lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] SSLcerts config help

From: Stefan Caunter
Subject: Re: [Lynx-dev] SSLcerts config help
Date: Tue, 21 Jun 2016 12:28:13 -0400 
On Mon, Jun 20, 2016 at 6:18 PM, Francesco Ariis <address@hidden> wrote:
> Hello lynx users,
>     I am trying to configure lynx to handle ssl certs following
> `README.sslcerts` [1]. I am using Lynx Version 2.8.9dev.1 (12 Mar 2014)
> on Debian stable.
> I am having problems with setting SSL_CERT_DIR and SSL_CERT_FILE
> environment variables.
>
> [1] http://lynx.invisible-island.net/current/README.sslcerts
>
> Long story short, the guide asks you to determine where `libcrypto.a` is,
> so I invoked:
>
>     address@hidden:/usr$ find -name libcrypto.a
>     ./lib/i386-linux-gnu/libcrypto.a
>
> Then, to determine the default location for the certs the
> guide asks you to run:
>
>     strings libcrypto.a  | grep -in cert | less
>     [...]
>     28697:/usr/lib/ssl/certs
>     28698:/usr/lib/ssl/cert.pem
>     28699:SSL_CERT_DIR
>     28700:SSL_CERT_FILE
>     [...]
>
> I modified my .bashrc to export those variables:
>
>     address@hidden:~$ echo $SSL_CERT_DIR; echo $SSL_CERT_FILE
>     /usr/lib/ssl/certs
>     /usr/lib/ssl/cert.pem
>
> `FORCE_SSL_PROMPT` is set to `PROMPT` in lynx.cfg, still when I browse,
> say, duckduckgo.com I get:
>
>     SSL error:the certificate has no known issuer-Continue? (y)
>
> I suspect there is a problem with SSL_CERT_FILE, because
> `/usr/lib/ssl/certs` exists (904 elements) but I see
> no `/usr/lib/ssl/cert.pem`.
>
> Any hint on how to solve the issue?
> -F

You need to get a certificate bundle, in PEM format, in
/usr/lib/ssl/cert.pem and rehash so your system is aware of it.

TG set up a bundle (in 2006
https://lists.nongnu.org/archive/html/lynx-dev/2006-03/msg00059.html)

and it is still working, so running

lynx 
'https://www.mirbsd.org/cvs.cgi/~checkout~/src/etc/ssl.certs.shar?rev=1.46;content-type=application%2Fx-shar'

will get you a reasonably recent cert bundle in shar format (the link
to http://caunter.ca/ssl.certs.shar in README.sslcerts has been
updated with the most recent archive).

Stefan Caunter









>
> _______________________________________________
> Lynx-dev mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/lynx-dev
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]