diff options
| author | Tatsuya Kinoshita <tats@debian.org> | 2021-02-13 10:36:38 +0000 |
|---|---|---|
| committer | Tatsuya Kinoshita <tats@debian.org> | 2021-02-13 11:22:04 +0000 |
| commit | c7040ae3ada22c7a47253e59e8a354a0b1b18e00 (patch) | |
| tree | 3d8ede2bb031c0ac51a26039abe98c8ac3dd246c | |
| parent | Doc fix (diff) | |
| download | w3m-c7040ae3ada22c7a47253e59e8a354a0b1b18e00.tar.gz w3m-c7040ae3ada22c7a47253e59e8a354a0b1b18e00.zip | |
Add auto-detection of ssl_ca_file by configure
cf. gnutls-trustfiles in Emacs 27.1
<https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/net/gnutls.el?h=emacs-27.1#n106>
Diffstat (limited to '')
| -rw-r--r-- | acinclude.m4 | 20 | ||||
| -rw-r--r-- | config.h.dist | 3 | ||||
| -rw-r--r-- | config.h.in | 1 | ||||
| -rwxr-xr-x | configure | 33 | ||||
| -rw-r--r-- | doc-jp/README.SSL | 3 | ||||
| -rw-r--r-- | fm.h | 2 |
6 files changed, 59 insertions, 3 deletions
diff --git a/acinclude.m4 b/acinclude.m4 index b09f4e6..7a63260 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -510,6 +510,26 @@ if test x"$with_ssl" != xno; then AC_MSG_RESULT($enable_sslverify) fi fi +AC_SUBST(DEF_CAFILE) +w3m_cafile="" +if test x"$enable_sslverify" = xyes; then + AC_MSG_CHECKING(for CA bundle location) + AC_ARG_WITH(cafile, + [ --with-cafile=CAFILE CA file to verify SSL certificate], + [w3m_cafile="$with_cafile"],[ + for f in /etc/ssl/certs/ca-certificates.crt \ + /etc/pki/tls/certs/ca-bundle.crt \ + /etc/ssl/ca-bundle.pem \ + /usr/ssl/certs/ca-bundle.crt \ + /usr/local/share/certs/ca-root-nss.crt \ + /etc/ssl/cert.pem \ + /etc/certs/ca-certificates.crt; do + if test -f "$f" -a -r "$f"; then w3m_cafile="$f"; break; fi + done + ]) + AC_MSG_RESULT($w3m_cafile) +fi +AC_DEFINE_UNQUOTED(DEF_CAFILE, "$w3m_cafile") AC_SUBST(USE_DIGEST_AUTH) AC_MSG_CHECKING(if digest auth is enabled) AC_ARG_ENABLE(digest_auth, diff --git a/config.h.dist b/config.h.dist index 90c224a..81474da 100644 --- a/config.h.dist +++ b/config.h.dist @@ -128,7 +128,8 @@ INSTALL_W3MIMGDISPLAY=$(INSTALL_PROGRAM) #define USE_COOKIE #define USE_DIGEST_AUTH #define USE_SSL -#undef USE_SSL_VERIFY +#define USE_SSL_VERIFY +#define DEF_CAFILE "/etc/ssl/certs/ca-certificates.crt" #undef USE_NNTP #undef USE_GOPHER #define USE_EXTERNAL_URI_LOADER diff --git a/config.h.in b/config.h.in index 70e1aef..8a3829d 100644 --- a/config.h.in +++ b/config.h.in @@ -61,6 +61,7 @@ #undef USE_DIGEST_AUTH #undef USE_SSL #undef USE_SSL_VERIFY +#define DEF_CAFILE "@DEF_CAFILE@" #undef USE_HELP_CGI #undef USE_EXTERNAL_URI_LOADER #undef USE_W3MMAILER @@ -634,6 +634,7 @@ AUXBIN_TARGETS USE_SYSMOUSE USE_W3M USE_DIGEST_AUTH +DEF_CAFILE SSL_LIBS SSL_CFLAGS PKG_CONFIG_LIBDIR @@ -836,6 +837,7 @@ with_browser enable_ipv6 with_ssl enable_sslverify +with_cafile enable_digest_auth with_termlib with_gc @@ -1534,6 +1536,7 @@ Optional Packages: --with-mailer=MAILER default mailer (/usr/bin/mail) --with-browser=BROWSER default browser (/usr/bin/firefox) --with-ssl=PREFIX support https protocol + --with-cafile=CAFILE CA file to verify SSL certificate --with-termlib=LIBS terminal library LIBS is space separated list of: terminfo mytinfo termcap tinfo ncurses curses @@ -8558,6 +8561,36 @@ $as_echo "$enable_sslverify" >&6; } fi fi +w3m_cafile="" +if test x"$enable_sslverify" = xyes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CA bundle location" >&5 +$as_echo_n "checking for CA bundle location... " >&6; } + +# Check whether --with-cafile was given. +if test "${with_cafile+set}" = set; then : + withval=$with_cafile; w3m_cafile="$with_cafile" +else + + for f in /etc/ssl/certs/ca-certificates.crt \ + /etc/pki/tls/certs/ca-bundle.crt \ + /etc/ssl/ca-bundle.pem \ + /usr/ssl/certs/ca-bundle.crt \ + /usr/local/share/certs/ca-root-nss.crt \ + /etc/ssl/cert.pem \ + /etc/certs/ca-certificates.crt; do + if test -f "$f" -a -r "$f"; then w3m_cafile="$f"; break; fi + done + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $w3m_cafile" >&5 +$as_echo "$w3m_cafile" >&6; } +fi +cat >>confdefs.h <<_ACEOF +#define DEF_CAFILE "$w3m_cafile" +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if digest auth is enabled" >&5 $as_echo_n "checking if digest auth is enabled... " >&6; } # Check whether --enable-digest_auth was given. diff --git a/doc-jp/README.SSL b/doc-jp/README.SSL index eb86167..1566ec1 100644 --- a/doc-jp/README.SSL +++ b/doc-jp/README.SSL @@ -43,7 +43,8 @@ SSL サポートについて SSLの認証局のPEM形式証明書群のあるディレクトリへのパス (デフォルトは<NULL>). ssl_ca_file ファイル名 - SSLの認証局のPEM形式証明書群のファイル(デフォルトは<NULL>). + SSLの認証局のPEM形式証明書群のファイル(デフォルトはconfigureで + 自動設定). ただし「SSLEAY_VERSION_NUMBER >= 0x0800」な環境でないと無駄なコードが増 えるだけなので, configure時にdisableしておいたほうがよいでしょう. @@ -1185,7 +1185,7 @@ global int ssl_verify_server init(TRUE); global char *ssl_cert_file init(NULL); global char *ssl_key_file init(NULL); global char *ssl_ca_path init(NULL); -global char *ssl_ca_file init(NULL); +global char *ssl_ca_file init(DEF_CAFILE); global int ssl_path_modified init(FALSE); #endif /* defined(USE_SSL) && * defined(USE_SSL_VERIFY) */ |