[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#797934: marked as done (elinks: Support for SSL authentication using client certs)

Your message dated Mon, 28 Jan 2019 02:46:06 +0000
with message-id <E1gnww2-000HsY-CM@fasolo.debian.org>
and subject line Bug#797934: fixed in elinks 0.13~20190125-1
has caused the Debian Bug report #797934,
regarding elinks: Support for SSL authentication using client certs
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
797934: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797934
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: elinks
Version: 0.12~pre6-10
Severity: wishlist

Hi!

Was checking into the Debian SSO implementation
<https://wiki.debian.org/DebianSingleSignOn>, and noticed that elinks
does not support client certs. I've implemented this, but due to the
GnuTLS rehandshake issue, I've not been able to test them. Once the
other issue is fixed I could probably take another look at this. It
might also make sense to have two options, one for the public and
private key files.

Thanks,
Guillem

diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c
index 363245d..6310018 100644
--- a/src/network/ssl/ssl.c
+++ b/src/network/ssl/ssl.c
@@ -147,6 +147,21 @@ init_gnutls(struct module *module)
 				GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
 	}
 
+	if (get_opt_bool("connection.ssl.client_cert.enable")) {
+		unsigned char *client_cert;
+
+		client_cert = get_opt_str("connection.ssl.client_cert.file");
+		if (!*client_cert) {
+			client_cert = getenv("X509_CLIENT_CERT");
+			if (client_cert && !*client_cert)
+				client_cert = NULL;
+		}
+
+		if (client_cert) {
+			gnutls_certificate_set_x509_key_file(xcred,
+				client_cert, client_cert, GNUTLS_X509_FMT_PEM);
+		}
+	}
 }
 
 static void
@@ -181,6 +196,22 @@ static union option_info gnutls_options[] = {
 		"restart ELinks for the changes to take effect. "
 		"This option affects GnuTLS but not OpenSSL.")),
 
+	INIT_OPT_TREE("connection.ssl", N_("Client Certificates"),
+		"client_cert", OPT_SORT,
+		N_("X509 client certificate options.")),
+
+	INIT_OPT_BOOL("connection.ssl.client_cert", N_("Enable"),
+		"enable", 0, 0,
+		N_("Enable or not the sending of X509 client certificates "
+		"to servers which request them.")),
+
+	INIT_OPT_STRING("connection.ssl.client_cert", N_("Certificate File"),
+		"file", 0, "",
+		N_("The location of a file containing the client certificate "
+		"and unencrypted private key in PEM format. If unset, the "
+		"file pointed to by the X509_CLIENT_CERT variable is used "
+		"instead.")),
+
 	NULL_OPTION_INFO,
 };

--- End Message ---
--- Begin Message --- 
Source: elinks
Source-Version: 0.13~20190125-1

