[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Segfault with https

From: Thomas Dickey
Subject: Re: lynx-dev Segfault with https
Date: Mon, 13 Oct 2003 21:01:11 -0400
User-agent: Mutt/1.5.4i

On Sat, Oct 11, 2003 at 11:42:21AM -0700, Ilya Zakharevich wrote:
> I installed openssl 0.9.7c.  I installed mod_ssl's PEM file where lynx
> can find it.  [Howto verify: connection to goes
> without any warning.]

In luck this time (I spent yesterday bending configurations to test other
stuff), I get this with my Debian/testing configuration for "free".
> Now I try to connect to
> (as mentined in one of [very unhelpful] openssl-setup advices).
> I get a prompt
> SSL error:unable to get local issuer certificate-Continue? (y)


>   If I answer no: connection succeeds.  End of story.

? (mine cancels as expected)
>   If I answer yes: I'm presented with the same question again.

um, yes - it isn't satisfied yet.  But if I continue, the trace indicates
that it's making the connection.
> a) Why?  The trace shows "connection without TSL".  Should not the
> prompt reflect the difference?  Should not the difference be explained
> somewhere?
>      b) If I answer yes: immediate segfault (in some non-trivial place,
>         like inside fopen())

in lynx, or openssl?
>      c) If I answer no: half of the page is loaded, then I get a segfault.

> d) And at the beginning of it all, the initial message is not very
>    helpful either.  As my correspondent with Mozilla found, this place
>    *has* a certificate, but it is not chained to anything "standard", so
>    is not "trusted".  Cannot a different message to be shown?

The message comes from openssl, not lynx.  There might be a better way to
setup the check (to get a different error message for instance), but looking
at the code of X509_verify_cert_error_string, I don't see that would happen.
The problem is that it's jargon - needs some explanation.

Thomas E. Dickey <address@hidden>

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]