base/SOURCES/elinks-nss-inc.patch

 src/network/ssl/ssl.c |   33 ++++++++++++++++++++++++++++++++-
 1 files changed, 32 insertions(+), 1 deletions(-)

diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c
index 73446b5..eadff7f 100644
--- a/src/network/ssl/ssl.c
+++ b/src/network/ssl/ssl.c
@@ -48,10 +48,20 @@ SSL_CTX *context = NULL;
 static void
 init_openssl(struct module *module)
 {
+	unsigned char *ca_file;
 	SSLeay_add_ssl_algorithms();
 	context = SSL_CTX_new(SSLv23_client_method());
 	SSL_CTX_set_options(context, SSL_OP_ALL);
+#ifdef CONFIG_NSS_COMPAT_OSSL
+	ca_file = get_opt_str("connection.ssl.trusted_ca_file");
+	if (*ca_file)
+		SSL_CTX_load_verify_locations(context, ca_file, NULL);
+	else
+		SSL_CTX_set_default_verify_paths(context);
+#else
+	(void) ca_file;
 	SSL_CTX_set_default_verify_paths(context);
+#endif
 }
 
 static void
@@ -61,10 +71,30 @@ done_openssl(struct module *module)
 }
 
 static union option_info openssl_options[] = {
+#ifdef CONFIG_NSS_COMPAT_OSSL
+	INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
+		"cert_verify", 0, 0,
+		N_("Verify the peer's SSL certificate.")),
+
+	INIT_OPT_STRING("connection.ssl", N_("Trusted CA file"),
+		"trusted_ca_file", 0, "/etc/pki/tls/certs/ca-bundle.crt",
+		N_("The location of a file containing certificates of "
+		"trusted certification authorities in PEM format. "
+		"ELinks then trusts certificates issued by these CAs.\n"
+		"\n"
+		"If you set this option to an empty string, default NSS root"
+		"certificates are loaded.\n"
+		"\n"
+		"If you change this option or the file, you must "
+		"restart ELinks for the changes to take effect. "
+		"This option affects GnuTLS and nss_compat_ossl but not "
+		"OpenSSL.")),
+#else
 	INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
 		"cert_verify", 0, 0,
 		N_("Verify the peer's SSL certificate. Note that this "
 		"needs extensive configuration of OpenSSL by the user.")),
+#endif
 
 	INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),
         	"client_cert", OPT_SORT,
@@ -187,7 +217,8 @@ static union option_info gnutls_options[] = {
 		"\n"
 		"If you change this option or the file, you must "
 		"restart ELinks for the changes to take effect. "
-		"This option affects GnuTLS but not OpenSSL.")),
+		"This option affects GnuTLS and nss_compat_ossl but not "
+		"OpenSSL.")),
 
 	NULL_OPTION_INFO,
 };
elinks package update Signed-off-by: basebuilder_pel7ppc64lebuilder0 <basebuilder@powerel.org> 5 years ago			`src/network/ssl/ssl.c \| 33 ++++++++++++++++++++++++++++++++-`
			`1 files changed, 32 insertions(+), 1 deletions(-)`

			`diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c`
			`index 73446b5..eadff7f 100644`
			`--- a/src/network/ssl/ssl.c`
			`+++ b/src/network/ssl/ssl.c`
			`@@ -48,10 +48,20 @@ SSL_CTX *context = NULL;`
			`static void`
			`init_openssl(struct module *module)`
			`{`
			`+ unsigned char *ca_file;`
			`SSLeay_add_ssl_algorithms();`
			`context = SSL_CTX_new(SSLv23_client_method());`
			`SSL_CTX_set_options(context, SSL_OP_ALL);`
			`+#ifdef CONFIG_NSS_COMPAT_OSSL`
			`+ ca_file = get_opt_str("connection.ssl.trusted_ca_file");`
			`+ if (*ca_file)`
			`+ SSL_CTX_load_verify_locations(context, ca_file, NULL);`
			`+ else`
			`+ SSL_CTX_set_default_verify_paths(context);`
			`+#else`
			`+ (void) ca_file;`
			`SSL_CTX_set_default_verify_paths(context);`
			`+#endif`
			`}`

			`static void`
			`@@ -61,10 +71,30 @@ done_openssl(struct module *module)`
			`}`

			`static union option_info openssl_options[] = {`
			`+#ifdef CONFIG_NSS_COMPAT_OSSL`
			`+ INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),`
			`+ "cert_verify", 0, 0,`
			`+ N_("Verify the peer's SSL certificate.")),`
			`+`
			`+ INIT_OPT_STRING("connection.ssl", N_("Trusted CA file"),`
			`+ "trusted_ca_file", 0, "/etc/pki/tls/certs/ca-bundle.crt",`
			`+ N_("The location of a file containing certificates of "`
			`+ "trusted certification authorities in PEM format. "`
			`+ "ELinks then trusts certificates issued by these CAs.\n"`
			`+ "\n"`
			`+ "If you set this option to an empty string, default NSS root"`
			`+ "certificates are loaded.\n"`
			`+ "\n"`
			`+ "If you change this option or the file, you must "`
			`+ "restart ELinks for the changes to take effect. "`
			`+ "This option affects GnuTLS and nss_compat_ossl but not "`
			`+ "OpenSSL.")),`
			`+#else`
			`INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),`
			`"cert_verify", 0, 0,`
			`N_("Verify the peer's SSL certificate. Note that this "`
			`"needs extensive configuration of OpenSSL by the user.")),`
			`+#endif`

			`INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),`
			`"client_cert", OPT_SORT,`
			`@@ -187,7 +217,8 @@ static union option_info gnutls_options[] = {`
			`"\n"`
			`"If you change this option or the file, you must "`
			`"restart ELinks for the changes to take effect. "`
			`- "This option affects GnuTLS but not OpenSSL.")),`
			`+ "This option affects GnuTLS and nss_compat_ossl but not "`
			`+ "OpenSSL.")),`

			`NULL_OPTION_INFO,`
			`};`