Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections
On Sun, Mar 20, 2016 at 04:15:02AM -0400, Leo Famulari wrote: > On Sat, Mar 19, 2016 at 06:29:12PM +0100, Tobias Geerinckx-Rice wrote: > > Leo, > > > > On 04/03/2016, Leo Famulari wrote: > > > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.r...@gmail.com > > > wrote: > > >> From: Tobias Geerinckx-Rice > > >> > > >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'. > > >> [arguments]: Convert to list; add configure flag for SSL support. > > > > Scratch that. > > > > I assumed that since ‘--with-gnutls’ was already present (and detected > > by ./configure, and listed by ldd...), GnuTLS just wasn't enough to > > provide the full HTTPS experience and OpenSSL was required. I was > > wrong. > > > > > Also, what is role of gnutls once this patch is applied? Does lynx need > > > to refer to both gnutls and openssl? > > > > The actual solution is a bit silly. All that is actually needed to get > > `lynx https://google.com’ working again is: > > With this change, I can access google over https, but not the handful of > other sites I tried. Are you able to access any other sites with https? Ping! > > > > > --- > > diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm > > index 3182b3e..080fbb3 100644 > > --- a/gnu/packages/lynx.scm > > +++ b/gnu/packages/lynx.scm > > @@ -57,7 +57,7 @@ > > "--with-screen=ncurses" > > "--with-zlib" > > "--with-bzlib" > > - "--with-gnutls" > > + "--with-gnutls=" > > ;; "--with-socks5"; XXX TODO > > "--enable-widec" > > "--enable-ascii-ctypes" > > --- > > > > Yep. > > > > Is this unusual? Can't say I feel much enthusiasm to read/debug > > autoconf macros... > > > > > Can you say if you learned anything else... "interesting" about lynx and > > > https support? > > > > > > For example, a couple months ago I was reading our bug reports and saw > > > an old one about https support in w3m (another console browser). I dug a > > > little deeper and realized that https support was completely broken by > > > default. You can see the result in commit 62339e2d493bf87. > > > > > > So, do you know if lynx is still supporting broken ciphers and > > > protocols, or if there are other problems of that nature? > > > > My main motivation was to have access to HTTPS sites while working on > > my X-less GuixSD box, which works with the patch above. However: > > > > ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html > > Looking up www.ssllabs.com > > Making HTTPS connection to www.ssllabs.com > > Retrying connection without TLS. > > Looking up www.ssllabs.com > > Making HTTPS connection to www.ssllabs.com > > Alert!: Unable to make secure connection to remote host. > > > > Not sure I want to dive into this mess. > > > > Kind regards, > > > > T G-R >
Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections
Tobias Geerinckx-Rice skribis: > So the stock Guix lynx opens (for example) https://google.com just > fine on your end? I think a good way to test these things reproducibly is with: guix environment --container -N --ad-hoc lynx --expose=/etc/ssl/certs … assuming NSS certificates are available in /etc/ssl/certs, as is the case on GuixSD. HTH, Ludo’.
Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections
On Sat, Mar 19, 2016 at 06:29:12PM +0100, Tobias Geerinckx-Rice wrote: > Leo, > > On 04/03/2016, Leo Famulari wrote: > > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.r...@gmail.com > > wrote: > >> From: Tobias Geerinckx-Rice > >> > >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'. > >> [arguments]: Convert to list; add configure flag for SSL support. > > Scratch that. > > I assumed that since ‘--with-gnutls’ was already present (and detected > by ./configure, and listed by ldd...), GnuTLS just wasn't enough to > provide the full HTTPS experience and OpenSSL was required. I was > wrong. > > > Also, what is role of gnutls once this patch is applied? Does lynx need > > to refer to both gnutls and openssl? > > The actual solution is a bit silly. All that is actually needed to get > `lynx https://google.com’ working again is: With this change, I can access google over https, but not the handful of other sites I tried. Are you able to access any other sites with https? > > --- > diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm > index 3182b3e..080fbb3 100644 > --- a/gnu/packages/lynx.scm > +++ b/gnu/packages/lynx.scm > @@ -57,7 +57,7 @@ > "--with-screen=ncurses" > "--with-zlib" > "--with-bzlib" > - "--with-gnutls" > + "--with-gnutls=" > ;; "--with-socks5"; XXX TODO > "--enable-widec" > "--enable-ascii-ctypes" > --- > > Yep. > > Is this unusual? Can't say I feel much enthusiasm to read/debug > autoconf macros... > > > Can you say if you learned anything else... "interesting" about lynx and > > https support? > > > > For example, a couple months ago I was reading our bug reports and saw > > an old one about https support in w3m (another console browser). I dug a > > little deeper and realized that https support was completely broken by > > default. You can see the result in commit 62339e2d493bf87. > > > > So, do you know if lynx is still supporting broken ciphers and > > protocols, or if there are other problems of that nature? > > My main motivation was to have access to HTTPS sites while working on > my X-less GuixSD box, which works with the patch above. However: > > ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html > Looking up www.ssllabs.com > Making HTTPS connection to www.ssllabs.com > Retrying connection without TLS. > Looking up www.ssllabs.com > Making HTTPS connection to www.ssllabs.com > Alert!: Unable to make secure connection to remote host. > > Not sure I want to dive into this mess. > > Kind regards, > > T G-R
Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections
Efraim, On 19/03/2016, Efraim Flashner wrote: >> > Wouldn't fix lynx, > > I meant my following suggestion wouldn't help with the actual issue of > fixing lynx [...] > Links is a different text mode web broswer than lynx. I completely read over the spelling difference. Embarrasing, since I knew (e)links well. It shines on a framebuffer. Thanks for the tip! Kind regards, T G-R
Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections
On Sat, 19 Mar 2016 22:01:26 +0100 Tobias Geerinckx-Rice wrote: > On 19/03/2016, Efraim Flashner wrote: > > Wouldn't fix lynx, I meant my following suggestion wouldn't help with the actual issue of fixing lynx > I'm afraid I don't understand who or what this refers to. > > > but I can say that links is working fairly well for > > me and I haven't been "locked out" of a non-https website. > > So the stock Guix lynx opens (for example) https://google.com just > fine on your end? > Stock lynx on my end won't open https://google.com, it gives me an error about not supporting HTTPS urls. Links is a different text mode web broswer than lynx. There's also w3m, which I haven't tried out yet. -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted pgprU1ezAnN_f.pgp Description: OpenPGP digital signature
Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections
On 19/03/2016, Efraim Flashner wrote: > Wouldn't fix lynx, I'm afraid I don't understand who or what this refers to. > but I can say that links is working fairly well for > me and I haven't been "locked out" of a non-https website. So the stock Guix lynx opens (for example) https://google.com just fine on your end? That's even stranger. Kind regards, T G-R
Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections
On 19/03/2016, Efraim Flashner wrote: >> - "--with-gnutls" >> + "--with-gnutls=" > > Is this supposed to be empty at the end? I would assume it would want > something like (string-append "--with-gnutls=" (assoc-ref %build-inputs > "gnutls")). Not a typo. :-)
Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections
On Sat, Mar 19, 2016 at 06:29:12PM +0100, Tobias Geerinckx-Rice wrote: > Leo, > > On 04/03/2016, Leo Famulari wrote: > > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.r...@gmail.com > > wrote: > >> From: Tobias Geerinckx-Rice > >> > >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'. > >> [arguments]: Convert to list; add configure flag for SSL support. > > Scratch that. > > I assumed that since ‘--with-gnutls’ was already present (and detected > by ./configure, and listed by ldd...), GnuTLS just wasn't enough to > provide the full HTTPS experience and OpenSSL was required. I was > wrong. > > > Also, what is role of gnutls once this patch is applied? Does lynx need > > to refer to both gnutls and openssl? > > The actual solution is a bit silly. All that is actually needed to get > `lynx https://google.com’ working again is: > > --- > diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm > index 3182b3e..080fbb3 100644 > --- a/gnu/packages/lynx.scm > +++ b/gnu/packages/lynx.scm > @@ -57,7 +57,7 @@ > "--with-screen=ncurses" > "--with-zlib" > "--with-bzlib" > - "--with-gnutls" > + "--with-gnutls=" Is this supposed to be empty at the end? I would assume it would want something like (string-append "--with-gnutls=" (assoc-ref %build-inputs "gnutls")). > ;; "--with-socks5"; XXX TODO > "--enable-widec" > "--enable-ascii-ctypes" > --- > > Yep. > > Is this unusual? Can't say I feel much enthusiasm to read/debug > autoconf macros... > > > Can you say if you learned anything else... "interesting" about lynx and > > https support? > > > > For example, a couple months ago I was reading our bug reports and saw > > an old one about https support in w3m (another console browser). I dug a > > little deeper and realized that https support was completely broken by > > default. You can see the result in commit 62339e2d493bf87. > > > > So, do you know if lynx is still supporting broken ciphers and > > protocols, or if there are other problems of that nature? > > My main motivation was to have access to HTTPS sites while working on > my X-less GuixSD box, which works with the patch above. However: > > ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html > Looking up www.ssllabs.com > Making HTTPS connection to www.ssllabs.com > Retrying connection without TLS. > Looking up www.ssllabs.com > Making HTTPS connection to www.ssllabs.com > Alert!: Unable to make secure connection to remote host. > > Not sure I want to dive into this mess. > > Kind regards, > > T G-R > Wouldn't fix lynx, but I can say that links is working fairly well for me and I haven't been "locked out" of a non-https website. -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted signature.asc Description: PGP signature
Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections
Leo, On 04/03/2016, Leo Famulari wrote: > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.r...@gmail.com > wrote: >> From: Tobias Geerinckx-Rice >> >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'. >> [arguments]: Convert to list; add configure flag for SSL support. Scratch that. I assumed that since ‘--with-gnutls’ was already present (and detected by ./configure, and listed by ldd...), GnuTLS just wasn't enough to provide the full HTTPS experience and OpenSSL was required. I was wrong. > Also, what is role of gnutls once this patch is applied? Does lynx need > to refer to both gnutls and openssl? The actual solution is a bit silly. All that is actually needed to get `lynx https://google.com’ working again is: --- diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm index 3182b3e..080fbb3 100644 --- a/gnu/packages/lynx.scm +++ b/gnu/packages/lynx.scm @@ -57,7 +57,7 @@ "--with-screen=ncurses" "--with-zlib" "--with-bzlib" - "--with-gnutls" + "--with-gnutls=" ;; "--with-socks5"; XXX TODO "--enable-widec" "--enable-ascii-ctypes" --- Yep. Is this unusual? Can't say I feel much enthusiasm to read/debug autoconf macros... > Can you say if you learned anything else... "interesting" about lynx and > https support? > > For example, a couple months