On Sat, Mar 19, 2016 at 06:29:12PM +0100, Tobias Geerinckx-Rice wrote: > Leo, > > On 04/03/2016, Leo Famulari wrote: > > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.rice@gmail.com > > wrote: > >> From: Tobias Geerinckx-Rice > >> > >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'. > >> [arguments]: Convert to list; add configure flag for SSL support. > > Scratch that. > > I assumed that since ‘--with-gnutls’ was already present (and detected > by ./configure, and listed by ldd...), GnuTLS just wasn't enough to > provide the full HTTPS experience and OpenSSL was required. I was > wrong. > > > Also, what is role of gnutls once this patch is applied? Does lynx need > > to refer to both gnutls and openssl? > > The actual solution is a bit silly. All that is actually needed to get > `lynx https://google.com’ working again is: > > --- > diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm > index 3182b3e..080fbb3 100644 > --- a/gnu/packages/lynx.scm > +++ b/gnu/packages/lynx.scm > @@ -57,7 +57,7 @@ > "--with-screen=ncurses" > "--with-zlib" > "--with-bzlib" > - "--with-gnutls" > + "--with-gnutls=" Is this supposed to be empty at the end? I would assume it would want something like (string-append "--with-gnutls=" (assoc-ref %build-inputs "gnutls")). > ;; "--with-socks5" ; XXX TODO > "--enable-widec" > "--enable-ascii-ctypes" > --- > > Yep. > > Is this unusual? Can't say I feel much enthusiasm to read/debug > autoconf macros... > > > Can you say if you learned anything else... "interesting" about lynx and > > https support? > > > > For example, a couple months ago I was reading our bug reports and saw > > an old one about https support in w3m (another console browser). I dug a > > little deeper and realized that https support was completely broken by > > default. You can see the result in commit 62339e2d493bf87. > > > > So, do you know if lynx is still supporting broken ciphers and > > protocols, or if there are other problems of that nature? > > My main motivation was to have access to HTTPS sites while working on > my X-less GuixSD box, which works with the patch above. However: > > ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html > Looking up www.ssllabs.com > Making HTTPS connection to www.ssllabs.com > Retrying connection without TLS. > Looking up www.ssllabs.com > Making HTTPS connection to www.ssllabs.com > Alert!: Unable to make secure connection to remote host. > > Not sure I want to dive into this mess. > > Kind regards, > > T G-R > Wouldn't fix lynx, but I can say that links is working fairly well for me and I haven't been "locked out" of a non-https website. -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted