|Subject:||RE: [Lynx-dev] Re: Lynx: missing SSL certificate|
|Date:||Thu, 23 Jul 2009 17:10:52 -0700|
> I suggest the following: ...
I tried this suggestion before Stefan's one because it seemed easier.
As results, it does not work for me:
Lynx comes out with the same, old error "SSL error:issuer is not a CA-Continue?"
Additionally, the command line
$ sudo dpkg -i ca-bundle_20090709_all.deb
erased completely and then re-created the whole content of the certificates directory /etc/ssl/certs/ which now looks completely different than before.
Then, since libcrypto.so seeks the certificates in /usr/local/ssl/certs, I created the link /usr/local/ssl => /etc/ssl and I tried the clarification of
>Yes, that's OpenSSL - you need to put the certs in that directory and ...
I manually created the shell variable SSL_CERT_DIR=/usr/local/ssl/certs and shell variable the SSL_CERT_FILE=/usr/local/ssl/certs/ca-certificates.crt. This file consists of the certificates resulting from ssl.certs.shar that I concatenated together.
Here Lynx comes out with the error "SSL error:no issuer was found-Continue?"
Earlier today I also extracted the certificates from Firefox and concatenated them into a ca-certificates.crt. While with Firefox I can login to Etrade, Lynx still comes out with the error "SSL error:issuer is not a CA-Continue?".
I've Lynx Version 2.8.7dev.9 and OpenSSL 0.9.8g 19 Oct 2007.
Any further suggestion/hint is welcome.
> Date: Thu, 23 Jul 2009 18:21:55 +0000
> From: address@hidden
> To: address@hidden
> CC: address@hidden; address@hidden
> Subject: Re: [Lynx-dev] Re: Lynx: missing SSL certificate
> Stefan Caunter dixit:
> >Yes, that's OpenSSL - you need to put the certs in that directory and
> >make sure they are hashed. The .shar file has done this for you. Make
> >sure that the SSL_CERT_FILE and SSL_CERT_DIR variables are exported to
> >your shell.
> Actually, OpenSSL needs SSL_CERT_DIR and the hashed files from the .shar
> file, while GnuTLS needs SSL_CERT_FILE and them concatenated all into one
> I suggest the following:
> $ wget http://www.freewrt.org/~tg/debs/dists/hardy/wtf/pkgs/ca-bundle/ca-bundle_20090709_all.deb
> $ sudo dpkg -i ca-bundle_20090709_all.deb
> Then set it to /etc/ssl/certs/ca-certificates.crt instead. Lynx is, sadly,
> linked with inferior GnuTLS on Debian and derivates, which also cannot yet
> handle X.509v3 subjectAltName extensions on certificates such as the one
> on www.mirbsd.org â¹
> âIt is inappropriate to require that a time represented as
> seconds since the Epoch precisely represent the number of
> seconds between the referenced time and the Epoch.â
> -- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2
Bingâ¢ brings you maps, menus, and reviews organized in one place. Try it now.
|[Prev in Thread]||Current Thread||[Next in Thread]|