 100644
--- a/NEWS
+++ b/NEWS
@@ -48,6 +48,8 @@ Miscellaneous:
 * enhancement: Indicate backgrounded downloads using an unused led.
 * enhancement: Display the number of ECMAScript interpreters that have
   been allocated for documents in the Resources dialog.
+* Fedora enhancement 346861: Add support for nss_compat_ossl library
+  (OpenSSL replacement).
 
 //
 The following changes should be removed from NEWS before ELinks 0.13.0
diff --git a/configure.in b/configure.in
index a8f7c2d..fa8fcb5 100644
--- a/configure.in
+++ b/configure.in
@@ -952,6 +952,7 @@ gnutls_withval="$withval"
 
 if test "$enable_gnutls" = yes; then
 	disable_openssl=yes;
+	with_nss_compat_ossl=no;
 fi
 
 AC_ARG_WITH(openssl, [  --without-openssl   disable OpenSSL support],
@@ -959,6 +960,37 @@ AC_ARG_WITH(openssl, [  --without-openssl   disable OpenSSL support],
 AC_ARG_WITH(openssl, [  --with-openssl[=DIR]enable OpenSSL support (default)])
 openssl_withval="$withval"
 
+AC_ARG_WITH(nss_compat_ossl, [[  --with-nss_compat_ossl[=DIR]
+  NSS compatibility SSL libraries/include files]])
+
+# nss_compat_ossl
+if test -n "$with_nss_compat_ossl" && test "$with_nss_compat_ossl&

Re: [elinks-dev] [PATCH] fix mangled indentation in configure --help

[Kamil Dudka]

On Tuesday 09 September 2008 23:07:04 Kalle Olavi Niemitalo wrote:
> ELinks should be kept compatible with Autoconf 2.59, but if you
> add four pairs of square brackets for that, I think Autoconf 2.62
> will then include too many of them in the --help output.  So the
> right solution seems to be to avoid AC_HELP_STRING and instead
> align the strings by hand.  Alternatively, one could define
> EL_HELP_STRING, but that would probably require more effort than
> it'd save.
>
> The alignment and brackets are minor details.  If you feel they
> are costing too much time, I think it'd be enough to have the
> same level of correctness as in the preexisting options.
> I do not want the four pairs of square brackets though.
Well, removed AC_HELP_STRING from elinks-nss.patch as well...

> > +   if test -z "$with_nss_compat_ossl" -o "$with_nss_compat_ossl" = yes;
> > then
>
> The Autoconf manual advises against using the -a and -o operators
> of test, because of variations in precedence.  Instead:
>
> + if test -z "$with_nss_compat_ossl" || test "$with_nss_compat_ossl" = 
> yes;
> then
Also fixed, new patch in attachment...


Kamil
From aa219c6221c46e6a006f325e5d84b388f1c6662b Mon Sep 17 00:00:00 2001
From: Kamil Dudka <[EMAIL PROTECTED]>
Date: Wed, 10 Sep 2008 10:21:12 +0200
Subject: [PATCH] add support for nss_compat_ossl library (OpenSSL replacement)

* configure.in: Detection of nss_compat_ossl library.
New configure parameters --with-nss_compat_ossl, --without-nss_compat_ossl.
* socket.c: New configure option connection.ssl.client_cert.nickname.
* ssl.h: Handle CONFIG_NSS_COMPAT_OSSL macro.
* ssl.c: Add support for nss_compat_ossl.
* TODO: Remove completed task.
* NEWS: Mention the change.
---
 NEWS |2 ++
 configure.in |   33 -
 src/network/ssl/TODO |4 
 src/network/ssl/socket.c |   29 ++---
 src/network/ssl/ssl.c|   32 +---
 src/network/ssl/ssl.h|2 +-
 6 files changed, 82 insertions(+), 20 deletions(-)

diff --git a/NEWS b/NEWS
index 5267b83..1d9f71e 100644
--- a/NEWS
+++ b/NEWS
@@ -401,6 +401,8 @@ Released on 2007-04-15.
 * enhancement 767: recognize URL in META Refresh even without "URL="
 * enhancement 396: search for "" if the server doesn't specify a
   Content-Type
+* enhancement: Add support for nss_compat_ossl library (OpenSSL
+  replacement).
 
