Re: lynx-dev FORCE_SSL

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev FORCE_SSL_PROMPT:NO

From:	Henry Nelson
Subject:	Re: lynx-dev FORCE_SSL_PROMPT:NO
Date:	Sat, 26 Jul 2003 10:20:53 +0900 (JST)

> > Added procedure to determine default ssl cert location
> > (thanks to DK a^Hn^Hd^H ^HH^HN^H)

Scratch my name off!

> > strings `find / -name libcrypto.a 2>/dev/null` | grep -in cert | less
> 
> Doing a find from root may take up excessive resources on some systems.
> I would think that we should recommend that only if libcrypto is not
> found in the usual library locations.

Good point.  Maybe make a list of 3 or 4 common possibilities different
from the openssl default.

> I don't think that we should necessarily advise running as root. This
> README might be used by a user on a shared system setting up lynx in his
> own directory. That is, after all, the main reason for the environment
> variables.     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  ^^^^^^^^^
This is an important idea that might be worth pointing out in the README.
I know a lot of times I forget that I'm using Lynx in my own directory.

> > If lynx is still not recognizing certs, environment variables may need
> > to be set; if so, they must be exported!
> 
> You might want to say instead "if on a sh type shell, the variables also
> need to be exported".

Not sure how far a _Lynx_ README file has to go.  This almost seems too
much detail.  Some packages I know just give the actual commands for both
shell types, as in the examples by Doug quoted below.  I find that useful
if I'm in a situation that's new to me.  Then the actual statement that
you "have to export" is redundant.  Given as a command that you cut-n-paste
it is clear what is meant, but sometimes it's hard to actually know _what_
to do if described in a full sentence.  (Really.  The first time I heard
"export", words like "Bill of Lading" and "Letter of Credit" came to mind!)

  [Assuming sh type shells]
> SSL_CERT_DIR="/usr/local/ssl/certs"
> SSL_CERT_FILE="/usr/local/ssl/cert.pem"
> export SSL_CERT_DIR SSL_CERT_FILE
> 
> On csh type shells, you can use:
> setenv SSL_CERT_DIR "/usr/local/ssl/certs"
> setenv SSL_CERT_FILE "/usr/local/ssl/cert.pem"

Right now I'm working on DNS.  This "Howto" has been great:
            http://www.boran.com/security/sp/bind9_20010430.html
            #BM2__Setup_chroot_and_install_BIND
because it is so unambiguous and easy to follow.  Here's how he handles the
shell issue: "The following steps assume use of the C-Shell. We start by
setting a variable."  And later: "These commands are designed to be copied
and pasted." 

Anyway, don't thank us.  We want to thank you for coming through so nicely.
As is, your README is *infinitely* better than what was there before (nothing).

__Henry

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

Re: lynx-dev FORCE_SSL_PROMPT:NO, (continued)
- Re: lynx-dev FORCE_SSL_PROMPT:NO, Henry Nelson <=

Prev by Date: Re: lynx-dev new version...when?
Next by Date: Re: lynx-dev FORCE_SSL_PROMPT:NO
Previous by thread: Re: lynx-dev FORCE_SSL_PROMPT:NO
Next by thread: lynx-dev new version...when?
Index(es):
- Date
- Thread