subject:"\[PATCH\] gnu\: lynx\: Support HTTPS \(SSL\) connections"

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

2016-04-06 Thread Leo Famulari

On Sun, Mar 20, 2016 at 04:15:02AM -0400, Leo Famulari wrote:
> On Sat, Mar 19, 2016 at 06:29:12PM +0100, Tobias Geerinckx-Rice wrote:
> > Leo,
> > 
> > On 04/03/2016, Leo Famulari  wrote:
> > > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.r...@gmail.com
> > > wrote:
> > >> From: Tobias Geerinckx-Rice 
> > >>
> > >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'.
> > >> [arguments]: Convert to list; add configure flag for SSL support.
> > 
> > Scratch that.
> > 
> > I assumed that since ‘--with-gnutls’ was already present (and detected
> > by ./configure, and listed by ldd...), GnuTLS just wasn't enough to
> > provide the full HTTPS experience and OpenSSL was required. I was
> > wrong.
> > 
> > > Also, what is role of gnutls once this patch is applied? Does lynx need
> > > to refer to both gnutls and openssl?
> > 
> > The actual solution is a bit silly. All that is actually needed to get
> > `lynx https://google.com’ working again is:
> 
> With this change, I can access google over https, but not the handful of
> other sites I tried. Are you able to access any other sites with https?

Ping!

> 
> > 
> > ---
> > diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm
> > index 3182b3e..080fbb3 100644
> > --- a/gnu/packages/lynx.scm
> > +++ b/gnu/packages/lynx.scm
> > @@ -57,7 +57,7 @@
> > "--with-screen=ncurses"
> > "--with-zlib"
> > "--with-bzlib"
> > -   "--with-gnutls"
> > +   "--with-gnutls="
> > ;; "--with-socks5"; XXX TODO
> > "--enable-widec"
> > "--enable-ascii-ctypes"
> > ---
> > 
> > Yep.
> > 
> > Is this unusual? Can't say I feel much enthusiasm to read/debug
> > autoconf macros...
> > 
> > > Can you say if you learned anything else... "interesting" about lynx and
> > > https support?
> > >
> > > For example, a couple months ago I was reading our bug reports and saw
> > > an old one about https support in w3m (another console browser). I dug a
> > > little deeper and realized that https support was completely broken by
> > > default. You can see the result in commit 62339e2d493bf87.
> > >
> > > So, do you know if lynx is still supporting broken ciphers and
> > > protocols, or if there are other problems of that nature?
> > 
> > My main motivation was to have access to HTTPS sites while working on
> > my X-less GuixSD box, which works with the patch above. However:
> > 
> > ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html
> > Looking up www.ssllabs.com
> > Making HTTPS connection to www.ssllabs.com
> > Retrying connection without TLS.
> > Looking up www.ssllabs.com
> > Making HTTPS connection to www.ssllabs.com
> > Alert!: Unable to make secure connection to remote host.
> > 
> > Not sure I want to dive into this mess.
> > 
> > Kind regards,
> > 
> > T G-R
>

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

2016-03-20 Thread Ludovic Courtès

Tobias Geerinckx-Rice  skribis:

> So the stock Guix lynx opens (for example) https://google.com just
> fine on your end?

I think a good way to test these things reproducibly is with:

  guix environment --container -N --ad-hoc lynx --expose=/etc/ssl/certs

… assuming NSS certificates are available in /etc/ssl/certs, as is the
case on GuixSD.

HTH,
Ludo’.

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

2016-03-20 Thread Leo Famulari

On Sat, Mar 19, 2016 at 06:29:12PM +0100, Tobias Geerinckx-Rice wrote:
> Leo,
> 
> On 04/03/2016, Leo Famulari  wrote:
> > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.r...@gmail.com
> > wrote:
> >> From: Tobias Geerinckx-Rice 
> >>
> >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'.
> >> [arguments]: Convert to list; add configure flag for SSL support.
> 
> Scratch that.
> 
> I assumed that since ‘--with-gnutls’ was already present (and detected
> by ./configure, and listed by ldd...), GnuTLS just wasn't enough to
> provide the full HTTPS experience and OpenSSL was required. I was
> wrong.
> 
> > Also, what is role of gnutls once this patch is applied? Does lynx need
> > to refer to both gnutls and openssl?
> 
> The actual solution is a bit silly. All that is actually needed to get
> `lynx https://google.com’ working again is:

With this change, I can access google over https, but not the handful of
other sites I tried. Are you able to access any other sites with https?

> 
> ---
> diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm
> index 3182b3e..080fbb3 100644
> --- a/gnu/packages/lynx.scm
> +++ b/gnu/packages/lynx.scm
> @@ -57,7 +57,7 @@
> "--with-screen=ncurses"
> "--with-zlib"
> "--with-bzlib"
> -   "--with-gnutls"
> +   "--with-gnutls="
> ;; "--with-socks5"; XXX TODO
> "--enable-widec"
> "--enable-ascii-ctypes"
> ---
> 
> Yep.
> 
> Is this unusual? Can't say I feel much enthusiasm to read/debug
> autoconf macros...
> 
> > Can you say if you learned anything else... "interesting" about lynx and
> > https support?
> >
> > For example, a couple months ago I was reading our bug reports and saw
> > an old one about https support in w3m (another console browser). I dug a
> > little deeper and realized that https support was completely broken by
> > default. You can see the result in commit 62339e2d493bf87.
> >
> > So, do you know if lynx is still supporting broken ciphers and
> > protocols, or if there are other problems of that nature?
> 
> My main motivation was to have access to HTTPS sites while working on
> my X-less GuixSD box, which works with the patch above. However:
> 
> ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html
> Looking up www.ssllabs.com
> Making HTTPS connection to www.ssllabs.com
> Retrying connection without TLS.
> Looking up www.ssllabs.com
> Making HTTPS connection to www.ssllabs.com
> Alert!: Unable to make secure connection to remote host.
> 
> Not sure I want to dive into this mess.
> 
> Kind regards,
> 
> T G-R

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

2016-03-19 Thread Tobias Geerinckx-Rice

Efraim,

On 19/03/2016, Efraim Flashner  wrote:
>> > Wouldn't fix lynx,
>
> I meant my following suggestion wouldn't help with the actual issue of
> fixing lynx [...]
> Links is a different text mode web broswer than lynx.

I completely read over the spelling difference. Embarrasing, since I
knew (e)links well. It shines on a framebuffer.

Thanks for the tip!

Kind regards,

T G-R

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

2016-03-19 Thread Efraim Flashner

On Sat, 19 Mar 2016 22:01:26 +0100
Tobias Geerinckx-Rice  wrote:

> On 19/03/2016, Efraim Flashner  wrote:
> > Wouldn't fix lynx,  

I meant my following suggestion wouldn't help with the actual issue of fixing
lynx

> I'm afraid I don't understand who or what this refers to.
> 
> > but I can say that links is working fairly well for
> > me and I haven't been "locked out" of a non-https website.  
> 
> So the stock Guix lynx opens (for example) https://google.com just
> fine on your end?
> 
Stock lynx on my end won't open https://google.com, it gives me an error
about not supporting HTTPS urls.

Links is a different text mode web broswer than lynx. There's also w3m, which
I haven't tried out yet.

-- 
Efraim Flashner  אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted


pgprU1ezAnN_f.pgp
Description: OpenPGP digital signature

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

2016-03-19 Thread Tobias Geerinckx-Rice

On 19/03/2016, Efraim Flashner  wrote:
> Wouldn't fix lynx,

I'm afraid I don't understand who or what this refers to.

> but I can say that links is working fairly well for
> me and I haven't been "locked out" of a non-https website.

So the stock Guix lynx opens (for example) https://google.com just
fine on your end?

That's even stranger.

Kind regards,

T G-R

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

2016-03-19 Thread Tobias Geerinckx-Rice

On 19/03/2016, Efraim Flashner  wrote:
>> -   "--with-gnutls"
>> +   "--with-gnutls="
>
> Is this supposed to be empty at the end? I would assume it would want
> something like (string-append "--with-gnutls=" (assoc-ref %build-inputs
> "gnutls")).

Not a typo. :-)

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

2016-03-19 Thread Efraim Flashner

On Sat, Mar 19, 2016 at 06:29:12PM +0100, Tobias Geerinckx-Rice wrote:
> Leo,
>
> On 04/03/2016, Leo Famulari  wrote:
> > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.r...@gmail.com
> > wrote:
> >> From: Tobias Geerinckx-Rice 
> >>
> >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'.
> >> [arguments]: Convert to list; add configure flag for SSL support.
>
> Scratch that.
>
> I assumed that since ‘--with-gnutls’ was already present (and detected
> by ./configure, and listed by ldd...), GnuTLS just wasn't enough to
> provide the full HTTPS experience and OpenSSL was required. I was
> wrong.
>
> > Also, what is role of gnutls once this patch is applied? Does lynx need
> > to refer to both gnutls and openssl?
>
> The actual solution is a bit silly. All that is actually needed to get
> `lynx https://google.com’ working again is:
>
> ---
> diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm
> index 3182b3e..080fbb3 100644
> --- a/gnu/packages/lynx.scm
> +++ b/gnu/packages/lynx.scm
> @@ -57,7 +57,7 @@
> "--with-screen=ncurses"
> "--with-zlib"
> "--with-bzlib"
> -   "--with-gnutls"
> +   "--with-gnutls="

