[This starts to become unresolvable without contributions of lynx-dev, so I Cc it there. The discussion is about lynx and openssl0.9.7c.]
On Tue, Oct 14, 2003 at 09:12:18PM +0200, Johannes Hromadka wrote: > I downloaded ncurses5.1plus.os2.zip and could get your lynx running. So I performed > the > following test: > > Placed cert.pem into E:\os2tools\TCPIP\WWW\lynx2-8-5\home and set > SSL_CERT_FILE to this file. > > I can connect to https://www.ibm.com/ without a warning, like you did. > > When I connect to my local secure apache I get a misleading warning > > SSL error:self signed certificate in certificate chain-Continue? (y) What should be the warning, "no local certificate found"? > If I append the certificate of my CA to cert.pem the warning disappears. > Then I tried the second method, which is to place the cert into > SSL_CERT_DIR The trick is that the name of the file has to be the > hash value of the certificate appended with .0 (see README.sslcert) > On *nix the script c_rehash from openssl would create a symbolic link. I would just replace symlink $from, $to by eval {symlink $from, $to} or File::Copy::copy($from, to); > I just renamed the certificate file to <hash>.0 The hash value of a > certificate can be displayed using the command "openssl x509 -hash > -noout -in <certfile.pem> " > So I can say that lynx accepts connections to secure webservers as > long as the issuer certificate of the servers certificate is in > cert.pem or SSL_CERT_DIR. > This is slightly different to mozilla because mozilla has the > possibility to accept certificates from dedicated servers too. > In mozilla you have 4 different types of certificates. > a) Certificates of Authorities. This is equal to lynxs SSL_CERT_FILE > or SSL_CERT_DIR > b) Server certificates, not available in lynx Used for what? > c) my own certificates, stored together with my personal key. This > is needed to connect to servers which request a client certificate > for authentication. (N/A in lynx?) I think it is applicable. Not sure about availability though. Anyone knows? > d) Other peoples certificates, needed for sending encrypted mails. (N/A in lynx) I do not know about mailto: stuff, does it support encription? Thanks, Ilya ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