 ELinks 0.11.2:
 --
diff --git a/configure.in b/configure.in
index 77133a9..06f66db 100644
--- a/configure.in
+++ b/configure.in
@@ -952,6 +952,7 @@ gnutls_withval="$withval"
 
 if test "$enable_gnutls" = yes; then
 	disable_openssl=yes;
+	with_nss_compat_ossl=no;
 fi
 
 AC_ARG_WITH(openssl, [  --without-openssl   disable OpenSSL support],
@@ -959,6 +960,35 @@ AC_ARG_WITH(openssl, [  --without-openssl   disable OpenSSL support],
 AC_ARG_WITH(openssl, [[  --with-openssl[=DIR]enable OpenSSL support (default)]])
 openssl_withval="$withval"
 
+AC_ARG_WITH(nss_compat_ossl, [[  --with-nss_compat_ossl[=DIR]
+  NSS compatibility SSL libraries/include files]])
+
+# nss_compat_ossl
+EL_SAVE_FLAGS
+if test "$with_nss_compat_ossl" != "no"; then
+if test -z "$with_nss_compat_ossl" || test "$with_nss_compat_ossl" = yes; then
+		if pkg-config nss; then
+			CFLAGS="$CFLAGS_X `pkg-config --cflags nss`"
+			LIBS="$LIBS_X `pkg-config --libs nss`"
+		else
+			with_nss_compat_ossl=no
+		fi
+	else
+		# Without pkg-config, we'll kludge in some defaults
+		CFLAGS="$CFLAGS_X -I$with_nss_compat_ossl/include -I/usr/include/nss3 -I/usr/include/nspr4"
+		LIBS="$LIBS_X -L$with_nss_compat_ossl/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"
+	fi
+	AC_CHECK_HEADERS(nss_compat_ossl/nss_compat_ossl.h,, [with_nss_compat_ossl=no], [#define NSS_COMPAT_OSSL_H])
+	AC_CHECK_LIB(nss_compat_ossl, X509_free,, [with_nss_compat_ossl=no])
+fi
+
+if  test "$with_nss_compat_ossl" != "no"; then
+	LIBS="$LIBS -lnss_compat_ossl"
+	EL_CONFIG(CONFIG_NSS_COMPAT_OSSL, [nss_compat_ossl])
+	disable_openssl="yes"
+	disable_gnutls="yes"
+fi
+
 #  OpenSSL
 
 AC_MSG_CHECKING([for OpenSSL])
@@ -1075,10 +1105,11 @@ AC_MSG_RESULT($cf_result)
 
 # Final SSL setup
 
-EL_CONFIG_DEPENDS(CONFIG_SSL, [CONFIG_OPENSSL CONFIG_GNUTLS], [SSL])
+EL_CONFIG_DEPENDS(CONFIG_SSL, [CONFIG_OPENSSL CONFIG_GNUTLS CONFIG_NSS_COMPAT_OSSL], [SSL])
 AC_SUBST(CONFIG_GNUTLS_OPENSSL_COMPAT)
 AC_SUBST(CONFIG_OPENSSL)
 AC_SUBST(CONFIG_GNUTLS)
+AC_SUBST(CONFIG_NSS_COMPAT_OSSL)
 
 #endif
 
diff --git a/src/network/ssl/TODO b/src/network/ssl/TODO
index dad2835..3079e34 100644
--- a/src/network/ssl/TODO
+++ b/src/network/ssl/TO

Re: [elinks-dev] [PATCH] fix mangled indentation in configure --help

[Kamil Dudka]

On Tuesday 09 September 2008 00:16:52 Kalle Olavi Niemitalo wrote:
> but the brackets around =DIR are missing.
Sorry, I didn't notice this detail at all.

I've searched the proper solution last hour on the web. But it seems there is 
no proper solution while using AC_HELP_STRING - consider this thread 
http://www.mail-archive.com/[EMAIL PROTECTED]/msg08893.html

So I've fixed the preexisting options with double quoting [[...]] - patch #1. 
And I am also sending modified patch for NSS (patch #2), which shows [=DIR] - 
here were used four more pairs of square brackets.

Note I am new to autoconf, so if you have better solution...


