Hi, please update your report to state that Lynx does not need to be patched since it already handles this gracefully:
┌──┤ interactive warning in the status line │SSL error:host(spamfilter2.tarent.de)!=cert(CN<*\x00.secureconnection.cc>)-Continue? (y) └ ┌──┤ message log excerpt │8. Secure 256-bit TLSv1/SSLv3 (DHE-RSA-AES256-SHA) HTTP connection │7. Certificate issued by: /C=ES/ST=Barcelona/L=Barcelona/O=IPS Certification Authority s.l./[email protected] C.I.F. B-B62210695/OU=ipsCA CLASEA1 Certification Authority/CN=ipsCA CLASEA1 Certification Authority/[email protected] │6. UNVERIFIED connection to spamfilter2.tarent.de (cert=CN<*\x00.secureconnection.cc>) └─ The ‘\x00’ is just not converted into a NUL byte. ‘*’ matching fails since the host connected to doesn’t match either (a ‘\’ is invalid in a hostname). Sometimes, KISS pays off ☺ Tested on: MirOS httpd (MirOS #10semel), Lynx 2.8.7dev.8-MirOS built with OpenSSL (someone on GNU/Linux should test this with their GnuTLS crapware). I expect Lynx 2.8.7rel.1 (the current release) to behave the same (in fact, updating Lynx in base is next thing on my TODO). bye, //mirabilos -- "Using Lynx is like wearing a really good pair of shades: cuts out the glare and harmful UV (ultra-vanity), and you feel so-o-o COOL." -- Henry Nelson, March 1999 _______________________________________________ Lynx-dev mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/lynx-dev
