[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Lynx-dev] patch for using GnuTLS (was: Compiling MingW lynx under Cygwi
|
From: |
patakuti |
|
Subject: |
[Lynx-dev] patch for using GnuTLS (was: Compiling MingW lynx under Cygwin) |
|
Date: |
Sun, 27 Aug 2006 19:28:50 +0900 (JST) |
On Sun, 13 Aug 2006, I wrote:
> On Sat, 12 Aug 2006, address@hidden wrote:
>
> > OpenSSL uses the environment variable SSL_CERT_FILE to indicate where
> > the collection of trusted certificates resides. How does GnuTLS find the
> > file if it isn't in the default location which was compiled in?
>
> I don't know well but I suspect that Lynx with GnuTLS doesn't refer
> the certificate files because it doesn't show any warnings to the site
> which has self-signed certificate.
> If it's true, the binary with GnuTLS is inferior to the one with OpenSSL
> on this point.
I wrote a patch to improve this point.
After applying this patch, Lynx with GnuTLS verify the server's
certificate. Note that users must set the environment variable
SSL_CERT_FILE to verify properly.
I also tried the patch which is posted by Thorsten Glaser on 5 Jul
against DN format probrem. It suppressed the unexpected message for
normal https sites as far as I tested Lynx with GnuTLS. Unfortunately
I couldn't test abnormal https sites, which doesn't have CN, because I
don't know their URLs.
--
Takeshi Hataguchi
E-mail: address@hidden
lynx.patch_for_286dev18-4
Description: Binary data