From: deraadt Date: Fri, 21 Apr 2000 18:53:15 +0000 (+0000) Subject: a little bit of glue to call openssl; mark@moxienet.com X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=6adc90ad1bad734879bd0824de8d13515d38b473;p=openbsd a little bit of glue to call openssl; mark@moxienet.com --- diff --git a/gnu/usr.bin/lynx/Makefile.bsd-wrapper b/gnu/usr.bin/lynx/Makefile.bsd-wrapper index 5c7a20c76d3..758bd788e0f 100644 --- a/gnu/usr.bin/lynx/Makefile.bsd-wrapper +++ b/gnu/usr.bin/lynx/Makefile.bsd-wrapper @@ -1,7 +1,10 @@ -# $OpenBSD: Makefile.bsd-wrapper,v 1.7 2000/03/25 18:16:42 maja Exp $ +# $OpenBSD: Makefile.bsd-wrapper,v 1.8 2000/04/21 18:53:15 deraadt Exp $ MAN= lynx.1 +COPTS+= -DUSE_SSL CLEANFILES= lynx.1 +DPADD= ${LIBSSL} ${LIBCRYPTO} +LDADD= -lssl -lcrypto GNUCFLAGS= CC="${CC}" CFLAGS="${CFLAGS} ${COPTS}" HTMLDIR= /usr/share/doc/html HELPFILES= keystrokes/alt_edit_help.html keystrokes/bookmark_help.html \ diff --git a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTAAUtil.c b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTAAUtil.c index a0312b49835..20463162247 100644 --- a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTAAUtil.c +++ b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTAAUtil.c @@ -49,6 +49,13 @@ #include /* Assoc list */ #include +#ifdef USE_SSL +#define free_func free__func +#include +#undef free_func +PRIVATE SSL * Handle = NULL; /* The SSL Handle */ +#endif /* USE_SSL */ + #include #include @@ -554,7 +561,14 @@ PUBLIC char *HTAA_getUnfoldedLine NOARGS /* Reading from socket */ if (start_pointer >= end_pointer) {/*Read the next block and continue*/ +#ifdef USE_SSL + if (Handle) + count = SSL_read(Handle, buffer, BUFFER_SIZE); + else + count = NETREAD(in_soc, buffer, BUFFER_SIZE); +#else count = NETREAD(in_soc, buffer, BUFFER_SIZE); +#endif /* USE_SSL */ if (count <= 0) { in_soc = -1; return line; diff --git a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTFormat.c b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTFormat.c index f214b536966..ed309bf3796 100644 --- a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTFormat.c +++ b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTFormat.c @@ -16,6 +16,12 @@ */ #include +#ifdef USE_SSL +#define free_func free__func +#include +#undef free_func +#endif /* USE_SSL */ + PUBLIC float HTMaxSecs = 1e10; /* No effective limit */ PUBLIC float HTMaxLength = 1e10; /* No effective limit */ PUBLIC long int HTMaxBytes = 0; /* No effective limit */ @@ -254,6 +260,39 @@ PUBLIC int HTGetCharacter NOARGS return FROMASCII((unsigned char)ch); } +#ifdef USE_SSL +PUBLIC char HTGetSSLCharacter ARGS1(void *, handle) +{ + char ch; + interrupted_in_htgetcharacter = 0; + if(!handle) + return (char)EOF; + do { + if (input_pointer >= input_limit) { + int status = SSL_read((SSL *)handle, + input_buffer, INPUT_BUFFER_SIZE); + if (status <= 0) { + if (status == 0) + return (char)EOF; + if (status == HT_INTERRUPTED) { + CTRACE(tfp, "HTFormat: Interrupted in HTGetSSLCharacter\n"); + interrupted_in_htgetcharacter = 1; + return (char)EOF; + } + CTRACE(tfp, "HTFormat: SSL_read error %d\n", status); + return (char)EOF; /* -1 is returned by UCX + at end of HTTP link */ + } + input_pointer = input_buffer; + input_limit = input_buffer + status; + } + ch = *input_pointer++; + } while (ch == (char) 13); /* Ignore ASCII carriage return */ + + return FROMASCII(ch); +} +#endif /* USE_SSL */ + /* Match maintype to any MIME type starting with maintype, * for example: image/gif should match image */ @@ -624,7 +663,14 @@ PUBLIC int HTCopy ARGS4( goto finished; } +#ifdef USE_SSL + if (handle) + status = SSL_read((SSL *)handle, input_buffer, INPUT_BUFFER_SIZE); + else + status = NETREAD(file_number, input_buffer, INPUT_BUFFER_SIZE); +#else status = NETREAD(file_number, input_buffer, INPUT_BUFFER_SIZE); +#endif /* USE_SSL */ if (status <= 0) { if (status == 0) { diff --git a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTNews.c b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTNews.c index 5b16ee3c90d..5d511904e52 100644 --- a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTNews.c +++ b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTNews.c @@ -35,9 +35,26 @@ PUBLIC int HTNewsMaxChunk = 40; /* Largest number of articles in one window */ #define SERVER_FILE "/usr/local/lib/rn/server" #endif /* SERVER_FILE */ +#ifdef USE_SSL +#define free_func free__func +#include +#undef free_func +extern SSL_CTX * ssl_ctx; +extern SSL * HTGetSSLHandle NOPARAMS; +PRIVATE SSL * Handle = NULL; +PRIVATE int channel_s = 1; +#define NEWS_NETWRITE(sock, buff, size) \ + (Handle ? SSL_write(Handle, buff, size) : NETWRITE(sock, buff, size)) +#define NEWS_NETCLOSE(sock) \ + { (void)NETCLOSE(sock); if (Handle) SSL_free(Handle); Handle = NULL; } +extern char HTGetSSLCharacter PARAMS((void *handle)); +PRIVATE char HTNewsGetCharacter NOPARAMS; +#define NEXT_CHAR HTNewsGetCharacter() +#else #define NEWS_NETWRITE NETWRITE #define NEWS_NETCLOSE NETCLOSE #define NEXT_CHAR HTGetCharacter() +#endif /* USE_SSL */ #include #include @@ -2121,11 +2138,13 @@ PRIVATE int HTLoadNews ARGS4( group_wanted) && strchr(arg, '@') == NULL) && (strchr(arg, '*') != NULL); +#ifndef USE_SSL if (!strncasecomp(arg, "snewspost:", 10) || !strncasecomp(arg, "snewsreply:", 11)) { HTAlert(FAILED_CANNOT_POST_SSL); return HT_NOT_LOADED; } +#endif /* !USE_SSL */ if (post_wanted || reply_wanted || spost_wanted || sreply_wanted) { /* ** Make sure we have a non-zero path for the newsgroup(s). - FM @@ -2213,8 +2232,43 @@ PRIVATE int HTLoadNews ARGS4( StrAllocCopy(NewsHREF, command); } else if (!strncasecomp(arg, "snews:", 6)) { +#ifdef USE_SSL + if (((*(arg + 6) == '\0') || + (!strcmp((arg + 6), "/") || + !strcmp((arg + 6), "//") || + !strcmp((arg + 6), "///"))) || + ((!strncmp((arg + 6), "//", 2)) && + (!(cp = strchr((arg + 8), '/')) || *(cp + 1) == '\0'))) { + p1 = "*"; + group_wanted = FALSE; + list_wanted = TRUE; + } else if (*(arg + 6) != '/') { + p1 = (arg + 6); + } else if (*(arg + 6) == '/' && *(arg + 7) != '/') { + p1 = (arg + 7); + } else { + p1 = (cp + 1); + } + if (!