[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev Re: Your distribution of

From: Ilya Zakharevich
Subject: lynx-dev Re: Your distribution of
Date: Tue, 14 Oct 2003 18:40:27 -0700
User-agent: Mutt/1.4i

[This starts to become unresolvable without contributions of lynx-dev,
so I Cc it there.  The discussion is about lynx and openssl0.9.7c.]

On Tue, Oct 14, 2003 at 09:12:18PM +0200, Johannes Hromadka wrote:
> I downloaded and could get your lynx running. So I 
> performed the 
> following test:
> Placed cert.pem into E:\os2tools\TCPIP\WWW\lynx2-8-5\home and set 
> SSL_CERT_FILE to this file.
> I can connect to without a warning, like you did.
> When I connect to my local secure apache I get a misleading warning
> SSL error:self signed certificate in certificate chain-Continue? (y)

What should be the warning, "no local certificate found"?

> If I append the certificate of my CA to cert.pem the warning disappears.

> Then I tried the second method, which is to place the cert into
> SSL_CERT_DIR The trick is that the name of the file has to be the
> hash value of the certificate appended with .0 (see README.sslcert)

> On *nix the script c_rehash from openssl would create a symbolic link.

I would just replace symlink $from, $to by

  eval {symlink $from, $to} or File::Copy::copy($from, to);

> I just renamed the certificate file to <hash>.0 The hash value of a
> certificate can be displayed using the command "openssl x509 -hash
> -noout -in <certfile.pem> "

> So I can say that lynx accepts connections to secure webservers as
> long as the issuer certificate of the servers certificate is in
> cert.pem or SSL_CERT_DIR.

> This is slightly different to mozilla because mozilla has the
> possibility to accept certificates from dedicated servers too.

> In mozilla you have 4 different types of certificates.

> a) Certificates of Authorities. This is equal to lynxs SSL_CERT_FILE
>    or SSL_CERT_DIR

> b) Server certificates, not available in lynx

Used for what?

> c) my own certificates, stored together with my personal key. This
> is needed to connect to servers which request a client certificate
> for authentication. (N/A in lynx?)

I think it is applicable.  Not sure about availability though.  Anyone

> d) Other peoples certificates, needed for sending encrypted mails. (N/A in 
> lynx)

I do not know about mailto: stuff, does it support encription?


; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]