Kamil
From be6d77c71220ec6498f0e55bf8ae1c2559265f2a Mon Sep 17 00:00:00 2001
From: Kamil Dudka <[EMAIL PROTECTED]>
Date: Tue, 9 Sep 2008 09:59:19 +0200
Subject: [PATCH] add support for nss_compat_ossl library (OpenSSL replacement)

* configure.in: Detection of nss_compat_ossl library.
New configure parameters --with-nss_compat_ossl, --without-nss_compat_ossl.
* socket.c: New configure option connection.ssl.client_cert.nickname.
* ssl.h: Handle CONFIG_NSS_COMPAT_OSSL macro.
* ssl.c: Add support for nss_compat_ossl.
* TODO: Remove completed task.
* NEWS: Mention the change.
---
 NEWS |2 ++
 configure.in |   33 -
 src/network/ssl/TODO |4 
 src/network/ssl/socket.c |   29 ++---
 src/network/ssl/ssl.c|   32 +---
 src/network/ssl/ssl.h|2 +-
 6 files changed, 82 insertions(+), 20 deletions(-)

diff --git a/NEWS b/NEWS
index 5267b83..1d9f71e 100644
--- a/NEWS
+++ b/NEWS
@@ -401,6 +401,8 @@ Released on 2007-04-15.
 * enhancement 767: recognize URL in META Refresh even without "URL="
 * enhancement 396: search for "" if the server doesn't specify a
   Content-Type
+* enhancement: Add support for nss_compat_ossl library (OpenSSL
+  replacement).
 
 ELinks 0.11.2:
 --
diff --git a/configure.in b/configure.in
index 77133a9..ca1e40c 100644
--- a/configure.in
+++ b/configure.in
@@ -952,6 +952,7 @@ gnutls_withval="$withval"
 
 if test "$enable_gnutls" = yes; then
 	disable_openssl=yes;
+	with_nss_compat_ossl=no;
 fi
 
 AC_ARG_WITH(openssl, [  --without-openssl   disable OpenSSL support],
@@ -959,6 +960,35 @@ AC_ARG_WITH(openssl, [  --without-openssl   disable OpenSSL support],
 AC_ARG_WITH(openssl, [[  --with-openssl[=DIR]enable OpenSSL support (default)]])
 openssl_withval="$withval"
 
+AC_ARG_WITH(nss_compat_ossl, AC_HELP_STRING([--with-nss_compat_ossl[=DIR]],
+	[NSS compatibility SSL libraries/include files]))
+
+# nss_compat_ossl
+EL_SAVE_FLAGS
+if test "$with_nss_compat_ossl" != "no"; then
+	if test -z "$with_nss_compat_ossl" -o "$with_nss_compat_ossl" = yes; then
+		if pkg-config nss; then
+			CFLAGS="$CFLAGS_X `pkg-config --cflags nss`"
+			LIBS="$LIBS_X `pkg-config --libs nss`"
+		else
+			with_nss_compat_ossl=no
+		fi
+	else
+		# Without pkg-config, we'll kludge in some defaults
+		CFLAGS="$CFLAGS_X -I$with_nss_compat_ossl/include -I/usr/include/nss3 -I/usr/include/nspr4"
+		LIBS="$LIBS_X -L$with_nss_compat_ossl/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"
+	fi
+	AC_CHECK_HEADERS(nss_compat_ossl/nss_compat_ossl.h,, [with_nss_compat_ossl=no], [#define NSS_COMPAT_OSSL_H])
+	AC_CHECK_LIB(nss_compat_ossl, X509_free,, [with_nss_compat_ossl=no])
+fi
+
+if  test "$with_nss_compat_ossl" != "no"; then
+	LIBS="$LIBS -lnss_compat_ossl"
+	EL_CONFIG(CONFIG_NSS_COMPAT_OSSL, [nss_compat_ossl])
+	disable_openssl="yes"
+	disable_gnutls="yes"
+fi
+
 #  OpenSSL
 
 AC_MSG_CHECKING([for OpenSSL])
@@ -1075,10 +1105,11 @@ AC_MSG_RESULT($cf_result)
 
 # Final SSL setup
 
-EL_CONFIG_DEPENDS(CONFIG_SSL, [CONFIG_OPENSSL CONFIG_GNUTLS], [SSL])
+EL_CONFIG_DEPENDS(CONFIG_SSL, [CONFIG_OPENSSL CONFIG_GNUTLS CONFIG_NSS_COMPAT_OSSL], [SSL])
 AC_SUBST(CONFIG_GNUTLS_OPENSSL_COMPAT)
 AC_SUBST(CONFIG_OPENSSL)
 AC_SUBST(CONFIG_GNUTLS)
+AC_SUBST(CONFIG_NSS_COMPAT_OSSL)
 
