[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev SSL error

From: patakuti
Subject: Re: lynx-dev SSL error
Date: Sun, 13 Oct 2002 07:28:01 +0900 (JST)

On Thu, 10 Oct 2002, Michel SUCH wrote:

> When connecting to any https site, I get the following message:
> SSL error:unable to get local issuer certificate-Continue? (y)
> So, I got the cert.pem file as stated in the changes file, put it in my
> home directory and set up the appropriate environment variable pointing to
> this file.
> I retried with trace activated.
> There is no trace of trying to access this file.

Please put the proper cert file, named cert.pem, in the OpenSSL
directory (ex: /usr/local/ssl).  Doing this may prevent to show the
message which you wrote.

I think SSL_CERT_FILE environment variable doesn't work as described
in Lynx's CHAGES file.  I wrote a patch to change OpenSSL's behavior,
though I don't know whether Lynx's CHAGES file is wrong or OpenSSL's
implementation is wrong.

Appling this patch, OpenSSL will check the cert file first which is
indicated by SSL_CERT_FILE environment variable, and then check the
cert.pem in the OpenSSL directory only if the proper certifications
couldn't be found in the former cert file.

I tested Lynx2.8.5dev.9 with OpenSSL 0.9.6g.
Takeshi Hataguchi
E-mail: address@hidden

diff -ru orig/openssl-0.9.6g/crypto/x509/by_file.c 
--- orig/openssl-0.9.6g/crypto/x509/by_file.c   Fri Feb 18 06:04:40 2000
+++ openssl-0.9.6g/crypto/x509/by_file.c        Sun Oct 13 06:13:44 2002
@@ -100,19 +100,20 @@
        case X509_L_FILE_LOAD:
                if (argl == X509_FILETYPE_DEFAULT)
-                       ok = 
+                       file=(char *)Getenv(X509_get_default_cert_file_env());
+                       ok = (X509_load_cert_crl_file(ctx,file,
                                X509_FILETYPE_PEM) != 0);
+                       }
+                       ERR_clear_error();
                        if (!ok)
-                               }
-                       else
-                               {
-                               file=(char 
-                               ok = (X509_load_cert_crl_file(ctx,file,
+                               ok = 
                                        X509_FILETYPE_PEM) != 0);
+                               if (!ok)
+                                       {
+                                       }
-                       }
                        if(argl == X509_FILETYPE_PEM)

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]