Re: lynx-dev FORCE_SSL_PROMPT:NO

[Thorsten Glaser]

(Stef: if this message does _not_ hit the list, please tell me,
 and probably forward it to the list - it seems to be a bit broken,
 I haven't been able to post to the list recently...)

begin  electrogrammati illius Stef Caunter

>It is assumed that openssl has been installed correctly, that SSL_CERT_DIR is
>/usr/local/ssl/certs, and that lynx has been compiled --with-ssl. If the
>default location for certs on your system is different you will have to
>substitute that location for /usr/local/ssl/certs in the following 
>instructions.

This is at least the case on OpenBSD and MirBSD, where it is /etc/ssl/certs;
I think it's true for the other BSDs al well.

>INSTALLING OR UPDATING THE CA BUNDLE:
>
>Now would be a good time to check to see if you have the bundle of CA certs
>in your /usr/local/ssl/certs, or to update them. Openssl and mod_ssl ship
>with them.

All SSL certs from mod_ssl, as well as those not contained therein,
but in Netscape Navigator 4.8 (GNU/Linux) and/or Microsoft Internet
Explorer 5.x (Windows), as well as the one used to sign the certificate
of the MirBSD CVSWEB webserver, can be found in the shar archive below:
 https://MirBSD.BSDadvocacy.org:8890/active/cvsweb.cgi/src/etc/ssl.certs.shar

You _will_ need the following patch from the MirBSD in-tree lynx
version against dev.16 to be able to connect to the site above with
lynxssl, as it doesn't currently look case-insensitively (DNS is, so
are FQDNs), nor does it strip the port.

Index: HTTP.c
===================================================================
RCS file: /lcvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c,v
retrieving revision 1.3
retrieving revision 1.5
diff -u -r1.3 -r1.5
--- HTTP.c      7 Jul 2003 18:57:41 -0000       1.3
+++ HTTP.c      7 Jul 2003 20:54:08 -0000       1.5
@@ -604,8 +604,12 @@
          cert_host += 4;
          if ((p = strchr(cert_host, '/')) != NULL)
              *p = '\0';
+         if ((p = strchr(cert_host, ':')) != NULL)
+             *p = '\0';
          ssl_host = HTParse(url, "", PARSE_HOST);
-         if (strcmp(ssl_host, cert_host)) {
+         if ((p = strchr(ssl_host, ':')) != NULL)
+             *p = '\0';
+         if (strcasecmp(ssl_host, cert_host)) {
              HTSprintf0(&msg,
                         gettext("SSL error:host(%s)!=cert(%s)-Continue?"),
                         ssl_host,


Hope that helps,
//Thorsten
-- 
Ich erinnere mich noch an meinen Geschichtsunterricht, als man mir
vermittelt hat, daß im Mittelalter der Zehnte eingeführt wurde, und ich
dachte mir: zehn Prozent!  Wow ist das viel!  Ein Glück, daß wir nicht
mehr im Mittelalter leben!              -- Felix von Leitner in d.a.s.r

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden