On Thu, Jun 29, 2006 at 11:10:55PM -0500, Stef Caunter wrote: > You appear to have lynx built with gnutls, but succeed in testing with > openssl. Are you able to build with openssl? Documented usage procedures > are done with openssl. The 2.8.5 release will connect without error unless > cert is a wildcard cert. You have exported SSL_CERT_DIR and SSL_CERT_FILE > appropriately for your shell? > > Stef > http://caunter.ca/contact.html > > On Mon, 26 Jun 2006, Aki Tuomi wrote: > > >I tried looking thru the mailing list archives and could not find > >anything useful for the following issue. > > > >When connecting to a site with a proper certificate (not self-signed, > >using a proper CA, listed properly in /etc/ssl/certs) i get error > > > >SSL error:Can't find common name in certificate-Continue? > > > >This error does not exhibit itself in other browsers, nor when testing > >with > > > >openssl -CApath /etc/ssl/certs -connect site:443 > > > >I've set SSL_CERT_DIR=/etc/ssl/certs > > > >I am now wondering why it won't work when it's done properly. This is > >most annoying since I am using a commercially signed certificate. If you > >need more information please don't hesitate to ask. > > > >Aki Tuomi > > > > > >_______________________________________________ > >Lynx-dev mailing list > >[email protected] > >http://lists.nongnu.org/mailman/listinfo/lynx-dev > > > Found the problem, it is somehow related to the handling of SSL_CERT_FILE enviroment variable
As you can see from the dump below, it does not even attempt to open SSL_CERT_FILE, dunno why. Perhaps it is not speaking to gnutls library properly? Aki Tuomi env SSL_CERT_FILE=/etc/apache2/ssl/intra.tdcsong.fi.chain.crt strace -eopen lynx https://intra.tdcsong.fi/ -dump open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 open("/usr/lib/libbz2.so.1.0", O_RDONLY) = 3 open("/usr/lib/libncursesw.so.5", O_RDONLY) = 3 open("/usr/lib/libgnutls-extra.so.11", O_RDONLY) = 3 open("/usr/lib/libgnutls-openssl.so.11", O_RDONLY) = 3 open("/usr/lib/libgnutls.so.11", O_RDONLY) = 3 open("/lib/libcrypt.so.1", O_RDONLY) = 3 open("/lib/libc.so.6", O_RDONLY) = 3 open("/usr/lib/libz.so.1", O_RDONLY) = 3 open("/usr/lib/libopencdk.so.8", O_RDONLY) = 3 open("/usr/lib/libgcrypt.so.11", O_RDONLY) = 3 open("/usr/lib/libgpg-error.so.0", O_RDONLY) = 3 open("/usr/lib/liblzo.so.1", O_RDONLY) = 3 open("/usr/lib/libtasn1.so.2", O_RDONLY) = 3 open("/lib/libnsl.so.1", O_RDONLY) = 3 open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3 open("/usr/share/locale/locale.alias", O_RDONLY) = 3 open("/usr/share/locale/en_FI/LC_MESSAGES/lynx.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/lynx.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/lynx.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_GB/LC_MESSAGES/lynx.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/lynx.cfg", O_RDONLY) = 3 open("/etc/lynx.cfg", O_RDONLY) = 3 directory) open("/etc/mailcap", O_RDONLY) = 3 open(".mailcap", O_RDONLY) = 3 open(".mailcap", O_RDONLY) = 3 open("/etc/mime.types", O_RDONLY) = 3 open(".mime.types", O_RDONLY) = 3 open(".mime.types", O_RDONLY) = 3 open("/var/run/utmp", O_RDONLY) = 3 open("/etc/nsswitch.conf", O_RDONLY) = 3 open("/etc/ld.so.cache", O_RDONLY) = 3 open("/lib/libnss_files.so.2", O_RDONLY) = 3 open("/etc/hosts", O_RDONLY) = 3 open("/etc/hosts", O_RDONLY) = 3 open("/dev/urandom", O_RDONLY) = 4 HTTP: Access authorization required. Use the -auth=id:pw parameter. Looking up intra.tdcsong.fi Making HTTPS connection to intra.tdcsong.fi SSL error:Can't find common name in certificate-Continue? yes Secure 128-bit TLS 1.0 (DHE_RSA_AES_128_CBC_SHA) HTTP connection Sending HTTP request. HTTP request sent; waiting for response. Alert!: Access without authorization denied -- retrying lynx: Can't access startfile https://intra.tdcsong.fi/ _______________________________________________ Lynx-dev mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/lynx-dev
