Tuesday 28 January 2020

linux - Links SSL Error

What version of links does the user called "bytepool" have that he's able to find this workaround? Refer to link below.


How to tell `links` to ignore expired SSL certificate and proceed?


He writes "I quickly peeked into the code, and it seems that the relevant function is verify_cert in https.c. .... So as a quick fix for my problem I just built myself a custom version in which verify_cert always returns true, i.e. the cert check is just completely bypassed."


Further edit by barlop


Going to http://links.twibright.com/download.php and downloading and extracting http://links.twibright.com/download/links-2.8.tar.gz I see this is the contents of https.c I see no verify_cert function


Here is the contents of https.c
/* https.c
 * HTTPS protocol client implementation
 * (c) 2002 Mikulas Patocka
 * This file is a part of the Links program, released under GPL.

 * In addition, as a special exception, the copyright holders give
 * permission to link the code of portions of this program with the
 * OpenSSL library under certain conditions as described in each
 * individual source file, and distribute linked combinations
 * including the two.
 * You must obey the GNU General Public License in all respects
 * for all of the code used other than OpenSSL.  If you modify
 * file(s) with this exception, you may extend this exception to your
 * version of the file(s), but you are not obligated to do so.  If you
 * do not wish to do so, delete this exception statement from your
 * version.  If you delete this exception statement from all source
 * files in the program, then also delete it here.
 */

#include "links.h"

#ifndef PATH_MAX
#define PATH_MAX 255
#endif

#ifdef HAVE_SSL

static SSL_CTX *context = NULL;

SSL *getSSL(void)
{
    if (!context) {
        const SSL_METHOD *m;
        unsigned char f_randfile[PATH_MAX];
        unsigned char *os_pool;
        unsigned os_pool_size;

        const unsigned char *f = (const unsigned char *)RAND_file_name(cast_char f_randfile, sizeof(f_randfile));
        if (f && RAND_egd(cast_const_char f) < 0) {
            /* Not an EGD, so read and write to it */
            if (RAND_load_file(cast_const_char f_randfile, -1))
                RAND_write_file(cast_const_char f_randfile);
        }

        os_seed_random(&os_pool, &os_pool_size);
        if (os_pool_size) RAND_add(os_pool, os_pool_size, os_pool_size);
        mem_free(os_pool);

/* needed for systems without /dev/random, but obviously kills security. */
        /*{
            static unsigned char pool[32768];
            int i;
            int rs;
            struct timeval tv;
            EINTRLOOP(rs, gettimeofday(&tv, NULL));
            for (i = 0; i < (int)sizeof pool; i++) pool[i] = random() ^ tv.tv_sec ^ tv.tv_usec;
            RAND_add(pool, sizeof pool, sizeof pool);
        }*/

        SSLeay_add_ssl_algorithms();
        m = SSLv23_client_method();
        if (!m) return NULL;
        context = SSL_CTX_new((void *)m);
        if (!context) return NULL;
        SSL_CTX_set_options(context, SSL_OP_ALL);
        SSL_CTX_set_default_verify_paths(context);

    }
    return (SSL_new(context));
}
void ssl_finish(void)
{
    if (context) SSL_CTX_free(context);
}

void https_func(struct connection *c)
{
    c->ssl = DUMMY;
    http_func(c);
}

#else

void https_func(struct connection *c)
{
    setcstate(c, S_NO_SSL);
    abort_connection(c);
}

#endif
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

How can I VLOOKUP in multiple Excel documents?

I am trying to VLOOKUP reference data with around 400 seperate Excel files. Is it possible to do this in a quick way rather than doing it m...