(cp = HTParse(arg, "", PARSE_HOST)) || *cp == '\0') { + if (s >= 0 && NewsHost && strcasecomp(NewsHost, HTNewsHost)) { + NEWS_NETCLOSE(s); + s = -1; + } + StrAllocCopy(NewsHost, HTNewsHost); + } else { + if (s >= 0 && NewsHost && strcasecomp(NewsHost, cp)) { + NEWS_NETCLOSE(s); + s = -1; + } + StrAllocCopy(NewsHost, cp); + } + FREE(cp); + sprintf(command, "snews://%.250s/", NewsHost); + StrAllocCopy(NewsHREF, command); +#else HTAlert(gettext("This client does not contain support for SNEWS URLs.")); return HT_NOT_LOADED; +#endif /* USE_SSL */ } else if (!strncasecomp (arg, "news:/", 6)) { if (((*(arg + 6) == '\0') || @@ -2426,7 +2480,18 @@ PRIVATE int HTLoadNews ARGS4( _HTProgress(gettext("Connecting to NewsHost ...")); +#ifdef USE_SSL + if (!using_proxy && + (!strncmp(arg, "snews:", 6) || + !strncmp(arg, "snewspost:", 10) || + !strncmp(arg, "snewsreply:", 11))) + status = HTDoConnect (url, "NNTPS", SNEWS_PORT, &s); + else + status = HTDoConnect (url, "NNTP", NEWS_PORT, &s); +#else status = HTDoConnect (url, "NNTP", NEWS_PORT, &s); +#endif /* USE_SSL */ + if (status == HT_INTERRUPTED) { /* ** Interrupt cleanly. @@ -2442,6 +2507,12 @@ PRIVATE int HTLoadNews ARGS4( FREE(ProxyHost); FREE(ProxyHREF); FREE(ListArg); +#ifdef USE_SSL + if (Handle) { + SSL_free(Handle); + Handle = NULL; + } +#endif /* USE_SSL */ if (postfile) { HTSYS_remove(postfile); FREE(postfile); @@ -2472,6 +2543,49 @@ PRIVATE int HTLoadNews ARGS4( } else { CTRACE(tfp, "HTNews: Connected to news host %s.\n", NewsHost); +#ifdef USE_SSL + /* + ** If this is an snews url, + ** then do the SSL stuff here + */ + if (!using_proxy && + (!strncmp(url, "snews", 5) || + !strncmp(url, "snewspost:", 10) || + !strncmp(url, "snewsreply:", 11))) { + Handle = HTGetSSLHandle(); + SSL_set_fd(Handle, s); + status = SSL_connect(Handle); + + if (status <= 0) { + CTRACE(tfp, +"HTNews: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n", + url, status); + HTAlert( + "Unable to make secure connection to remote host."); + NEWS_NETCLOSE(s); + s = -1; + if (!(post_wanted || reply_wanted || + spost_wanted || sreply_wanted)) + (*targetClass._abort)(target, NULL); + FREE(NewsHost); + FREE(NewsHREF); + FREE(ProxyHost); + FREE(ProxyHREF); + FREE(ListArg); + if (postfile) { +#ifdef VMS + while (remove(postfile) == 0) + ; /* loop through all versions */ +#else + remove(postfile); +#endif /* VMS */ + FREE(postfile); + } + return HT_NOT_LOADED; + } + _HTProgress(SSL_get_cipher(Handle)); + } +#endif /* USE_SSL */ HTInitInput(s); /* set up buffering */ if (proxycmd[0]) { status = NEWS_NETWRITE(s, proxycmd, strlen(proxycmd)); @@ -2804,6 +2918,45 @@ PUBLIC void HTClearNNTPAuthInfo NOARGS free_NNTP_AuthInfo(); } +#ifdef USE_SSL +PRIVATE char HTNewsGetCharacter NOARGS +{ + if (!Handle) + return HTGetCharacter(); + else + return HTGetSSLCharacter((void *)Handle); +} + +PUBLIC int HTNewsProxyConnect ARGS5 (int, sock, CONST char *, url, + HTParentAnchor *, anAnchor, + HTFormat, format_out, + HTStream *, sink) +{ + int status; + CONST char * arg = url; + + s = channel_s = sock; + Handle = HTGetSSLHandle(); + SSL_set_fd(Handle, s); + status = SSL_connect(Handle); + + if (status <= 0) { + channel_s = -1; + CTRACE(tfp, +"HTTP: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n", + url, status); + HTAlert("Unable to make secure connection to remote host."); + NEWS_NETCLOSE(s); + s = -1; + return HT_NOT_LOADED; + } + _HTProgress(SSL_get_cipher(Handle)); + status = HTLoadNews(arg, anAnchor, format_out, sink); + channel_s = -1; + return status; +} +#endif /* USE_SSL */ + #ifdef GLOBALDEF_IS_MACRO #define _HTNEWS_C_1_INIT { "news", HTLoadNews, NULL } GLOBALDEF (HTProtocol,HTNews,_HTNEWS_C_1_INIT); diff --git