On Thu, Aug 27, 2015 at 02:20:35PM +0200, Mario Lang wrote: > works, but that is barely a solution since you will not be able to > follow any site-specific links. It is a shame lynx apparently doesn't > have support for client certificates. I tried to patch it but ran into #797059. However, can you please try the attached patch with links? With that patch applied, I can do: links2 https://contributors.debian.org (shows login button) and: links2 -http.client_cert_key t/enrico.key -http.client_cert_crt t/enrico.crt https://contributors.debian.org (shows me logged in) I'll now file the patch to the BTS. Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>
diff -Naur links2-2.10/default.c links2-2.10.patched/default.c
--- links2-2.10/default.c 2015-08-27 16:22:08.000000000 +0200
+++ links2-2.10.patched/default.c 2015-08-27 16:23:20.778841403 +0200
@@ -1696,6 +1696,14 @@
" -http.fake-user-agent <string>\n"
" Fake user agent value.\n"
"\n"
+" -http.client_cert_key <filename>\n"
+" Name of the PEM encoded file with the user private key\n"
+" for client certificate authentication.\n"
+"\n"
+" -http.client_cert_crt <filename>\n"
+" Name of the PEM encoded file with the user certificate\n"
+" for client certificate authentication.\n"
+"\n"
" -http.extra-header <string>\n"
" Extra string added to HTTP header.\n"
"\n"
@@ -2122,6 +2130,8 @@
{1, gen_cmd, num_rd, num_wr, 0, 1, &http_options.header.fake_firefox, "fake_firefox", "http.fake-firefox"},
{1, gen_cmd, num_rd, num_wr, 0, 1, &http_options.header.do_not_track, "http_do_not_track", "http.do-not-track"},
{1, gen_cmd, num_rd, num_wr, 0, 4, &http_options.header.referer, "http_referer", "http.referer"},
+ {1, gen_cmd, str_rd, str_wr, 0, MAX_STR_LEN, &http_options.client_cert_key, "client_cert_key", "http.client_cert_key"},
+ {1, gen_cmd, str_rd, str_wr, 0, MAX_STR_LEN, &http_options.client_cert_crt, "client_cert_crt", "http.client_cert_crt"},
{1, gen_cmd, str_rd, str_wr, 0, MAX_STR_LEN, &http_options.header.fake_referer, "fake_referer", "http.fake-referer"},
{1, gen_cmd, str_rd, str_wr, 0, MAX_STR_LEN, &http_options.header.fake_useragent, "fake_useragent", "http.fake-user-agent"},
{1, gen_cmd, str_rd, str_wr, 0, MAX_STR_LEN, &http_options.header.extra_header, "http.extra_header", "http.extra-header"},
diff -Naur links2-2.10/https.c links2-2.10.patched/https.c
--- links2-2.10/https.c 2015-08-27 16:22:08.000000000 +0200
+++ links2-2.10.patched/https.c 2015-08-27 16:23:53.875566921 +0200
@@ -91,6 +91,10 @@
SSL_CTX_set_mode(context, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_default_verify_paths(context);
SSL_CTX_set_verify(context, SSL_VERIFY_PEER, verify_cert);
+ if (http_options.client_cert_key[0])
+ SSL_CTX_use_PrivateKey_file(context, http_options.client_cert_key, SSL_FILETYPE_PEM);
+ if (http_options.client_cert_crt[0])
+ SSL_CTX_use_certificate_file(context, http_options.client_cert_crt, SSL_FILETYPE_PEM);
}
return (SSL_new(context));
diff -Naur links2-2.10/links.h links2-2.10.patched/links.h
--- links2-2.10/links.h 2015-07-04 13:58:49.000000000 +0200
+++ links2-2.10.patched/links.h 2015-08-27 16:24:16.520063425 +0200
@@ -4526,6 +4526,8 @@
int no_compression;
int retry_internal_errors;
struct http_header_options header;
+ unsigned char client_cert_key[MAX_STR_LEN];
+ unsigned char client_cert_crt[MAX_STR_LEN];
};
extern struct http_options http_options;
Attachment:
signature.asc
Description: Digital signature