aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTatsuya Kinoshita <tats@debian.org>2021-02-13 10:36:38 +0000
committerTatsuya Kinoshita <tats@debian.org>2021-02-13 11:22:04 +0000
commitc7040ae3ada22c7a47253e59e8a354a0b1b18e00 (patch)
tree3d8ede2bb031c0ac51a26039abe98c8ac3dd246c
parentDoc fix (diff)
downloadw3m-c7040ae3ada22c7a47253e59e8a354a0b1b18e00.tar.gz
w3m-c7040ae3ada22c7a47253e59e8a354a0b1b18e00.zip
Add auto-detection of ssl_ca_file by configure
cf. gnutls-trustfiles in Emacs 27.1 <https://git.savannah.gnu.org/cgit/emacs.git/tree/lisp/net/gnutls.el?h=emacs-27.1#n106>
-rw-r--r--acinclude.m420
-rw-r--r--config.h.dist3
-rw-r--r--config.h.in1
-rwxr-xr-xconfigure33
-rw-r--r--doc-jp/README.SSL3
-rw-r--r--fm.h2
6 files changed, 59 insertions, 3 deletions
diff --git a/acinclude.m4 b/acinclude.m4
index b09f4e6..7a63260 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -510,6 +510,26 @@ if test x"$with_ssl" != xno; then
AC_MSG_RESULT($enable_sslverify)
fi
fi
+AC_SUBST(DEF_CAFILE)
+w3m_cafile=""
+if test x"$enable_sslverify" = xyes; then
+ AC_MSG_CHECKING(for CA bundle location)
+ AC_ARG_WITH(cafile,
+ [ --with-cafile=CAFILE CA file to verify SSL certificate],
+ [w3m_cafile="$with_cafile"],[
+ for f in /etc/ssl/certs/ca-certificates.crt \
+ /etc/pki/tls/certs/ca-bundle.crt \
+ /etc/ssl/ca-bundle.pem \
+ /usr/ssl/certs/ca-bundle.crt \
+ /usr/local/share/certs/ca-root-nss.crt \
+ /etc/ssl/cert.pem \
+ /etc/certs/ca-certificates.crt; do
+ if test -f "$f" -a -r "$f"; then w3m_cafile="$f"; break; fi
+ done
+ ])
+ AC_MSG_RESULT($w3m_cafile)
+fi
+AC_DEFINE_UNQUOTED(DEF_CAFILE, "$w3m_cafile")
AC_SUBST(USE_DIGEST_AUTH)
AC_MSG_CHECKING(if digest auth is enabled)
AC_ARG_ENABLE(digest_auth,
diff --git a/config.h.dist b/config.h.dist
index 90c224a..81474da 100644
--- a/config.h.dist
+++ b/config.h.dist
@@ -128,7 +128,8 @@ INSTALL_W3MIMGDISPLAY=$(INSTALL_PROGRAM)
#define USE_COOKIE
#define USE_DIGEST_AUTH
#define USE_SSL
-#undef USE_SSL_VERIFY
+#define USE_SSL_VERIFY
+#define DEF_CAFILE "/etc/ssl/certs/ca-certificates.crt"
#undef USE_NNTP
#undef USE_GOPHER
#define USE_EXTERNAL_URI_LOADER
diff --git a/config.h.in b/config.h.in
index 70e1aef..8a3829d 100644
--- a/config.h.in
+++ b/config.h.in
@@ -61,6 +61,7 @@
#undef USE_DIGEST_AUTH
#undef USE_SSL
#undef USE_SSL_VERIFY
+#define DEF_CAFILE "@DEF_CAFILE@"
#undef USE_HELP_CGI
#undef USE_EXTERNAL_URI_LOADER
#undef USE_W3MMAILER
diff --git a/configure b/configure
index 7861cce..2ba2abd 100755
--- a/configure
+++ b/configure
@@ -634,6 +634,7 @@ AUXBIN_TARGETS
USE_SYSMOUSE
USE_W3M
USE_DIGEST_AUTH
+DEF_CAFILE
SSL_LIBS
SSL_CFLAGS
PKG_CONFIG_LIBDIR
@@ -836,6 +837,7 @@ with_browser
enable_ipv6
with_ssl
enable_sslverify
+with_cafile
enable_digest_auth
with_termlib
with_gc
@@ -1534,6 +1536,7 @@ Optional Packages:
--with-mailer=MAILER default mailer (/usr/bin/mail)
--with-browser=BROWSER default browser (/usr/bin/firefox)
--with-ssl=PREFIX support https protocol
+ --with-cafile=CAFILE CA file to verify SSL certificate
--with-termlib=LIBS terminal library
LIBS is space separated list of:
terminfo mytinfo termcap tinfo ncurses curses
@@ -8558,6 +8561,36 @@ $as_echo "$enable_sslverify" >&6; }
fi
fi
+w3m_cafile=""
+if test x"$enable_sslverify" = xyes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CA bundle location" >&5
+$as_echo_n "checking for CA bundle location... " >&6; }
+
+# Check whether --with-cafile was given.
+if test "${with_cafile+set}" = set; then :
+ withval=$with_cafile; w3m_cafile="$with_cafile"
+else
+
+ for f in /etc/ssl/certs/ca-certificates.crt \
+ /etc/pki/tls/certs/ca-bundle.crt \
+ /etc/ssl/ca-bundle.pem \
+ /usr/ssl/certs/ca-bundle.crt \
+ /usr/local/share/certs/ca-root-nss.crt \
+ /etc/ssl/cert.pem \
+ /etc/certs/ca-certificates.crt; do
+ if test -f "$f" -a -r "$f"; then w3m_cafile="$f"; break; fi
+ done
+
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $w3m_cafile" >&5
+$as_echo "$w3m_cafile" >&6; }
+fi
+cat >>confdefs.h <<_ACEOF
+#define DEF_CAFILE "$w3m_cafile"
+_ACEOF
+
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if digest auth is enabled" >&5
$as_echo_n "checking if digest auth is enabled... " >&6; }
# Check whether --enable-digest_auth was given.
diff --git a/doc-jp/README.SSL b/doc-jp/README.SSL
index eb86167..1566ec1 100644
--- a/doc-jp/README.SSL
+++ b/doc-jp/README.SSL
@@ -43,7 +43,8 @@ SSL サポートについて
SSLの認証局のPEM形式証明書群のあるディレクトリへのパス
(デフォルトは<NULL>).
ssl_ca_file ファイル名
- SSLの認証局のPEM形式証明書群のファイル(デフォルトは<NULL>).
+ SSLの認証局のPEM形式証明書群のファイル(デフォルトはconfigureで
+ 自動設定).
ただし「SSLEAY_VERSION_NUMBER >= 0x0800」な環境でないと無駄なコードが増
えるだけなので, configure時にdisableしておいたほうがよいでしょう.
diff --git a/fm.h b/fm.h
index 0c63c8e..c4a951f 100644
--- a/fm.h
+++ b/fm.h
@@ -1185,7 +1185,7 @@ global int ssl_verify_server init(TRUE);
global char *ssl_cert_file init(NULL);
global char *ssl_key_file init(NULL);
global char *ssl_ca_path init(NULL);
-global char *ssl_ca_file init(NULL);
+global char *ssl_ca_file init(DEF_CAFILE);
global int ssl_path_modified init(FALSE);
#endif /* defined(USE_SSL) &&
* defined(USE_SSL_VERIFY) */