HTTPSExtension v1.05 Package for OmniWeb 2.7 Beta-3 (OPENSTEP, NEXTSTEP) ======================================================================== Jörgen Mðllenhoff (jumo@oic.de), April 30, 1999 $Id: HTTPSExtension.README,v 1.5 1999/04/30 13:17:33 jurgen Exp $ NOTE: This is the last version for OmniWeb 2.7 Beta-3. Description =========== This Package allows you to use https-URLs (via SSL or TLS) with OmniWeb 2.7 Beta-3. It uses the free OpenSSL-lib (Version 0.9.2b) (http://www.openssl.org/) and the OmniWeb (http://www.omnigroup.com/) extensible bundle architecture. This software is supplied without a warranty of any kind. I am not responsible for any damage that may occur as a result of using this software. Please keep in mind that this is work in progress. Also, please bear with the incomplete nature of the package. Installation ============ To enable the HTTPS protocol, install the ./HTTPSExtension.omniweb bundle anywhere in the OmniWeb 2.7 Beta-3 bundle path. Then, restart OmniWeb.app. The recommended location for personal installation is ~/Library/OmniComponents for system-wide installation /LocalLibrary/OmniComponents. NOTE: If you have a previous version of this bundle (https.omni), remove it before you restart OmniWeb.app. If you use a proxy server, you MUST include at least one protocol for your proxy server (http, ftp, etc. but not https) in the protocol section of the Proxy-Preferences Panel or add the "https" protocol to the NonProxiableSchemes like dwrite OmniWeb NonProxiableSchemes "(file, mailto, omniweb, rlogin, telnet, tn3270, https)" Without these "workarounds" OmniWeb wraps https calls to http!!! CONNECT-Protocol (Proxy Support for https) ========================================== To enable proxy support for https (SSL tunneling) you need another entry in the Proxy-Preferences Panel. Add a server to the "Proxy Server URL" section like this: "https:\\whatever-cache:1234\" and add the https protocol to the "Protocols" section. IMPORTANT: The https proxy MUST be the first server in the list, because the list of proxy servers is an ordered list. For example my proxy defaults look like this: OmniWeb ProxyServers "( { destinations = (oic.de); proxyURL = \"(non-proxied protocols and destinations)\"; }, {proxyURL = \"https://www-cache.oic.de:3128/\"; schemes = (https); }, {proxyURL = \"http://www-cache.oic.de:3128/\"; } )" History ======= 1.05 [28 April, 1999] - This is the last version for OmniWeb 2.7 Beta-3. - Switched to the OpenSSL-lib because the SSLeay-lib is no longer supported. - Changed the string for the status (SSL-Tunneling). The name and port number of the proxy is now part of the string. - Changed the Preferences-Panel (more options). - Added a warning panel when the user enters a encrypted site. - Display more details about the connection (You must enable the Information/Warning-Panel to see it). - Localized the most stuff. - Supports TLSv1, SSLv2 and SSLv3 - Source code is now included. 1.01 [26 January, 1998] - Fixed a bug in the CONNECTION (SSL-Tunneling) method. It was not possible to use the Apache-Proxy for SSL-Tunneling. 1.0 [19 January, 1998] - Changed the Proxy-Support. If you need proxy support add the proxy server now with the Proxy-Preferences Panel of OmniWeb. - Created a Version for OmniWeb 3.x (OpenStep/Rhapsody) AND OmniWeb 2.x - The name of the bundle for OmniWeb 3.x (OpenStep/Rhapsody) is "HTTPS", for OmniWeb 2.x "HTTPSExtension". 0.9 (Beta) [1 December, 1997] - Added Proxy authentication for the CONNECT-Protocol. - Fixed a bug in the Hostname resolver. Now it should be possible to use this bundle without any DNS if you use a proxy server. 0.8 (Beta) [14 November, 1997] - Adapted the bundle for OmniWeb 3.x - SSLeay-lib is now located in two Frameworks (SSLCrypto, SSL) - Renamed it (sorry for that) from HTTPSExtension.omniweb to HTTPS.omniweb, because the "new" bundle is not compatible with OmniWeb2.x, it works ONLY for OmniWeb3.x. So it is easier for me to figure out which bundle you mean if you have some questions about it. 0.7 [13 August, 1997] - It's now SSLeay-lib in version 0.8.1. - Supports SSLv2 and SSLv3 - Added a Preferences Panel - Added Proxy-Support (CONNECT-Protocol) (see HTTPS Preferences) - Added an Installer Package - Renamed it from https.omni to HTTPSExtension.omniweb - Fixed some bugs - Removed the source code 0.6 [1 December, 1996] - Internal version 0.5a [14 June, 1996] - It's now SSLeay-lib in version 0.5.2a. - Fixed a little (not important) bug. - Included the source code 0.5 [5 May, 1996] - First version, which uses the SSLeay-lib in version 0.5.1b Bugs? ===== - Yes, if you use a proxy server. You MUST include at least one protocol for your proxy server (http, ftp, etc. but not https) in the protocol section of the Proxy-Preferences Panel or add the "https" protocol to the NonProxiableSchemes. ATTENTION: Without any protocols, OmniWeb wraps https calls to http!! Send bug reports, suggestions or comments to the address below. Architectures ============= ALL Architectures (INTEL, MOTOROLA, HP and SUN) are supported. Legalities ========== This software package uses strong cryptography, so even if it is created, maintained and distributed from liberal countries in Europe (where it is legal to do this), it falls under certain export/import and/or use restrictions in some other parts of the world. PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS OF OPENSSL ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY. CREDIT INFORMATION: This product includes cryptographic software written by Eric A. Young (eay@cryptsoft.com). This product includes software written by Tim J. Hudson (tjh@cryptsoft.com). Copyright ========= This bundle is free for commercial and non-commercial use. The code is supplied "as is" the author makes no warranty as to its suitability for any purpose. The code is free and may be distributed in accordance with the terms of the: GNU GENERAL PUBLIC LICENSE Version 2, June 1991 copyright (C) 1989, 1991 Free Software Foundation, Inc. 675 Mass Ave, Cambridge, MA 02139, USA Test ==== Some https-URL's to test the bundle: https://www.cryptsoft.com/~tjh/cryptocheck.php https://www.onlygourmet.com/ https://www.bose.com/cgi-bin/Direct https://sectest.microsoft.com/ https://vault.sfnb.com/cgi-bin/accntSum ToDo ==== - Client certification?? - Display an Icon if a SSL-Connection is in progress?? Source Code =========== To compile this bundle you need the OpenSSL-lib in version 0.9.2b and the API (Headers) for OmniWeb 2.7 Beta-3. If you modify the source code, please send a copy of the modifications to me . Thank you. Thanks ====== Thanks to "Stefanie R. Herzer " "Stephen J. Perkins " "Ken Case " "Eric Young " "Tim Hudson " "Jens M. Schuh " "Sabina Schuh " "Rex Dieter " "David Andel " "Andrew Stone " (Create is nice, I like it :-) ) Contact Information =================== Jörgen Mðllenhoff OIC - Object Innovation Center Bochum, Germany EMail: jumo@oic.de (ASCII, NEXT and MIME-Mail) WWW: http://www.oic.de/