a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c index 96067a51750..7bad3c773f9 100644 --- a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c +++ b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c @@ -10,6 +10,13 @@ #include #include +#ifdef USE_SSL +#define free_func free__func +#include +#include +#undef free_func +#endif /* USE_SSL */ + #define HTTP_VERSION "HTTP/1.0" #define HTTP_PORT 80 @@ -64,9 +71,51 @@ extern char *http_error_file; /* Store HTTP status code in this file */ extern BOOL traversal; /* TRUE if we are doing a traversal */ extern BOOL dump_output_immediately; /* TRUE if no interactive user */ +#ifdef USE_SSL +PUBLIC SSL_CTX * ssl_ctx = NULL; /* SSL ctx */ + +PRIVATE void free_ssl_ctx NOARGS +{ + if (ssl_ctx != NULL) + SSL_CTX_free(ssl_ctx); +} + +PUBLIC SSL * HTGetSSLHandle NOARGS +{ + if (ssl_ctx == NULL) { + /* + * First time only. + */ +#if SSLEAY_VERSION_NUMBER < 0x0800 + ssl_ctx = SSL_CTX_new(); + X509_set_default_verify_paths(ssl_ctx->cert); +#else + SSLeay_add_ssl_algorithms(); + ssl_ctx = SSL_CTX_new(SSLv23_client_method()); + SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); + SSL_CTX_set_default_verify_paths(ssl_ctx); +#endif /* SSLEAY_VERSION_NUMBER < 0x0800 */ + atexit(free_ssl_ctx); + } + return(SSL_new(ssl_ctx)); +} + +#define HTTP_NETREAD(sock, buff, size, handle) \ + (handle ? SSL_read(handle, buff, size) : NETREAD(sock, buff, size)) +#define HTTP_NETWRITE(sock, buff, size, handle) \ + (handle ? SSL_write(handle, buff, size) : NETWRITE(sock, buff, size)) +#define HTTP_NETCLOSE(sock, handle) \ + { (void)NETCLOSE(sock); if (handle) SSL_free(handle); handle = NULL; } + +extern int HTNewsProxyConnect PARAMS (( int sock, CONST char *url, + HTParentAnchor *anAnchor, + HTFormat format_out, + HTStream *sink )); +#else #define HTTP_NETREAD(a, b, c, d) NETREAD(a, b, c) #define HTTP_NETWRITE(a, b, c, d) NETWRITE(a, b, c) #define HTTP_NETCLOSE(a, b) (void)NETCLOSE(a) +#endif /* USE_SSL */ /* Load Document from HTTP Server HTLoadHTTP() @@ -121,7 +170,18 @@ PRIVATE int HTLoadHTTP ARGS4 ( BOOL doing_redirect, already_retrying = FALSE, bad_location = FALSE; int len = 0; +#ifdef USE_SSL + BOOL do_connect = FALSE; /* ARE WE going to use a proxy tunnel ? */ + BOOL did_connect = FALSE; /* ARE WE actually using a proxy tunnel ? */ + CONST char *connect_url = NULL; /* The URL being proxied */ + char *connect_host = NULL; /* The host being proxied */ + SSL * handle = NULL; /* The SSL handle */ +#if SSLEAY_VERSION_NUMBER >= 0x0900 + BOOL try_tls = TRUE; +#endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */ +#else void * handle = NULL; +#endif /* USE_SSL */ if (anAnchor->isHEAD) do_head = TRUE; @@ -139,6 +199,30 @@ PRIVATE int HTLoadHTTP ARGS4 ( goto done; } +#ifdef USE_SSL + if (using_proxy && !strncmp(url, "http://", 7)) { + if (connect_url = strstr((url+7), "https://")) { + do_connect = TRUE; + connect_host = HTParse(connect_url, "https", PARSE_HOST); + if (!strchr(connect_host, ':')) { + sprintf(temp, ":%d", HTTPS_PORT); + StrAllocCat(connect_host, temp); + } + CTRACE(tfp, "HTTP: connect_url = '%s'\n", connect_url); + CTRACE(tfp, "HTTP: connect_host = '%s'\n", connect_host); + } else if (connect_url = strstr((url+7), "snews://")) { + do_connect = TRUE; + connect_host = HTParse(connect_url, "snews", PARSE_HOST); + if (!strchr(connect_host, ':')) { + sprintf(temp, ":%d", SNEWS_PORT); + StrAllocCat(connect_host, temp); + } + CTRACE(tfp, "HTTP: connect_url = '%s'\n", connect_url); + CTRACE(tfp, "HTTP: connect_host = '%s'\n", connect_host); + } + } +#endif /* USE_SSL */ + sprintf(crlf, "%c%c", CR, LF); /* @@ -162,12 +246,18 @@ try_again: line_kept_clean = NULL; if (!strncmp(url, "https", 5)) +#ifdef USE_SSL + status = HTDoConnect (url, "HTTPS", HTTPS_PORT, &s); + else + status = HTDoConnect (url, "HTTP", HTTP_PORT, &s); +#else { HTAlert(gettext("This client does not contain support for HTTPS URLs.")); status = HT_NOT_LOADED; goto done; } status = HTDoConnect (arg, "HTTP", HTTP_PORT, &s); +#endif /* USE_SSL */ if (status == HT_INTERRUPTED) { /* ** Interrupt cleanly. @@ -185,12 +275,79 @@ try_again: goto done; } +#ifdef USE_SSL +use_tunnel: + /* + ** If this is an https document + ** then do the SSL stuff here + */ + if (did_connect || !strncmp(url, "https", 5)) { + handle = HTGetSSLHandle(); + SSL_set_fd(handle, s); +#if SSLEAY_VERSION_NUMBER >= 0x0900 + if (!try_tls) + handle->options|=SSL_OP_NO_TLSv1; +#endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */ + status = SSL_connect(handle); + + if (status <= 0) { +#if SSLEAY_VERSION_NUMBER >= 0x0900 + if (try_tls) { + CTRACE(tfp, "HTTP: Retrying connection without TLS\n"); + _HTProgress("Retrying connection."); + try_tls = FALSE; + if (did_connect) + HTTP_NETCLOSE(s, handle); + goto try_again; + } else { + CTRACE(tfp, +"HTTP: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n", + url, status); + HTAlert("Unable to make secure connection to remote host."); + if (did_connect) + HTTP_NETCLOSE(s, handle); + status = HT_NOT_LOADED; + goto done; + } +#else + CTRACE(tfp, +"HTTP: Unable to complete SSL handshake for remote host '%s' (SSLerror = %d)\n", + url, status); + HTAlert("Unable to make secure connection to remote host."); + if (did_connect) + HTTP_NETCLOSE(s, handle); + status = HT_NOT_LOADED; + goto done; +#endif /* SSLEAY_VERSION_NUMBER >= 0x0900 */ + } + _HTProgress (SSL_get_cipher(handle)); + +#ifdef NOTDEFINED + if (strcmp(HTParse(url, "", PARSE_HOST), + strstr(X509_NAME_oneline( + X509_get_subject_name( + handle->session->peer)),"/CN=")+4)) { + HTAlert("Certificate is for different host name"); + HTAlert(strstr(X509_NAME_oneline( + X509_get_subject_name( + handle->session->peer)),"/CN=")+4); + } +#endif /* NOTDEFINED */ + } +#endif /* USE_SSL */ + /* Ask that node for the document, ** omitting the host name & anchor */ { char * p1 = (HTParse(url, "", PARSE_PATH|PARSE_PUNCTUATION)); +#ifdef USE_SSL + if (do_connect) { + METHOD = "CONNECT"; + StrAllocCopy(command, "CONNECT "); + } else +#endif /* USE_SSL */ if (do_post) { METHOD = "POST"; StrAllocCopy(command, "POST "); @@ -207,8 +364,17 @@ try_again: ** of say: /gopher://a;lkdjfl;ajdf;lkj/;aldk/adflj ** so that just gopher://.... is sent. */ +#ifdef USE_SSL + if (using_proxy && !did_connect) { + if (do_connect) + StrAllocCat(command, connect_host); + else + StrAllocCat(command, p1+1); + } +#else if (using_proxy) StrAllocCat(command, p1+1); +#endif /* USE_SSL */ else StrAllocCat(command, p1); FREE(p1); @@ -455,6 +621,10 @@ try_again: } else { if (traversal || dump_output_immediately) HTAlert(FAILED_NEED_PASSWD); +#ifdef USE_SSL + if(did_connect) + HTTP_NETCLOSE(s, handle); +#endif /* USE_SSL */ FREE(command); FREE(hostname); FREE(docname); @@ -570,7 +740,11 @@ try_again: auth_proxy = NO; } +#ifdef USE_SSL + if (!do_connect && do_post) { +#else if (do_post) { +#endif /* USE_SSL */ CTRACE (tfp, "HTTP: Doing post, content-type '%s'\n", anAnchor->post_content_type ? anAnchor->post_content_type : "lose"); @@ -596,9 +770,15 @@ try_again: else StrAllocCat(command, crlf); /* Blank line means "end" of headers */ +#ifdef USE_SSL + CTRACE (tfp, "Writing:\n%s%s----------------------------------\n", + command, + (anAnchor->post_data && !do_connect ? crlf : "")); +#else CTRACE (tfp, "Writing:\n%s%s----------------------------------\n", command, (anAnchor->post_data ? crlf : "")); +#endif /* USE_SSL */ _HTProgress (gettext("Sending HTTP request.")); @@ -955,6 +1135,35 @@ try_again: * > 206 is unknown. * All should return something to display. */ +#ifdef USE_SSL + if (do_connect) { + CTRACE(tfp, "HTTP: Proxy tunnel to '%s' established.\n", + connect_host); + do_connect = FALSE; + url = connect_url; + FREE(line_buffer); + FREE(line_kept_clean); + if (!strncmp(connect_url, "snews", 5)) { + CTRACE(tfp, + " Will attempt handshake and snews connection.\n"); + status = HTNewsProxyConnect(s, url, anAnchor, + format_out, sink); + goto done; + } + did_connect = TRUE; + already_retrying = TRUE; + eol = 0; + bytes_already_read = 0; + had_header = NO; + length = 0; + doing_redirect = FALSE; + permanent_redirection = FALSE; + target = NULL; + CTRACE(tfp, + " Will attempt handshake and resubmit headers.\n"); + goto use_tunnel; + } +#endif /* USE_SSL */ HTProgress(line_buffer); } /* case 2 switch */ break; @@ -1512,6 +1721,13 @@ Cookie2_continuation: gettext("Retrying with access authorization information.")); FREE(line_buffer); FREE(line_kept_clean); +#ifdef USE_SSL + if (using_proxy && !strncmp(url, "https://", 8)) { + url = arg; + do_connect = TRUE; + did_connect = FALSE; + } +#endif /* USE_SSL */ goto try_again; } else if (!(traversal || dump_output_immediately) && HTConfirm(gettext("Show the 401 message body?"))) { @@ -1812,6 +2028,15 @@ done: do_head = FALSE; do_post = FALSE; reloading = FALSE; +#ifdef USE_SSL + do_connect = FALSE; + did_connect = FALSE; + FREE(connect_host); + if (handle) { + SSL_free(handle); + handle = NULL; + } +#endif /* USE_SSL */ return status; } diff --git a/gnu/usr.bin/lynx/configure b/gnu/usr.bin/lynx/configure index 83615acc07e..130acb02de4 100644 --- a/gnu/usr.bin/lynx/configure +++ b/gnu/usr.bin/lynx/configure @@ -5223,7 +5223,7 @@ next*) CFLAGS="$CFLAGS -DNEXT -DXMOSAIC_HACK" ;; openbsd*) - LIBS="$LIBS -lcompat -ltermlib" + LIBS="$LIBS -lcompat -ltermlib -lssl -lcrypto" ;; os2*) # We make sure -Zexe is not used -- it would interfere with @PROG_EXT@ diff --git a/gnu/usr.bin/lynx/configure.in b/gnu/usr.bin/lynx/configure.in index d41ebbf1828..7ba388833bf 100644 --- a/gnu/usr.bin/lynx/configure.in +++ b/gnu/usr.bin/lynx/configure.in @@ -290,7 +290,7 @@ next*) CFLAGS="$CFLAGS -DNEXT -DXMOSAIC_HACK" ;; openbsd*) - LIBS="$LIBS -lcompat -ltermlib" + LIBS="$LIBS -lcompat -ltermlib -lssl -lcrypto" ;; os2*) # We make sure -Zexe is not used -- it would interfere with @PROG_EXT@