From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections Date: Sun, 20 Mar 2016 04:15:02 -0400 Message-ID: <20160320081502.GA5079@jasmine> References: <1457059066-8060-1-git-send-email-tobias.geerinckx.rice@gmail.com> <20160304030140.GA30676@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:34593) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahg5h-0008QU-Tb for guix-devel@gnu.org; Sun, 20 Mar 2016 12:20:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ahg5g-00087R-90 for guix-devel@gnu.org; Sun, 20 Mar 2016 12:20:33 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:53605) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahg5g-00087N-5o for guix-devel@gnu.org; Sun, 20 Mar 2016 12:20:32 -0400 Content-Disposition: inline In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Tobias Geerinckx-Rice Cc: guix-devel@gnu.org On Sat, Mar 19, 2016 at 06:29:12PM +0100, Tobias Geerinckx-Rice wrote: > Leo, > > On 04/03/2016, Leo Famulari wrote: > > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.rice@gmail.com > > wrote: > >> From: Tobias Geerinckx-Rice > >> > >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'. > >> [arguments]: Convert to list; add configure flag for SSL support. > > Scratch that. > > I assumed that since ‘--with-gnutls’ was already present (and detected > by ./configure, and listed by ldd...), GnuTLS just wasn't enough to > provide the full HTTPS experience and OpenSSL was required. I was > wrong. > > > Also, what is role of gnutls once this patch is applied? Does lynx need > > to refer to both gnutls and openssl? > > The actual solution is a bit silly. All that is actually needed to get > `lynx https://google.com’ working again is: With this change, I can access google over https, but not the handful of other sites I tried. Are you able to access any other sites with https? > > --- > diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm > index 3182b3e..080fbb3 100644 > --- a/gnu/packages/lynx.scm > +++ b/gnu/packages/lynx.scm > @@ -57,7 +57,7 @@ > "--with-screen=ncurses" > "--with-zlib" > "--with-bzlib" > - "--with-gnutls" > + "--with-gnutls=" > ;; "--with-socks5" ; XXX TODO > "--enable-widec" > "--enable-ascii-ctypes" > --- > > Yep. > > Is this unusual? Can't say I feel much enthusiasm to read/debug > autoconf macros... > > > Can you say if you learned anything else... "interesting" about lynx and > > https support? > > > > For example, a couple months ago I was reading our bug reports and saw > > an old one about https support in w3m (another console browser). I dug a > > little deeper and realized that https support was completely broken by > > default. You can see the result in commit 62339e2d493bf87. > > > > So, do you know if lynx is still supporting broken ciphers and > > protocols, or if there are other problems of that nature? > > My main motivation was to have access to HTTPS sites while working on > my X-less GuixSD box, which works with the patch above. However: > > ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html > Looking up www.ssllabs.com > Making HTTPS connection to www.ssllabs.com > Retrying connection without TLS. > Looking up www.ssllabs.com > Making HTTPS connection to www.ssllabs.com > Alert!: Unable to make secure connection to remote host. > > Not sure I want to dive into this mess. > > Kind regards, > > T G-R