[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Problems with URL--please help

From: Doug Kaufman
Subject: Re: lynx-dev Problems with URL--please help
Date: Tue, 4 Mar 2003 19:54:53 -0800 (PST)

I am not an expert on this, but it looks like there may be a problem
with SSL support on your binary of lynx. It looks like you connected
OK with s_client, although when I use s_client, I get "verify error
21, unable to verify the first certificate". The section of the
Lynx.trace file that seems relevent is:
HTTP: Unable to complete SSL handshake for '', 
SSL_connect=-1, SSL error stack dump follows
HTTP: SSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad 
record mac

When I connect from my copy of lynx, I get the following instead:
Secure 40-bit TLSv1/SSLv3 (EXP-RC4-MD5) HTTP connection

I have been able to connect with various versions of lynx on Cygwin,
FreeBSD, SunOS, and Linux, compiled with different versions of OpenSSL.
I don't know what the problem is, but I think it would be reasonable to
recompile your lynx using the latest version of OpenSSL (0.9.7a) and see
if you still get the problem. Since you are in the US, I would recommend
compiling OpenSSL with flags "no-idea no-rc5 no-mdc2" in order to avoid
software patent issues and the need to obtain licenses for the
algorithms. Since OpenSSL is still in evolution and does not guarantee
backward compatibility, I would recommend linking the OpenSSL libraries
statically with your lynx binary.

On Tue, 4 Mar 2003, Leslie Fairall wrote:

> Sorry. I didn't realize that you were able to connect to this url through
> lynx. However, you have gotten farther than I have since I am not asked
> for a userid and password. I am being core dumped and taken back to the
> shell prompt. At least I know lynx will work with this URL.
> ...
> I am attaching both the lynx.trace and typescript files, since I am not
> sure what is relevant here. From what you are saying, it sounds like
> something might need to be fixed on the shell. Or could it be the way in
> which lynx was compiled with SSL support?

Doug Kaufman
Internet: address@hidden

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]