 #endif
 
diff --git a/src/network/ssl/TODO b/src/network/ssl/TODO
index dad2835..3079e34 100644
--- a/src/network/ssl/TODO
+++ b/src/network/ssl/TODO
@@ -5,10 +5,6 @@ We could add also support for:
  format conviently readable for me; however, they say it is damn fast and very
  easy to use)
 
-* NSS (http://www.mozilla.org/projects/security/pki/nss/ - it could be pretty
- widespread and nicely tested by mozilla, however it scares me, it looks to be
- pretty complex and already needing some certificates db generated etc)
-
 Possibly, we should drop support for native GnuTLS and use their OpenSSL
 wrapper instead, since I happen to feel very unsure about GnuTLS interface -
 OpenSSL is not much better, but we can steal code from other applications

Re: [elinks-dev] [PATCH] Add support for nss_compat_ossl library (OpenSSL replacement).

[Kamil Dudka]

On Sunday 07 September 2008 02:05:07 Kalle Olavi Niemitalo wrote:
> Kamil Dudka <[EMAIL PROTECTED]> writes:
> > +AC_ARG_WITH(nss_compat_ossl,
> > AC_HELP_STRING([--with-nss_compat_ossl[=DIR]], +[NSS compatibility
> > SSL libraries/include files]))
> > +
> > +# nss_compat_ossl
> > +if test "$with_nss_compat_ossl" != "no"; then
> > +   if test -z "$with_nss_compat_ossl"; then
> > +   if pkg-config nss; then
> > +   CFLAGS="$CFLAGS_X `pkg-config --cflags nss`"
> > +   LIBS="$LIBS_X `pkg-config --libs nss`"
>
> Unfortunately, this part breaks Ruby scripting support.
> EL_CONFIG_SCRIPTING_RUBY saves CFLAGS and LIBS in the *_X
> variables, checks for Ruby, and restores the variables if Ruby
> did not work.  Now when you copy LIBS_X to LIBS, you lose the
> -lruby1.8 that was added in LIBS but not in LIBS_X.
> In general, each check should set the *_X variables on its own
> rather than rely on values left from the previous check.
Good point, fixed by calling EL_SAVE_FLAGS.

> The NSS support should be mentioned in doc/installation.txt.
> I was thinking of the following change, but you can do something
> else if you have better ideas.
Good idea.


On Sunday 07 September 2008 02:27:16 Kalle Olavi Niemitalo wrote:
> > +if test "$with_nss_compat_ossl" != "no"; then
> > +   if test -z "$with_nss_compat_ossl"; then
> > +   if pkg-config nss; then
> > +   CFLAGS="$CFLAGS_X `pkg-config --cflags nss`"
> > +   LIBS="$LIBS_X `pkg-config --libs nss`"
> > +   else
> > +   with_nss_compat_ossl=no
> > +   fi
> > +   else
> > +   # Without pkg-config, we'll kludge in some defaults
> > +   CFLAGS="$CFLAGS_X -I$with_nss_compat_ossl/include 
> > -I/usr/include/nss3
> > -I/usr/include/nspr4" + LIBS="$LIBS_X 
> > -L$with_nss_compat_ossl/lib -lssl3
> > -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl" +fi

> Autoconf considers --with-nss_compat_ossl equivalent to
> --with-nss_compat_ossl=yes.  Your code seems to treat that
> "yes" as a directory name and skip pkg-config.
Fixed by  -o "$with_nss_compat_ossl" = yes.

> > +   # TODO: Mark this as non-warning when it becomes stable
> > +   AC_MSG_WARN([Using nss_compat_ossl library for SSL.])
>
> Because you don't consider the nss_compat_ossl support stable,
> I think the configure script should select it only if the user
> explicitly requests it or no other SSL library is available.
I consider nss_compat_ossl support stable, but it has not been tested by users 
yet. If it will be used by default, we can get more experiences from users to 
declare it stable. I don't think ordinary user uses last git snapshot of 
elinks :-) Anyway I have removed this configure warning, it may frighten 
users. New patch in attachment.


