(Stef: if this message does _not_ hit the list, please tell me, and probably forward it to the list - it seems to be a bit broken, I haven't been able to post to the list recently...)
begin electrogrammati illius Stef Caunter >It is assumed that openssl has been installed correctly, that SSL_CERT_DIR is >/usr/local/ssl/certs, and that lynx has been compiled --with-ssl. If the >default location for certs on your system is different you will have to >substitute that location for /usr/local/ssl/certs in the following instructions. This is at least the case on OpenBSD and MirBSD, where it is /etc/ssl/certs; I think it's true for the other BSDs al well. >INSTALLING OR UPDATING THE CA BUNDLE: > >Now would be a good time to check to see if you have the bundle of CA certs >in your /usr/local/ssl/certs, or to update them. Openssl and mod_ssl ship >with them. All SSL certs from mod_ssl, as well as those not contained therein, but in Netscape Navigator 4.8 (GNU/Linux) and/or Microsoft Internet Explorer 5.x (Windows), as well as the one used to sign the certificate of the MirBSD CVSWEB webserver, can be found in the shar archive below: https://MirBSD.BSDadvocacy.org:8890/active/cvsweb.cgi/src/etc/ssl.certs.shar You _will_ need the following patch from the MirBSD in-tree lynx version against dev.16 to be able to connect to the site above with lynxssl, as it doesn't currently look case-insensitively (DNS is, so are FQDNs), nor does it strip the port. Index: HTTP.c =================================================================== RCS file: /lcvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTP.c,v retrieving revision 1.3 retrieving revision 1.5 diff -u -r1.3 -r1.5 --- HTTP.c 7 Jul 2003 18:57:41 -0000 1.3 +++ HTTP.c 7 Jul 2003 20:54:08 -0000 1.5 @@ -604,8 +604,12 @@ cert_host += 4; if ((p = strchr(cert_host, '/')) != NULL) *p = '\0'; + if ((p = strchr(cert_host, ':')) != NULL) + *p = '\0'; ssl_host = HTParse(url, "", PARSE_HOST); - if (strcmp(ssl_host, cert_host)) { + if ((p = strchr(ssl_host, ':')) != NULL) + *p = '\0'; + if (strcasecmp(ssl_host, cert_host)) { HTSprintf0(&msg, gettext("SSL error:host(%s)!=cert(%s)-Continue?"), ssl_host, Hope that helps, //Thorsten -- Ich erinnere mich noch an meinen Geschichtsunterricht, als man mir vermittelt hat, da� im Mittelalter der Zehnte eingef�hrt wurde, und ich dachte mir: zehn Prozent! Wow ist das viel! Ein Gl�ck, da� wir nicht mehr im Mittelalter leben! -- Felix von Leitner in d.a.s.r ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
