summaryrefslogtreecommitdiffstats
path: root/network/w3m/patches/w3m-0.5.2-ssl_verify_server_on.patch
diff options
context:
space:
mode:
Diffstat (limited to 'network/w3m/patches/w3m-0.5.2-ssl_verify_server_on.patch')
-rw-r--r--network/w3m/patches/w3m-0.5.2-ssl_verify_server_on.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/network/w3m/patches/w3m-0.5.2-ssl_verify_server_on.patch b/network/w3m/patches/w3m-0.5.2-ssl_verify_server_on.patch
new file mode 100644
index 0000000000..64319517fb
--- /dev/null
+++ b/network/w3m/patches/w3m-0.5.2-ssl_verify_server_on.patch
@@ -0,0 +1,24 @@
+verify SSL certificates by default. SSL support really is pointless without doing that.
+Also disable use of SSLv2 by default as it's insecure, deprecated, dead since last century.
+Index: w3m-0.5.2/fm.h
+===================================================================
+--- w3m-0.5.2.orig/fm.h
++++ w3m-0.5.2/fm.h
+@@ -1120,7 +1120,7 @@ global int view_unseenobject init(TRUE);
+ #endif
+
+ #if defined(USE_SSL) && defined(USE_SSL_VERIFY)
+-global int ssl_verify_server init(FALSE);
++global int ssl_verify_server init(TRUE);
+ global char *ssl_cert_file init(NULL);
+ global char *ssl_key_file init(NULL);
+ global char *ssl_ca_path init(NULL);
+@@ -1129,7 +1129,7 @@ global int ssl_path_modified init(FALSE)
+ #endif /* defined(USE_SSL) &&
+ * defined(USE_SSL_VERIFY) */
+ #ifdef USE_SSL
+-global char *ssl_forbid_method init(NULL);
++global char *ssl_forbid_method init("2");
+ #endif
+
+ global int is_redisplay init(FALSE);
generated by cgit v1.2.3 (git 2.32.0) at 2024-05-11 08:41:00 +0200