Kamil

From 2506e5757e943e77c2e8580ae973a45df5b85e3b Mon Sep 17 00:00:00 2001
From: Kamil Dudka <[EMAIL PROTECTED]>
Date: Mon, 8 Sep 2008 12:06:55 +0200
Subject: [PATCH] add support for nss_compat_ossl library (OpenSSL replacement)

* configure.in: Detection of nss_compat_ossl library.
New configure parameters --with-nss_compat_ossl, --without-nss_compat_ossl.
* socket.c: New configure option connection.ssl.client_cert.nickname.
* ssl.h: Handle CONFIG_NSS_COMPAT_OSSL macro.
* ssl.c: Add support for nss_compat_ossl.
* TODO: Remove completed task.
* NEWS: Mention the change.
---
 NEWS |2 ++
 configure.in |   33 -
 src/network/ssl/TODO |4 
 src/network/ssl/socket.c |   29 ++---
 src/network/ssl/ssl.c|   32 +---
 src/network/ssl/ssl.h|2 +-
 6 files changed, 82 insertions(+), 20 deletions(-)

diff --git a/NEWS b/NEWS
index 5267b83..1d9f71e 100644
--- a/NEWS
+++ b/NEWS
@@ -401,6 +401,8 @@ Released on 2007-04-15.
 * enhancement 767: recognize URL in META Refresh even without "URL="
 * enhancement 396: search for "" if the server doesn't specify a
   Content-Type
+* enhancement: Add support for nss_compat_ossl library (OpenSSL
+  replacement).
 
 ELinks 0.11.2:
 --
diff --git a/configure.in b/configure.in
index a8f7c2d..8207d8b 100644
--- a/configure.in
+++ b/configure.in
@@ -952,6 +952,7 @@ gnutls_withval="$withval"
 
 if test "$enable_gnutls" = yes; then
 	disable_openssl=yes;
+	with_nss_compat_ossl=no;
 fi
 
 AC_ARG_WITH(openssl, [  --without-openssl   disable OpenSSL support],
@@ -959,6 +960,35 @@ AC_ARG_WITH(openssl, [  --without-openssl   

[elinks-dev] [PATCH] fix mangled indentation in configure --help

[Kamil Dudka]

On Sunday 07 September 2008 02:27:16 Kalle Olavi Niemitalo wrote:
> I'm getting this in configure:
>
>   --with-nss_compat_ossl=DIR
>   NSS compatibility SSL libraries/include files
>
> So apparently there aren't enough brackets.  I think you should
> add a pair around the whole AC_HELP_STRING call.
This is correct behavior. It attempts to align columns and the option is 
longer than column, so it forces a newline. Nothing wrong I think.

> The same bug is in some preexisting options too.  If you want to
> fix those, please post a separate patch.
Fixed in attached patch by using AC_HELP_STRING.


Kamil
From f0c114eef0ec1ef7dee336dc8234a75a0a68203e Mon Sep 17 00:00:00 2001
From: Kamil Dudka <[EMAIL PROTECTED]>
Date: Mon, 8 Sep 2008 11:09:16 +0200
Subject: [PATCH] fix mangled indentation in configure --help

---
 configure.in |   10 +-
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/configure.in b/configure.in
index a8f7c2d..dfccf24 100644
--- a/configure.in
+++ b/configure.in
@@ -795,7 +795,7 @@ fi
 # ===
 enable_python="no";
 
-AC_ARG_WITH(python, [  --with-python=[DIR] enable Python support],
+AC_ARG_WITH(python, AC_HELP_STRING([--with-python=[DIR]], [enable Python support]),
 [ if test "x$withval" != xno; then enable_python=yes; fi ])
 
 EL_SAVE_FLAGS
@@ -944,9 +944,9 @@ disable_openssl=""
 disable_gnutls=""
 enable_gnutls=""
 
-AC_ARG_WITH(gnutls, [  --without-gnutlsdisable GNUTLS SSL support],
+AC_ARG_WITH(gnutls, AC_HELP_STRING([--without-gnutls], [disable GNUTLS SSL support]),
 	[if test "$with_gnutls" = no;  then disable_gnutls=yes; fi])
-AC_ARG_WITH(gnutls, [  --with-gnutls[=DIR] enable GNUTLS SSL support],
+AC_ARG_WITH(gnutls, AC_HELP_STRING([--with-gnutls[=DIR]], [enable GNUTLS SSL support]),
 	[if test "$with_gnutls" != no;  then enable_gnutls=yes; fi])
 gnutls_withval="$withval"
 
@@ -954,9 +954,9 @@ if test "$enable_gnutls" = yes; then
 	disable_openssl=yes;
 fi
 
-AC_ARG_WITH(openssl, [  --without-openssl   disable OpenSSL support],
+AC_ARG_WITH(openssl, AC_HELP_STRING([--without-openssl], [disable OpenSSL support]),
 	[if test "$with_openssl" = no;  then disable_openssl=yes; fi])
-AC_ARG_WITH(openssl, [  --with-openssl[=DIR]enable OpenSSL support (default)])
+AC_ARG_WITH(openssl, AC_HELP_STRING([--with-openssl[=DIR]], [enable OpenSSL support (default)]))
 openssl_withval="$withval"
 
 #  OpenSSL
-- 
1.5.4.1

___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

Re: [elinks-dev] elinks 0.13 build error.

[Kamil Dudka]

On Thursday 04 September 2008 10:07:02 أحمد المحمودي wrote:
> Hello,
>
>   Lately I was trying to build elinks 0.13 debian package, yet it fails
>   to build giving this error:
I don't think this is debian related.

> The build used to work for the snapshot I downloaded on 30/7/2008.
Seems to be broken by:
commit 018af50f1d2b3625469cf0b6059bf774a80191d2
Author: Kalle Olavi Niemitalo <[EMAIL PROTECTED]>
Date:   Sun Aug 3 21:27:56 2008 +0300

This helps me to avoid build error:
git reset --hard 291a913d1eaef81fac72218bb45c6a4de34c6fb8

Note that the build error occurs only if gopher is enabled, so temporary 
disable of gopher in affected debian package shou


Kamil
___
elinks-dev mailing list
elinks-dev@linuxfromscratch.org
http://linuxfromscratch.org/mailman/listinfo/elinks-dev

Re: [elinks-dev] [PATCH] Add support for nss_compat_ossl library (OpenSSL replacement).

[Kamil Dudka]

Sorry for long response, I was on holyday...

On Monday 25 August 2008 03:53:25 Kalle Olavi Niemitalo wrote:
> Although it is listed in TODO, I am not sure it is a good idea.
> Current versions of ELinks do not check the subject names of
> certificates (bug 1024), do not display detailed error messages
> when SSL or TLS fails, and do not provide a way to temporarily
> trust a certificate.  I fear fixing these and maintaining the
> resulting code will be more difficult if there are more
> alternative libraries.
I think the patch is really small. It is more concerned on auto-tools files 
and documentation rather then the source code. 99% of source code works for 
OpenSSL and nss_compat_ossl without any change.

> Does NSS enable ELinks to share the CA trust and client
> certificate settings of Mozilla browsers?  If so, that would be
> a reason to support NSS.
Sure. You need to set SSL_DIR environment variable to directory containing its 
NSS database, in my case ~/.mozilla/firefox/kkkp326c.default - maybe we 
should more document this feature.

> > From: Kamil Dudka <[EMAIL PROTECTED]>
>
> Do you give permission to add this name and email address to our
> public Git repository?  Please note the cia.vc and ohloh.net web
> sites already collect profiles of people and others can do so in
> the future.
Of course, permitted. I am already collected by ohloh.net :-)

> ELinks was originally licensed under GNU GPL v2 or later, but
> since ELinks 0.10.0, only GPLv2 is allowed.  If we ever want to
> change the license back (e.g. because of LGPLv3 libraries), we'll
> need permission from all copyright holders, I suppose.  Do you
> give such permission?
Yes.

> > @@ -79,6 +83,8 @@ ssl_set_no_tls(struct socket *socket)
> >
> > gnutls_protocol_set_priority(*(ssl_t *) socket->ssl,
> > protocol_priority); }
> > +#elif defined(CONFIG_NSS_COMPAT_OSSL)
> > +#warning "ssl_setno_tls is not implemented while using nss_compat_ossl"
> >  #endif
> >  }
>
> configure --enable-debug adds -Werror to CFLAGS if using GCC;
> does this #warning then break the build?  Also, it's a
> nonstandard directive and may hurt users of other compilers.
> (There is a #warning in osdep/system.h too but it's in an #if
> whose condition should never be true.)
Well, this patch was just a sketch and subject for discussion. This 
compile-time warning is no longer included in attached patch.