We believe that the bug you reported is fixed in the latest version of
elinks, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 797934@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net> (supplier of updated elinks package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 26 Jan 2019 02:53:52 +0100
Source: elinks
Architecture: source
Version: 0.13~20190125-1
Distribution: experimental
Urgency: medium
Maintainer: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Changed-By: أحمد المحمودي (Ahmed El-Mahmoudy) <aelmahmoudy@users.sourceforge.net>
Closes: 740981 757631 797931 797934 797968 856852 866015 891575 917406
Changes:
 elinks (0.13~20190125-1) experimental; urgency=medium
 .
   * New upstream release (Closes: #891575, #797931, #797934, #757631,
     #866015, #797968, #740981, #856852)
   * Add git-buildpackage conf file
   * Refreshed patches & removed patches that were includes upstream.
     Removed patches:
     08-drop-deprecated-gnutls-functions.diff
     08_524696_fix_imdb_urls.diff
     09-Switch-to-use-lua-5.1.diff
     11-fix-compat-with-gnutls36.patch
   * Add libgcrypt20-dev to build deps
   * Re-added 14_debug_disable_Werror.diff to enable development versions debug
     support
   * Added 16_POST_BUFFER_SIZE.diff patch which to enable  uploading large files
     over https:// connections.
   * Add ascii-replacement-utf8-console.diff patch to print ASCII replacement
     for characters not found in current codepage in utf8 mode
   * Enable LZMA support
   * Enable BitTorrent
   * Enable NNTP Support
   * Enable Unicode combining characters support
   * Enable EX mode support
   * Enable SpiderMonkey support
   * Enable terminfo support
   * Build documentation
   * Build with libev
   * Bumped to compat level 12.
     No need to have dh-autoreconf, autotools-dev from build deps
     Also no need to explicitly call the respective sequences in rules
   * Remove old upstream gpg key.
   * Remove whitespaces
   * Renamed elinks.config to elinks.conf, old name confused build scrips
   * debian/rules: Override dh_installexamples to exclude .gitignore
   * Add typos.diff patch to fix spelling mistakes
   * debian/control:
     + Replace Conflicts with Breaks+Replaces
     + Update standards version to 4.3.0
     + New maintainer (Closes: #917406)
     + Add Vcs-* fields
   * Add upstream metadata
   * Switch to DEP-5 copyright format
   * Disable pristine-tar, since we are getting the release from upstream git
Checksums-Sha1:
 31dfa7b9392b6a51c14f3aac843f424faaa1818a 2340 elinks_0.13~20190125-1.dsc
 8ce05dc4aa86056e00ad4b4c8900b88966e02b82 1768440 elinks_0.13~20190125.orig.tar.xz
 9e424e8b0e8954ef768fe4025f62e2e09375e0e3 23044 elinks_0.13~20190125-1.debian.tar.xz
 9216b6f327a31103886df8add7071e19fc1c3727 6496 elinks_0.13~20190125-1_source.buildinfo
Checksums-Sha256:
 fedc16fc62d261f0767562a4a48045e684015ea82053956c2df6b86d919bf8ac 2340 elinks_0.13~20190125-1.dsc
 18d7f5bc46664d8cc131f2c57545d2668277515eb6ccc677d3580e1fcd18efa9 1768440 elinks_0.13~20190125.orig.tar.xz
 b6557d39590e655a6772f9704044fbcacd46e79f7b4b8602885485b9832204b7 23044 elinks_0.13~20190125-1.debian.tar.xz
 168389fb21ee74f5872c298a494fb9e8e899f77327f959220b8e20b8a69de1b9 6496 elinks_0.13~20190125-1_source.buildinfo
Files:
 6c073d9ee5ffa3667be446c442654fe3 2340 web optional elinks_0.13~20190125-1.dsc
 17fe61c09312028d4153f2d064255656 1768440 web optional elinks_0.13~20190125.orig.tar.xz
 dd55b06d6d08f901c9e36d6a697d20be 23044 web optional elinks_0.13~20190125-1.debian.tar.xz
 5618eb5250d0e2e30aabffca9918e814 6496 web optional elinks_0.13~20190125-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAlxOY0AACgkQweDZLphv
fH7PiRAAypYyTRqhAmfXYLzg+4H2Vl0s65LNHBWRgpQA8Z8Al24hDyr7mXpX35y2
4MOSCEaJhRKew1KG3pro+Hm2MdmBVvQkhhtKexltTbtvN9vcCbgMGdEPgZzi5GEc
n0MzUCQ2W3cOsL4dAe1gVk10jRbUu8AtVUvXof2d620LRtktq9D+auwh6bYL5tCn
UkHN5jSQwLyq96r4JBS+D41H4iimOazbQ1MMKMLAaE7TUtWE0W7Z+bDt8+207QiC
33oYbjLZ8tqixVbbTz3X4uKMD/Dq4ZkNdzAigmseHWFL5F6dwM4cPWTQoXEs/2rp
r+ShyQKuPMLImd7WJM0G7UGkZGBV6aMh7/CQs2CxEexGyZc0StQnsq4BNy8TcBlT
KVPZoa4MIMyUotm7Pvq/bXzlnksnysWeIcLdpO0hAw1ruenGVZHYZkt2tLXTxZ0D
jBhHkLEeH45ufexT/AS3Wt1VBHi44mxNQU5Frpngrzlm3i4LmD7l+3VfSCQeN5mh
vlMOqnhgPGHQHcns06fBYRIs1caabOa22LZMY0rZtu28rAQSBoH5uKCHseJuKnxR
TzpMkJrXEGix7aO5qeJd60jExZeFO7JO+Bd1DBKin1lu1+Oss9MXkkFGDPB8u5/e
fZWFJa+5qeNWmVa+r6+LmEA1osUryyJCF3sgwv5f19iaQo7KlZE=
=jmY+
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: