lynx-dev Re: Your distribution of openssl-0.9.7a-os2-bin.zip

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev Re: Your distribution of openssl-0.9.7a-os2-bin.zip

From:	Ilya Zakharevich
Subject:	lynx-dev Re: Your distribution of openssl-0.9.7a-os2-bin.zip
Date:	Tue, 14 Oct 2003 18:40:27 -0700
User-agent:	Mutt/1.4i

[This starts to become unresolvable without contributions of lynx-dev,
so I Cc it there.  The discussion is about lynx and openssl0.9.7c.]

On Tue, Oct 14, 2003 at 09:12:18PM +0200, Johannes Hromadka wrote:
> I downloaded ncurses5.1plus.os2.zip and could get your lynx running. So I 
> performed the 
> following test:
> 
> Placed cert.pem into E:\os2tools\TCPIP\WWW\lynx2-8-5\home and set 
> SSL_CERT_FILE to this file.
> 
> I can connect to https://www.ibm.com/ without a warning, like you did.
> 
> When I connect to my local secure apache I get a misleading warning
> 
> SSL error:self signed certificate in certificate chain-Continue? (y)

What should be the warning, "no local certificate found"?

> If I append the certificate of my CA to cert.pem the warning disappears.

> Then I tried the second method, which is to place the cert into
> SSL_CERT_DIR The trick is that the name of the file has to be the
> hash value of the certificate appended with .0 (see README.sslcert)

> On *nix the script c_rehash from openssl would create a symbolic link.

I would just replace symlink $from, $to by

  eval {symlink $from, $to} or File::Copy::copy($from, to);

> I just renamed the certificate file to <hash>.0 The hash value of a
> certificate can be displayed using the command "openssl x509 -hash
> -noout -in <certfile.pem> "

> So I can say that lynx accepts connections to secure webservers as
> long as the issuer certificate of the servers certificate is in
> cert.pem or SSL_CERT_DIR.

> This is slightly different to mozilla because mozilla has the
> possibility to accept certificates from dedicated servers too.

> In mozilla you have 4 different types of certificates.

> a) Certificates of Authorities. This is equal to lynxs SSL_CERT_FILE
>    or SSL_CERT_DIR

> b) Server certificates, not available in lynx

Used for what?

> c) my own certificates, stored together with my personal key. This
> is needed to connect to servers which request a client certificate
> for authentication. (N/A in lynx?)

I think it is applicable.  Not sure about availability though.  Anyone
knows?

> d) Other peoples certificates, needed for sending encrypted mails. (N/A in 
> lynx)

I do not know about mailto: stuff, does it support encription?

Thanks,
Ilya

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

lynx-dev Re: Your distribution of openssl-0.9.7a-os2-bin.zip, Ilya Zakharevich <=
- Re: lynx-dev Re: Your distribution of openssl-0.9.7a-os2-bin.zip, Stef Caunter, 2003/10/14
  - Re: lynx-dev Re: Your distribution of openssl-0.9.7a-os2-bin.zip, Stef Caunter, 2003/10/15
- Message not available
  - lynx-dev Re: Your distribution of openssl-0.9.7a-os2-bin.zip, Ilya Zakharevich, 2003/10/15
    - Message not available
    - lynx-dev Re: Your distribution of openssl-0.9.7a-os2-bin.zip, Ilya Zakharevich, 2003/10/16
- Re: lynx-dev Re: Your distribution of openssl-0.9.7a-os2-bin.zip, Henry Nelson, 2003/10/15

Prev by Date: Re: lynx-dev table missing fix
Next by Date: Re: lynx-dev question about blockquote
Previous by thread: lynx-dev question about blockquote
Next by thread: Re: lynx-dev Re: Your distribution of openssl-0.9.7a-os2-bin.zip
Index(es):
- Date
- Thread