Is this supposed to be empty at the end? I would assume it would want
something like (string-append "--with-gnutls=" (assoc-ref %build-inputs
"gnutls")).

> ;; "--with-socks5"; XXX TODO
> "--enable-widec"
> "--enable-ascii-ctypes"
> ---
> 
> Yep.
> 
> Is this unusual? Can't say I feel much enthusiasm to read/debug
> autoconf macros...
> 
> > Can you say if you learned anything else... "interesting" about lynx and
> > https support?
> >
> > For example, a couple months ago I was reading our bug reports and saw
> > an old one about https support in w3m (another console browser). I dug a
> > little deeper and realized that https support was completely broken by
> > default. You can see the result in commit 62339e2d493bf87.
> >
> > So, do you know if lynx is still supporting broken ciphers and
> > protocols, or if there are other problems of that nature?
> 
> My main motivation was to have access to HTTPS sites while working on
> my X-less GuixSD box, which works with the patch above. However:
> 
> ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html
> Looking up www.ssllabs.com
> Making HTTPS connection to www.ssllabs.com
> Retrying connection without TLS.
> Looking up www.ssllabs.com
> Making HTTPS connection to www.ssllabs.com
> Alert!: Unable to make secure connection to remote host.
> 
> Not sure I want to dive into this mess.
> 
> Kind regards,
> 
> T G-R
> 

Wouldn't fix lynx, but I can say that links is working fairly well for
me and I haven't been "locked out" of a non-https website.

--
Efraim Flashner  אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted


signature.asc
Description: PGP signature

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

2016-03-19 Thread Tobias Geerinckx-Rice

Leo,

On 04/03/2016, Leo Famulari  wrote:
> On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.r...@gmail.com
> wrote:
>> From: Tobias Geerinckx-Rice 
>>
>> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'.
>> [arguments]: Convert to list; add configure flag for SSL support.

Scratch that.

I assumed that since ‘--with-gnutls’ was already present (and detected
by ./configure, and listed by ldd...), GnuTLS just wasn't enough to
provide the full HTTPS experience and OpenSSL was required. I was
wrong.

> Also, what is role of gnutls once this patch is applied? Does lynx need
> to refer to both gnutls and openssl?

The actual solution is a bit silly. All that is actually needed to get
`lynx https://google.com’ working again is:

---
diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm
index 3182b3e..080fbb3 100644
--- a/gnu/packages/lynx.scm
+++ b/gnu/packages/lynx.scm
@@ -57,7 +57,7 @@
"--with-screen=ncurses"
"--with-zlib"
"--with-bzlib"
-   "--with-gnutls"
+   "--with-gnutls="
;; "--with-socks5"; XXX TODO
"--enable-widec"
"--enable-ascii-ctypes"
---

Yep.

Is this unusual? Can't say I feel much enthusiasm to read/debug
autoconf macros...

> Can you say if you learned anything else... "interesting" about lynx and
> https support?
>
> For example, a couple months ago I was reading our bug reports and saw
> an old one about https support in w3m (another console browser). I dug a
> little deeper and realized that https support was completely broken by
> default. You can see the result in commit 62339e2d493bf87.
>
> So, do you know if lynx is still supporting broken ciphers and
> protocols, or if there are other problems of that nature?

My main motivation was to have access to HTTPS sites while working on
my X-less GuixSD box, which works with the patch above. However:

~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html
Looking up www.ssllabs.com
Making HTTPS connection to www.ssllabs.com
Retrying connection without TLS.
Looking up www.ssllabs.com
Making HTTPS connection to www.ssllabs.com
Alert!: Unable to make secure connection to remote host.

Not sure I want to dive into this mess.

Kind regards,

T G-R

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

2016-03-03 Thread Leo Famulari

On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.r...@gmail.com wrote:
> From: Tobias Geerinckx-Rice 
> 
> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'.
> [arguments]: Convert to list; add configure flag for SSL support.

Wow, thanks for this patch!

Can you say if you learned anything else... "interesting" about lynx and
https support?

For example, a couple months ago I was reading our bug reports and saw
an old one about https support in w3m (another console browser). I dug a
little deeper and realized that https support was completely broken by
default. You can see the result in commit 62339e2d493bf87.

So, do you know if lynx is still supporting broken ciphers and
protocols, or if there are other problems of that nature?

Also, what is role of gnutls once this patch is applied? Does lynx need
to refer to both gnutls and openssl?

> ---
>  gnu/packages/lynx.scm | 30 +-
>  1 file changed, 17 insertions(+), 13 deletions(-)
> 
> diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm
> index 3182b3e..7e1ef1d 100644
> --- a/gnu/packages/lynx.scm
> +++ b/gnu/packages/lynx.scm
> @@ -48,24 +48,28 @@
>("libidn" ,libidn)
>("gnutls" ,gnutls)
>("libgcrypt" ,libgcrypt)
> +  ("openssl" ,openssl)
>("unzip" ,unzip)
>("zlib" ,zlib)
>("gzip" ,gzip)
>("bzip2" ,bzip2)))
>  (arguments
> - `(#:configure-flags '("--with-pkg-config"
> -   "--with-screen=ncurses"
> -   "--with-zlib"
> -   "--with-bzlib"
> -   "--with-gnutls"
> -   ;; "--with-socks5"; XXX TODO
> -   "--enable-widec"
> -   "--enable-ascii-ctypes"
> -   "--enable-local-docs"
> -   "--enable-htmlized-cfg"
> -   "--enable-gzip-help"
> -   "--enable-nls"
> -   "--enable-ipv6")
> + `(#:configure-flags
> +   (list "--with-pkg-config"
> + "--with-screen=ncurses"
> + "--with-zlib"
> + "--with-bzlib"
> + "--with-gnutls"
> + (string-append "--with-ssl="
> +(assoc-ref %build-inputs "openssl"))
> + ;; "--with-socks5"; XXX TODO
> + "--enable-widec"
> + "--enable-ascii-ctypes"
> + "--enable-local-docs"
> + "--enable-htmlized-cfg"
> + "--enable-gzip-help"
> + "--enable-nls"
> + "--enable-ipv6")
> #:tests? #f  ; no check target
> #:phases (alist-replace
>   'install
> -- 
> 2.6.3
> 
>

[PATCH] gnu: lynx: Support HTTPS (SSL) connections

2016-03-03 Thread tobias . geerinckx . rice

From: Tobias Geerinckx-Rice 

* gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'.
[arguments]: Convert to list; add configure flag for SSL support.
---
 gnu/packages/lynx.scm | 30 +-
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm
index 3182b3e..7e1ef1d 100644
--- a/gnu/packages/lynx.scm
+++ b/gnu/packages/lynx.scm
@@ -48,24 +48,28 @@
   ("libidn" ,libidn)
   ("gnutls" ,gnutls)
   ("libgcrypt" ,libgcrypt)
+  ("openssl" ,openssl)
   ("unzip" ,unzip)
   ("zlib" ,zlib)
   ("gzip" ,gzip)
   ("bzip2" ,bzip2)))
 (arguments
- `(#:configure-flags '("--with-pkg-config"
-   "--with-screen=ncurses"
-   "--with-zlib"
-   "--with-bzlib"
-   "--with-gnutls"
-   ;; "--with-socks5"; XXX TODO
-   "--enable-widec"
-   "--enable-ascii-ctypes"
-   "--enable-local-docs"
-   "--enable-htmlized-cfg"
-   "--enable-gzip-help"
-   "--enable-nls"
-   "--enable-ipv6")
+ `(#:configure-flags
+   (list "--with-pkg-config"
+ "--with-screen=ncurses"
+ "--with-zlib"
+ "--with-bzlib"
+ "--with-gnutls"
+ (string-append "--with-ssl="
+(assoc-ref %build-inputs "openssl"))
+ ;; "--with-socks5"; XXX TODO
+ "--enable-widec"
+ "--enable-ascii-ctypes"
+ "--enable-local-docs"
+ "--enable-htmlized-cfg"
+ "--enable-gzip-help"
+ "--enable-nls"
+ "--enable-ipv6")
#:tests? #f  ; no check target
#:phases (alist-replace
  'install
-- 
2.6.3

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections

[PATCH] gnu: lynx: Support HTTPS (SSL) connections

11 matches

Site Navigation

Mail list logo

Footer information