Re: LYNX-DEV How do I get https to work?

[tz]

On Wed, 9 Apr 1997, Subir Grewal wrote:

> On Wed, 9 Apr 1997, Michael Ritzert wrote:
> 
> :2. The ssl code has to be re-implemented on the base of libraries freely
> :available outside the US. Such libs exist, don't they?
> 
> Not the point.  Tom's proxy is based on SSLeay, freely available SSL
> library developed and maintained by Australians.  It's still not
> exportable because the hooks were written by Tom, a US resident in the US
> at the time.  The only way we could have a copy of crypto software
> developed by a US resident outside the US without someone breaking a US
> export law was if we were to sponsor a trip for the developer, send them
> to the Bahamas maybe, where they could write everything.  That still does
> not mean the code is exportable.  What the US (and other governments) want
> to do is isolate the development of cryptographic tools, hamper the
> development of an international community of cryptographers from working
> together. 
> 
> :2.a. It would be great if there was an open standardized interface
> :between the ssl code which would make it as easy as possible to adapt
> :the stuff to the other free browsers, notably mMosaic, chimera 2.x,
> :arena  and mnemonic (if the latter will evolve from it present
> :discussion state to some runnable code).
> 
> As Tom wrote a while ago, it's unclear whether the hooks themselves can be
> exported.  Never assume the EAR (nee ITAR) was developed by rational
> beings.  It was developed and is enforced by people, organizations,
> structures within society that _will_ use any excuse to attain their
> objectives because they firmly believe _they_ _are_ _right_.  These are
> the fundamentalists wee should be afraid of.

2. I posted code to a vanilla http_proxy here several months ago.  On
another thread, I described what I did.  The minimal version of the proxy
is less than 100 lines, so it merely requires someone competent outside
the US.

2.a.  Actually, it works with GNUscape (w3 browser integrated into gnu
emacs as a plugin) without modification.  You need to have a trailing
slash, i.e. https://xxx.org/ not https://xxx.org).  w3 / GNUscape was
developed completely separate, and I was suprised when I started it up and
(having my lynx proxies in place) it just worked :).

For https, my proxies simply accepts plain connections inside, and
encrypts the outside connection.  So you just need to make sure that https
is a synonym for http, but goes through the proxy instead of being direct.

snews/nntp is similar, but it just forms a connection instead of passing
the header, then a connection as is done with https.

(I can even do a secure telnet with the proxy by doing "telnet localhost
5010" then typing "GET remote.host:23 " and return - it connects to
telnetd on remote.host and does ssl handshaking and works with the SSLapp
telnetd). 

There are similar things (ssr from medcom.se), but nothing that supports
lynx or w3 the way I do.

address@hidden
finger address@hidden for PGP key

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;