> If ssl_set_no_tls is not necessary because NSS automatically
> selects the right protocol version (more reliably than GnuTLS),
> then I don't think the warning should be there either.
> Otherwise, ssl_set_no_tls should be implemented... or is it
> impossible to implement with nss_compat_ossl?
As it was just a workaround (maybe for OpenSSL bug) I think this is not 
necessary while using NSS, but I haven't tested it for now.

> > +#ifdef CONFIG_NSS_COMPAT_OSSL
> > +   INIT_OPT_STRING("connection.ssl.client_cert", N_("Certificate
> > nickname"), +   "file", 0, "",
> > +N_("The nickname of the client certificate stored in NSS\n"
> > +   "database. If this value is unset, the file pointed to\n"
> > +   "by the X509_CLIENT_CERT variable is used instead. If\n"
> > +   "you have a PKCS#12 file containing client certificate,\n"
> > +   "you can import it into your NSS database with:\n"
> > +   "$ pk12util -i mycert.p12 -d /path/to/database\n\n"
> > +   "The NSS database location can be changed by SSL_DIR\n"
> > +   "environment variable.")),
> > +#else
> > INIT_OPT_STRING("connection.ssl.client_cert", N_("Certificate File"),
> > "file", 0, "",
> >  N_("The location of a file containing the client certificate\n"
> > "and unencrypted private key in PEM format. If unset, the\n"
> > "file pointed to by the X509_CLIENT_CERT variable is used\n"
> > "instead.")),
> > +#endif
>
> You make connection.ssl.client_cert.file mean a file name if
> using OpenSSL, but a nickname if using NSS.  Can the user set up
> an elinks.conf that works correctly under both interpretations?
> (For example, by defining a nickname that looks like a file
> name.)  If not, I think it would be better to use a different
> name for the nickname option.  (An elinks binary built with NSS
> might then warn about unrecognized connection.ssl.client_cert.file
> in elinks.conf.  That could be fixed 

[elinks-dev] [PATCH] Add support for nss_compat_ossl library (OpenSSL replacement).

[Kamil Dudka]

Hello,

as requested in src/network/ssl/TODO support for NSS was added to elinks.

Proposed patch is based on nss_compat_ossl library:
http://fedoraproject.org/wiki/Nss_compat_ossl

Support for nss_compat_ossl is built automatically if the library is found on 
the system, there is also new configure option --with-nss_compat_ossl 
(--without-nss_compat_ossl) to adjust it manually.


Greetings
Kamil Dudka
From ecf66f77f721e564bfecfa782e12370fdaa9ca98 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <[EMAIL PROTECTED]>
Date: Tue, 19 Aug 2008 12:45:55 +0200
Subject: [PATCH] Add support for nss_compat_ossl library (OpenSSL replacement)

---
 NEWS |2 ++
 configure.in |   35 ++-
 src/network/ssl/TODO |4 
 src/network/ssl/socket.c |   22 +-
 src/network/ssl/ssl.c|   31 ---
 src/network/ssl/ssl.h|2 +-
 6 files changed, 78 insertions(+), 18 deletions(-)

diff --git a/NEWS b/NEWS
index f13e441..2e9f8c6 100644
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,8 @@ Miscellaneous:
 * enhancement: Add a new entry Link Info under Link main menu.
 * enhancement: New option protocol.http.compression.
 * enhancement: Indicate backgrounded downloads using an unused led.
+* enhancement: Add support for nss_compat_ossl library (OpenSSL
+  replacement).
 
 //
 The following changes should be removed from NEWS before ELinks 0.13.0
diff --git a/configure.in b/configure.in
index be0b64a..ff83218 100644
--- a/configure.in
+++ b/configure.in
@@ -988,6 +988,7 @@ gnutls_withval="$withval"
 
 if test "$enable_gnutls" = yes; then
 	disable_openssl=yes;
+	with_nss_compat_ossl=no;
 fi
 
 AC_ARG_WITH(openssl, [  --without-openssl   disable OpenSSL support],
@@ -995,6 +996,37 @@ AC_ARG_WITH(openssl, [  --without-openssl   disable OpenSSL support],
 AC_ARG_WITH(openssl, [  --with-openssl[=DIR]enable OpenSSL support (default)])
 openssl_withval="$withval"
 
+AC_ARG_WITH(nss_compat_ossl, AC_HELP_STRING([--with-nss_compat_ossl[=DIR]],
+	[NSS compatibility SSL libraries/include files]))
+
+# nss_compat_ossl
+if test "$with_nss_compat_ossl" != "no"; then
+	if test -z "$with_nss_compat_ossl"; then
+		if pkg-config nss; then
+			CFLAGS="$CFLAGS_X `pkg-config --cflags nss`"
+			LIBS="$LIBS_X `pkg-config --libs nss`"
+		else
+			with_nss_compat_ossl=no
+		fi
+	else
+		# Without pkg-config, we'll kludge in some defaults
+		CFLAGS="$CFLAGS_X -I$with_nss_compat_ossl/include -I/usr/include/nss3 -I/usr/include/nspr4"
+		LIBS="$LIBS_X -L$with_nss_compat_ossl/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl"
+	fi
+	AC_CHECK_HEADERS(nss_compat_ossl/nss_compat_ossl.h,, [with_nss_compat_ossl=no], [#define NSS_COMPAT_OSSL_H])
+	AC_CHECK_LIB(nss_compat_ossl, X509_free,, [with_nss_compat_ossl=no])
+fi
+
+if  test "$with_nss_compat_ossl" != "no"; then
+	LIBS="$LIBS -lnss_compat_ossl"
+	EL_CONFIG(CONFIG_NSS_COMPAT_OSSL, [nss_compat_ossl])
+	disable_openssl="yes"
+	disable_gnutls="yes"
+
+	# TODO: Mark this as non-warning when it becomes stable
+	AC_MSG_WARN([Using nss_compat_ossl library for SSL.])
+fi
+
 #  OpenSSL
 
 AC_MSG_CHECKING([for OpenSSL])
@@ -1113,10 +1145,11 @@ AC_MSG_RESULT($cf_result)
 
 # Final SSL setup
 
-EL_CONFIG_DEPENDS(CONFIG_SSL, [CONFIG_OPENSSL CONFIG_GNUTLS], [SSL])
+EL_CONFIG_DEPENDS(CONFIG_SSL, [CONFIG_OPENSSL CONFIG_GNUTLS CONFIG_NSS_COMPAT_OSSL], [SSL])
 AC_SUBST(CONFIG_GNUTLS_OPENSSL_COMPAT)
 AC_SUBST(CONFIG_OPENSSL)
 AC_SUBST(CONFIG_GNUTLS)
+AC_SUBST(CONFIG_NSS_COMPAT_OSSL)
 
 #endif
 
diff --git a/src/network/ssl/TODO b/src/network/ssl/TODO
index dad2835..3079e34 100644
--- a/src/network/ssl/TODO
+++ b/src/network/ssl/TODO
@@ -5,10 +5,6 @@ We could add also support for:
  format conviently readable for me; however, they say it is damn fast and very
  easy to use)
 
-* NSS (http://www.mozilla.org/projects/security/pki/nss/ - it could be pretty
- widespread and nicely tested by mozilla, however it scares me, it looks to be
- pretty complex and already needing some certificates db generated etc)
-
 Possibly, we should drop support for native GnuTLS and use their OpenSSL
 wrapper instead, since I happen to feel very unsure about GnuTLS interface -
 OpenSSL is not much better, but we can steal code from other applications ;-).
diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c
index 74c43b8..338bb20 100644
--- a/src/network/ssl/socket.c
+++ b/src/network/ssl/socket.c
@@ -6,6 +6,10 @@
 
 #ifdef CONFIG_OPENSSL
 #include 
+#define USE_OPENSSL
+#elif defined(CONFIG_NSS_COMPAT_OSSL)
+#include 
+#define USE_OPENSSL
 #elif defined(CONFIG_GNUTLS)
 #include 
 #else
@@ -26,7 +30,7 @@
 
 
 /* SSL errors */
-#ifdef CONFIG_OPENSSL
+#ifdef USE_OPENSSL
 #define