From mboxrd@z Thu Jan 1 00:00:00 1970 From: Efraim Flashner Subject: Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections Date: Sat, 19 Mar 2016 20:41:56 +0200 Message-ID: <20160319184156.GA13367@debian-netbook> References: <1457059066-8060-1-git-send-email-tobias.geerinckx.rice@gmail.com> <20160304030140.GA30676@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="17pEHd4RhPHOinZp" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:56922) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahLp5-0000Rs-RJ for guix-devel@gnu.org; Sat, 19 Mar 2016 14:42:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ahLp2-0002et-KQ for guix-devel@gnu.org; Sat, 19 Mar 2016 14:42:03 -0400 Received: from flashner.co.il ([178.62.234.194]:46846) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahLp2-0002d1-8Y for guix-devel@gnu.org; Sat, 19 Mar 2016 14:42:00 -0400 Content-Disposition: inline In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Tobias Geerinckx-Rice Cc: guix-devel@gnu.org --17pEHd4RhPHOinZp Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Mar 19, 2016 at 06:29:12PM +0100, Tobias Geerinckx-Rice wrote: > Leo, > > On 04/03/2016, Leo Famulari wrote: > > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.rice@gmail.c= om > > wrote: > >> From: Tobias Geerinckx-Rice > >> > >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'. > >> [arguments]: Convert to list; add configure flag for SSL support. > > Scratch that. > > I assumed that since =E2=80=98--with-gnutls=E2=80=99 was already present = (and detected > by ./configure, and listed by ldd...), GnuTLS just wasn't enough to > provide the full HTTPS experience and OpenSSL was required. I was > wrong. > > > Also, what is role of gnutls once this patch is applied? Does lynx need > > to refer to both gnutls and openssl? > > The actual solution is a bit silly. All that is actually needed to get > `lynx https://google.com=E2=80=99 working again is: > > --- > diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm > index 3182b3e..080fbb3 100644 > --- a/gnu/packages/lynx.scm > +++ b/gnu/packages/lynx.scm > @@ -57,7 +57,7 @@ > "--with-screen=3Dncurses" > "--with-zlib" > "--with-bzlib" > - "--with-gnutls" > + "--with-gnutls=3D" Is this supposed to be empty at the end? I would assume it would want something like (string-append "--with-gnutls=3D" (assoc-ref %build-inputs "gnutls")). > ;; "--with-socks5" ; XXX TODO > "--enable-widec" > "--enable-ascii-ctypes" > --- >=20 > Yep. >=20 > Is this unusual? Can't say I feel much enthusiasm to read/debug > autoconf macros... >=20 > > Can you say if you learned anything else... "interesting" about lynx and > > https support? > > > > For example, a couple months ago I was reading our bug reports and saw > > an old one about https support in w3m (another console browser). I dug a > > little deeper and realized that https support was completely broken by > > default. You can see the result in commit 62339e2d493bf87. > > > > So, do you know if lynx is still supporting broken ciphers and > > protocols, or if there are other problems of that nature? >=20 > My main motivation was to have access to HTTPS sites while working on > my X-less GuixSD box, which works with the patch above. However: >=20 > ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html > Looking up www.ssllabs.com > Making HTTPS connection to www.ssllabs.com > Retrying connection without TLS. > Looking up www.ssllabs.com > Making HTTPS connection to www.ssllabs.com > Alert!: Unable to make secure connection to remote host. >=20 > Not sure I want to dive into this mess. >=20 > Kind regards, >=20 > T G-R >=20 Wouldn't fix lynx, but I can say that links is working fairly well for me and I haven't been "locked out" of a non-https website. -- Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --17pEHd4RhPHOinZp Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJW7Z1tAAoJEPTB05F+rO6TTvcP/2oneGyCJlAq6tDCosFjx6xJ /pXJPodAps/aj8REOND+VlpDC47I+dQFUg5E5K9r7NFp5ASdDJzuNAuYWxCQvlxk LzHi0SwnMENDN4FL883HVdQsEzG0YX19pwrO+3aQy8ifL44hbECtpmwxxqPd/u0t 3bvHsn9BH4kfl6g0tkI8dyt/YzooEoUkd343Jn0RutY8/UZUj4i0/865ToYbpIUW iisJ1uIvZ1PbKTEwOCPdn3c4SVM06Qwi6Gffr01+rSu3pQng3FiglD6am+inHZLj LnnMTcO5mB4Zvf4mveySfUUFJOyfUA4gsBzABP/UGh8BX31QOa0LbQi6bkW1mUr4 Up7GsmYc+n7MKf9fXKshzVOu6Miwdak8PrTPUtjTL3w6UvsGN6pfSQr14AhXYddy E046NI4XFOLr5oXPlFzZJVPn1zxkPcWm7Tbt6wviVx4SDWCX/LV3B6AgCTYqfZC3 rnHeuD/TSv+UTDLs2NAtKQtgiQu9opIA70Q4k1oOfLczl/fxyjYFtpJltIMS2edC CkypA17EhNWXXmkbropF/lRfmRvsfmuKE+n+lKa74JuUNOA3EXk1tgKp3T/L/Ibq guFya4ksr8b69SAh52bVyMPIO3Qnii/oEbgG43uLl9OAZrqdzpHWzuvddD8AY04f 8b1ehPrupit2tI34LPNp =9d9q -----END PGP SIGNATURE----- --17pEHd4RhPHOinZp--