[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev SSL error
From: |
patakuti |
Subject: |
Re: lynx-dev SSL error |
Date: |
Sun, 13 Oct 2002 07:28:01 +0900 (JST) |
On Thu, 10 Oct 2002, Michel SUCH wrote:
> When connecting to any https site, I get the following message:
> SSL error:unable to get local issuer certificate-Continue? (y)
> So, I got the cert.pem file as stated in the changes file, put it in my
> home directory and set up the appropriate environment variable pointing to
> this file.
>
> I retried with trace activated.
> There is no trace of trying to access this file.
Please put the proper cert file, named cert.pem, in the OpenSSL
directory (ex: /usr/local/ssl). Doing this may prevent to show the
message which you wrote.
I think SSL_CERT_FILE environment variable doesn't work as described
in Lynx's CHAGES file. I wrote a patch to change OpenSSL's behavior,
though I don't know whether Lynx's CHAGES file is wrong or OpenSSL's
implementation is wrong.
Appling this patch, OpenSSL will check the cert file first which is
indicated by SSL_CERT_FILE environment variable, and then check the
cert.pem in the OpenSSL directory only if the proper certifications
couldn't be found in the former cert file.
I tested Lynx2.8.5dev.9 with OpenSSL 0.9.6g.
--
Takeshi Hataguchi
E-mail: address@hidden
diff -ru orig/openssl-0.9.6g/crypto/x509/by_file.c
openssl-0.9.6g/crypto/x509/by_file.c
--- orig/openssl-0.9.6g/crypto/x509/by_file.c Fri Feb 18 06:04:40 2000
+++ openssl-0.9.6g/crypto/x509/by_file.c Sun Oct 13 06:13:44 2002
@@ -100,19 +100,20 @@
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT)
{
- ok =
(X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+ file=(char *)Getenv(X509_get_default_cert_file_env());
+ ok = (X509_load_cert_crl_file(ctx,file,
X509_FILETYPE_PEM) != 0);
+ }
+ ERR_clear_error();
if (!ok)
{
-
X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
- }
- else
- {
- file=(char
*)Getenv(X509_get_default_cert_file_env());
- ok = (X509_load_cert_crl_file(ctx,file,
+ ok =
(X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
X509_FILETYPE_PEM) != 0);
+ if (!ok)
+ {
+
X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+ }
}
- }
else
{
if(argl == X509_FILETYPE_PEM)
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden