[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev SSL error:Unable to get local issuer certificate-Continue?

From: Stef Caunter
Subject: Re: lynx-dev SSL error:Unable to get local issuer certificate-Continue?
Date: Mon, 2 Dec 2002 20:44:49 -0500

Subject: lynx-dev SSL error:Unable to get local issuer certificate-Continue?

> Unfortunately, I feel like I need to bring this topic up again since it
> was not addressed in the last release. My understanding was that there
> would be an option somewhere in lynx to suppress this message. It seems
> like the users are loosing on this issue. Most lynx users who are not
> programmers just want to be able to use the browser without much hassle.

Since I've already been killed on this subject, let me add support to this
This is like the cookie thing and the 3 second alert messages. Nagging users
drives them away from the world's greatest browser.

> The sysadmin
> for my ISP recommended that we should use lynx2.8.5dev8 because there was
> a "bug" in the latest version. I didn't do this, but do not blame him at
> all for alerting others to this annoyance.
As I stated, this is my workaround, too; use 2.8.5dev8. Last time, I
received a pleasantly alarmist lecture on untrusted hosts, which was nice,
since it happens to be what I lecture on sometimes. Bluntly, no one cares
that the server to which they are connecting does not have a $225 e-com cert
installed into it -- we just want an encrypted connection to it; it's
probably just a file server and we don't want the password in the clear.
That's it. We don't buy certs (there's no point, they serve themselves and
the major browsers, and they disclaim everything), we don't shop on lynx,
(there's not much point) we can't do financial stuff much as we'd like to,
as bank sites are all poisoned by javascript, and there's apparently no way
to install a server cert into lynx.
I found some reference to an old MIT project to introduce cert management to
lynx. It did not seem to go anywhere. I was able to translate a server.crt
file to a gpg style cert using openssl, but I don't know how to tell lynx
about the certificate file. If this helps or gets someone started...

# Still don't know where to put the unix .crt to have it accepted
# by openssl and not generate the lynx2.8dev9 ssl error.
# copy the .crt cert to a dir
# for a server.crt file to make it human readable do
openssl asn1parse -in server.crt
# to extract just the pubkey prime number
# search this output for the number associated with BIT STRING
# use it as an arg to -strparse like the next line
openssl asn1parse -in server.crt -strparse 359
# to convert the .crt file to a standard certfile that openssl likes
openssl x509 -inform DER -in server.crt -outform PEM -out new_server.crt


> ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]