[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Lynx-dev] patch for using GnuTLS (was: Compiling MingW lynx under Cygwi
[Lynx-dev] patch for using GnuTLS (was: Compiling MingW lynx under Cygwin)
Sun, 27 Aug 2006 19:28:50 +0900 (JST)
On Sun, 13 Aug 2006, I wrote:
> On Sat, 12 Aug 2006, address@hidden wrote:
> > OpenSSL uses the environment variable SSL_CERT_FILE to indicate where
> > the collection of trusted certificates resides. How does GnuTLS find the
> > file if it isn't in the default location which was compiled in?
> I don't know well but I suspect that Lynx with GnuTLS doesn't refer
> the certificate files because it doesn't show any warnings to the site
> which has self-signed certificate.
> If it's true, the binary with GnuTLS is inferior to the one with OpenSSL
> on this point.
I wrote a patch to improve this point.
After applying this patch, Lynx with GnuTLS verify the server's
certificate. Note that users must set the environment variable
SSL_CERT_FILE to verify properly.
I also tried the patch which is posted by Thorsten Glaser on 5 Jul
against DN format probrem. It suppressed the unexpected message for
normal https sites as far as I tested Lynx with GnuTLS. Unfortunately
I couldn't test abnormal https sites, which doesn't have CN, because I
don't know their URLs.
Description: Binary data