From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tobias Geerinckx-Rice Subject: Re: [PATCH] gnu: lynx: Support HTTPS (SSL) connections Date: Sat, 19 Mar 2016 18:29:12 +0100 Message-ID: References: <1457059066-8060-1-git-send-email-tobias.geerinckx.rice@gmail.com> <20160304030140.GA30676@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42302) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahKgc-0000ZZ-DW for guix-devel@gnu.org; Sat, 19 Mar 2016 13:29:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ahKgb-00009f-8k for guix-devel@gnu.org; Sat, 19 Mar 2016 13:29:14 -0400 Received: from mail-ob0-x233.google.com ([2607:f8b0:4003:c01::233]:34059) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ahKgb-00009N-3s for guix-devel@gnu.org; Sat, 19 Mar 2016 13:29:13 -0400 Received: by mail-ob0-x233.google.com with SMTP id ts10so143711321obc.1 for ; Sat, 19 Mar 2016 10:29:13 -0700 (PDT) In-Reply-To: <20160304030140.GA30676@jasmine> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Leo Famulari Cc: guix-devel@gnu.org Leo, On 04/03/2016, Leo Famulari wrote: > On Fri, Mar 04, 2016 at 03:37:46AM +0100, tobias.geerinckx.rice@gmail.com > wrote: >> From: Tobias Geerinckx-Rice >> >> * gnu/packages/lynx.scm (lynx)[inputs]: Add 'openssl'. >> [arguments]: Convert to list; add configure flag for SSL support. Scratch that. I assumed that since =E2=80=98--with-gnutls=E2=80=99 was already present (a= nd detected by ./configure, and listed by ldd...), GnuTLS just wasn't enough to provide the full HTTPS experience and OpenSSL was required. I was wrong. > Also, what is role of gnutls once this patch is applied? Does lynx need > to refer to both gnutls and openssl? The actual solution is a bit silly. All that is actually needed to get `lynx https://google.com=E2=80=99 working again is: --- diff --git a/gnu/packages/lynx.scm b/gnu/packages/lynx.scm index 3182b3e..080fbb3 100644 --- a/gnu/packages/lynx.scm +++ b/gnu/packages/lynx.scm @@ -57,7 +57,7 @@ "--with-screen=3Dncurses" "--with-zlib" "--with-bzlib" - "--with-gnutls" + "--with-gnutls=3D" ;; "--with-socks5" ; XXX TODO "--enable-widec" "--enable-ascii-ctypes" --- Yep. Is this unusual? Can't say I feel much enthusiasm to read/debug autoconf macros... > Can you say if you learned anything else... "interesting" about lynx and > https support? > > For example, a couple months ago I was reading our bug reports and saw > an old one about https support in w3m (another console browser). I dug a > little deeper and realized that https support was completely broken by > default. You can see the result in commit 62339e2d493bf87. > > So, do you know if lynx is still supporting broken ciphers and > protocols, or if there are other problems of that nature? My main motivation was to have access to HTTPS sites while working on my X-less GuixSD box, which works with the patch above. However: ~$ lynx https://www.ssllabs.com/ssltest/viewMyClient.html Looking up www.ssllabs.com Making HTTPS connection to www.ssllabs.com Retrying connection without TLS. Looking up www.ssllabs.com Making HTTPS connection to www.ssllabs.com Alert!: Unable to make secure connection to remote host. Not sure I want to dive into this mess. Kind regards, T G-R