Blame SOURCES/elinks-nss-inc.patch

68f3b8
 src/network/ssl/ssl.c |   33 ++++++++++++++++++++++++++++++++-
68f3b8
 1 files changed, 32 insertions(+), 1 deletions(-)
68f3b8
68f3b8
diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c
68f3b8
index 73446b5..eadff7f 100644
68f3b8
--- a/src/network/ssl/ssl.c
68f3b8
+++ b/src/network/ssl/ssl.c
68f3b8
@@ -48,10 +48,20 @@ SSL_CTX *context = NULL;
68f3b8
 static void
68f3b8
 init_openssl(struct module *module)
68f3b8
 {
68f3b8
+	unsigned char *ca_file;
68f3b8
 	SSLeay_add_ssl_algorithms();
68f3b8
 	context = SSL_CTX_new(SSLv23_client_method());
68f3b8
 	SSL_CTX_set_options(context, SSL_OP_ALL);
68f3b8
+#ifdef CONFIG_NSS_COMPAT_OSSL
68f3b8
+	ca_file = get_opt_str("connection.ssl.trusted_ca_file");
68f3b8
+	if (*ca_file)
68f3b8
+		SSL_CTX_load_verify_locations(context, ca_file, NULL);
68f3b8
+	else
68f3b8
+		SSL_CTX_set_default_verify_paths(context);
68f3b8
+#else
68f3b8
+	(void) ca_file;
68f3b8
 	SSL_CTX_set_default_verify_paths(context);
68f3b8
+#endif
68f3b8
 }
68f3b8
 
68f3b8
 static void
68f3b8
@@ -61,10 +71,30 @@ done_openssl(struct module *module)
68f3b8
 }
68f3b8
 
68f3b8
 static union option_info openssl_options[] = {
68f3b8
+#ifdef CONFIG_NSS_COMPAT_OSSL
68f3b8
+	INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
68f3b8
+		"cert_verify", 0, 0,
68f3b8
+		N_("Verify the peer's SSL certificate.")),
68f3b8
+
68f3b8
+	INIT_OPT_STRING("connection.ssl", N_("Trusted CA file"),
68f3b8
+		"trusted_ca_file", 0, "/etc/pki/tls/certs/ca-bundle.crt",
68f3b8
+		N_("The location of a file containing certificates of "
68f3b8
+		"trusted certification authorities in PEM format. "
68f3b8
+		"ELinks then trusts certificates issued by these CAs.\n"
68f3b8
+		"\n"
68f3b8
+		"If you set this option to an empty string, default NSS root"
68f3b8
+		"certificates are loaded.\n"
68f3b8
+		"\n"
68f3b8
+		"If you change this option or the file, you must "
68f3b8
+		"restart ELinks for the changes to take effect. "
68f3b8
+		"This option affects GnuTLS and nss_compat_ossl but not "
68f3b8
+		"OpenSSL.")),
68f3b8
+#else
68f3b8
 	INIT_OPT_BOOL("connection.ssl", N_("Verify certificates"),
68f3b8
 		"cert_verify", 0, 0,
68f3b8
 		N_("Verify the peer's SSL certificate. Note that this "
68f3b8
 		"needs extensive configuration of OpenSSL by the user.")),
68f3b8
+#endif
68f3b8
 
68f3b8
 	INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),
68f3b8
         	"client_cert", OPT_SORT,
68f3b8
@@ -187,7 +217,8 @@ static union option_info gnutls_options[] = {
68f3b8
 		"\n"
68f3b8
 		"If you change this option or the file, you must "
68f3b8
 		"restart ELinks for the changes to take effect. "
68f3b8
-		"This option affects GnuTLS but not OpenSSL.")),
68f3b8
+		"This option affects GnuTLS and nss_compat_ossl but not "
68f3b8
+		"OpenSSL.")),
68f3b8
 
68f3b8
 	NULL_OPTION_INFO,
68f3b8
 };