From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections Date: Wed, 6 Apr 2016 21:32:39 -0400 Message-ID: <20160407013239.GA16621@jasmine> References: <1457059066-8060-1-git-send-email-tobias.geerinckx.rice@gmail.com> <20160304030140.GA30676@jasmine> <20160320081502.GA5079@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35812) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1anyoN-0007z1-QS for guix-devel@gnu.org; Wed, 06 Apr 2016 21:32:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1anyoK-0003fa-Jt for guix-devel@gnu.org; Wed, 06 Apr 2016 21:32:43 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:42084) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1anyoK-0003fP-E9 for guix-devel@gnu.org; Wed, 06 Apr 2016 21:32:40 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 007E720B01 for ; Wed, 6 Apr 2016 21:32:39 -0400 (EDT) Content-Disposition: inline In-Reply-To: <20160320081502.GA5079@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Tobias Geerinckx-Rice Cc: guix-devel@gnu.org On Sun, Mar 20, 2016 at 04:15:02AM -0400, Leo Famulari wrote: > On Sat, Mar 19, 2016 at 06:29:12PM +0100, Tobias Geerinckx-Rice wrote: > > Leo, > > > > On 04/03/2016, Leo Famulari wrote: > > > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.rice@gmail.com > > > wrote: > > >> From: Tobias Geerinckx-Rice > > >> > > >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'. > > >> [arguments]: Convert to list; add configure flag for SSL support. > > > > Scratch that. > > > > I assumed that since ‘--with-gnutls’ was already present (and detected > > by ./configure, and listed by ldd...), GnuTLS just wasn't enough to > > provide the full HTTPS experience and OpenSSL was required. I was > > wrong. > > > > > Also, what is role of gnutls once this patch is applied? Does lynx need > > > to refer to both gnutls and openssl? > > > > The actual solution is a bit silly. All that is actually needed to get > > `lynx https://google.com’ working again is: > > With this change, I can access google over https, but not the handful of > other sites I tried. Are you able to access any other sites with https? Ping! > > > > > --- > > diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm > > index 3182b3e..080fbb3 100644 > > --- a/gnu/packages/lynx.scm > > +++ b/gnu/packages/lynx.scm > > @@ -57,7 +57,7 @@ > > "--with-screen=ncurses" > > "--with-zlib" > > "--with-bzlib" > > - "--with-gnutls" > > + "--with-gnutls=" > > ;; "--with-socks5" ; XXX TODO > > "--enable-widec" > > "--enable-ascii-ctypes" > > --- > > > > Yep. > > > > Is this unusual? Can't say I feel much enthusiasm to read/debug > > autoconf macros... > > > > > Can you say if you learned anything else... "interesting" about lynx and > > > https support? > > > > > > For example, a couple months ago I was reading our bug reports and saw > > > an old one about https support in w3m (another console browser). I dug a > > > little deeper and realized that https support was completely broken by > > > default. You can see the result in commit 62339e2d493bf87. > > > > > > So, do you know if lynx is still supporting broken ciphers and > > > protocols, or if there are other problems of that nature? > > > > My main motivation was to have access to HTTPS sites while working on > > my X-less GuixSD box, which works with the patch above. However: > > > > ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html > > Looking up www.ssllabs.com > > Making HTTPS connection to www.ssllabs.com > > Retrying connection without TLS. > > Looking up www.ssllabs.com > > Making HTTPS connection to www.ssllabs.com > > Alert!: Unable to make secure connection to remote host. > > > > Not sure I want to dive into this mess. > > > > Kind regards, > > > > T G-R >