ago I was reading our bug reports and saw > an old one about https support in w3m (another console browser). I dug a > little deeper and realized that https support was completely broken by > default. You can see the result in commit 62339e2d493bf87. > > So, do you know if lynx is still supporting broken ciphers and > protocols, or if there are other problems of that nature? My main motivation was to have access to HTTPS sites while working on my X-less GuixSD box, which works with the patch above. However: ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html Looking up www.ssllabs.com Making HTTPS connection to www.ssllabs.com Retrying connection without TLS. Looking up www.ssllabs.com Making HTTPS connection to www.ssllabs.com Alert!: Unable to make secure connection to remote host. Not sure I want to dive into this mess. Kind regards, T G-R
Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections
On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.r...@gmail.com wrote: > From: Tobias Geerinckx-Rice > > * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'. > [arguments]: Convert to list; add configure flag for SSL support. Wow, thanks for this patch! Can you say if you learned anything else... "interesting" about lynx and https support? For example, a couple months ago I was reading our bug reports and saw an old one about https support in w3m (another console browser). I dug a little deeper and realized that https support was completely broken by default. You can see the result in commit 62339e2d493bf87. So, do you know if lynx is still supporting broken ciphers and protocols, or if there are other problems of that nature? Also, what is role of gnutls once this patch is applied? Does lynx need to refer to both gnutls and openssl? > --- > gnu/packages/lynx.scm | 30 +- > 1 file changed, 17 insertions(+), 13 deletions(-) > > diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm > index 3182b3e..7e1ef1d 100644 > --- a/gnu/packages/lynx.scm > +++ b/gnu/packages/lynx.scm > @@ -48,24 +48,28 @@ >("libidn" ,libidn) >("gnutls" ,gnutls) >("libgcrypt" ,libgcrypt) > + ("openssl" ,openssl) >("unzip" ,unzip) >("zlib" ,zlib) >("gzip" ,gzip) >("bzip2" ,bzip2))) > (arguments > - `(#:configure-flags '("--with-pkg-config" > - "--with-screen=ncurses" > - "--with-zlib" > - "--with-bzlib" > - "--with-gnutls" > - ;; "--with-socks5"; XXX TODO > - "--enable-widec" > - "--enable-ascii-ctypes" > - "--enable-local-docs" > - "--enable-htmlized-cfg" > - "--enable-gzip-help" > - "--enable-nls" > - "--enable-ipv6") > + `(#:configure-flags > + (list "--with-pkg-config" > + "--with-screen=ncurses" > + "--with-zlib" > + "--with-bzlib" > + "--with-gnutls" > + (string-append "--with-ssl=" > +(assoc-ref %build-inputs "openssl")) > + ;; "--with-socks5"; XXX TODO > + "--enable-widec" > + "--enable-ascii-ctypes" > + "--enable-local-docs" > + "--enable-htmlized-cfg" > + "--enable-gzip-help" > + "--enable-nls" > + "--enable-ipv6") > #:tests? #f ; no check target > #:phases (alist-replace > 'install > -- > 2.6.3 > >
[PATCH] gnu: lynx: Support HTTPS (SSL) connections
From: Tobias Geerinckx-Rice * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'. [arguments]: Convert to list; add configure flag for SSL support. --- gnu/packages/lynx.scm | 30 +- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm index 3182b3e..7e1ef1d 100644 --- a/gnu/packages/lynx.scm +++ b/gnu/packages/lynx.scm @@ -48,24 +48,28 @@ ("libidn" ,libidn) ("gnutls" ,gnutls) ("libgcrypt" ,libgcrypt) + ("openssl" ,openssl) ("unzip" ,unzip) ("zlib" ,zlib) ("gzip" ,gzip) ("bzip2" ,bzip2))) (arguments - `(#:configure-flags '("--with-pkg-config" - "--with-screen=ncurses" - "--with-zlib" - "--with-bzlib" - "--with-gnutls" - ;; "--with-socks5"; XXX TODO - "--enable-widec" - "--enable-ascii-ctypes" - "--enable-local-docs" - "--enable-htmlized-cfg" - "--enable-gzip-help" - "--enable-nls" - "--enable-ipv6") + `(#:configure-flags + (list "--with-pkg-config" + "--with-screen=ncurses" + "--with-zlib" + "--with-bzlib" + "--with-gnutls" + (string-append "--with-ssl=" +(assoc-ref %build-inputs "openssl")) + ;; "--with-socks5"; XXX TODO + "--enable-widec" + "--enable-ascii-ctypes" + "--enable-local-docs" + "--enable-htmlized-cfg" + "--enable-gzip-help" + "--enable-nls" + "--enable-ipv6") #:tests? #f ; no check target #:phases (alist-replace 'install -- 2.6.3