Re: LYNX-DEV https/ssl question (long)

[Doug Kaufman]

>     * From: Al Gilman <address@hidden>
>     * Date: Wed, 14 May 1997 11:59:58 -0400 (EDT)
>     * In-Reply-To:
>       <address@hidden>
>       from Doug Kaufman at "May 14, 97 07:38:06 am"
>Would you be willing to bounce a copy of that email to the archive?
>I am sure that your message plugs a hole in the Lynx bookshelf that
>more people than Laura need.  You can use

I get to read the messages through the archive and don't get the
References for threading. I rewrote some of the advice I've given and am
appending it to this posting. This is just what worked for me. I hope
that Tom can correct any errors about eassl or how it should work.
Sorry about the length.


               Steps for getting https to work with lynx

If you live in the United States, patent issues may not let you use the
rsa code in SSLeay.  For noncommercial use you may be able to use rsaref
instead.  Check the license to see if you qualify.  Others may need to
buy a license from rsa.  Those not under USA patent restrictions can use
SSLeay as is, and can ignore the following about rsaref.

The first step is to compile librsaref.a.  Get rsaref20.tar.Z.  It is in 
a hidden directory.  FTP to ftp.rsa.com and cd to rsaref.  The README
file gives the name of the hidden directory which has the files.  You
will not be able to use lynx to get this, since the name of the hidden
directory changes with each access. After you compile it you get 
rsaref.a.  Change the name to librsaref.a

Next, obtain SSLeay.  The canonical site is:
ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/ .  Mirrors are also available.
The FAQ about SSL is available as:
http://www.psy.uq.edu.au:8080/~ftp/Crypto/#{{ssl-users}}archivesites

Next, compile SSLeay with the rsaref flag set. You will have to give the
location of librsaref.a and the rsaref include files with -Lpath and
-Ipath respectively. The perl scripts allow you to change the directory
where the files will be placed, such as $HOME/ssl. Instructions
for using the perl scripts are in the file "INSTALL". You may want
to add librsaref.a to the ssl/lib directory after you successfully
compile SSLeay. You may need to add -lrsaref to the end of the compile
instructions. There is a bug in the perl script for changing the
locations of your files. The patch to fix the bug in ssldir.pl is
described below. You may want to read doc/rasref.doc.

Next, compile eassl. I couldn't get the Makefile to work with my version
of make, so I simply gave the compile instructions on the command line,
taken from the Makefile. You may need to modify the configuration file,
specifying the port to use for the proxy server. A sample line is
given later. Set https_proxy in your lynx configuration file or as an
environmental variable. It needs to read something like:
https_proxy=http://127.0.0.1:5010/ .

Lastly, to get this to function, you need a signed certificate.  You can
sign your own using SSLeay.  Instruction on how to do this are in:

http://paradigm.webvision.com/developers/casetup.html/MoZmSg

Make sure to modify all the Makefiles, to make your directories the
defaults for the files, including the configuration files. You may need
to modify the eassl.c file to put your directories in.

Eassl works as a daemon, so you need to run it in the background. It is
also immune to SIGHUP, so it needs to be killed when you are done.




                   Bug in ssldir.pl from SSLeay-0.6.6


*** util/ssldir.pl      Mon Jan 13 00:05:52 1997
--- util/ssldir.pl.new  Wed May 14 19:28:53 1997
***************
*** 11,17 ****
        '\sX509_CERT_AREA\s',"#define X509_CERT_AREA\t".'"%s"',
        '\sX509_CERT_DIR\s', "#define X509_CERT_DIR\t\t".'"%s/certs"',
        '\sX509_CERT_FILE\s', "#define X509_CERT_FILE\t".'"%s/cert.pem"',
!       '\sX509_CERT_PRIVATE_DIR\s',"#define X509_PRIVATE_DIR\t".'"%s/private"',
        );
  
  %Makefile_ssl=(
--- 11,17 ----
        '\sX509_CERT_AREA\s',"#define X509_CERT_AREA\t".'"%s"',
        '\sX509_CERT_DIR\s', "#define X509_CERT_DIR\t\t".'"%s/certs"',
        '\sX509_CERT_FILE\s', "#define X509_CERT_FILE\t".'"%s/cert.pem"',
!       '\sX509_PRIVATE_DIR\s',"#define X509_PRIVATE_DIR\t".'"%s/private"',
        );
  
  %Makefile_ssl=(



                     Configuration file eassl.conf 
The following needs to be modified for your configuration.  Place it in
the location you specified in eassl.c.


#this enables debugging
debug

#which port to use
localport 5010

#force certs with a matching oneline in the file to be considered as good
goodcerts ./goodcerts

#user cert to present when asked
mycert path-to-your-certificate/mycert.pem

#lynxproxy entry
5010 127.0.0.1 0 lynxproxy


                  

                  Sample wrapper for lynx using eassl

The following can work as a lynx wrapper if the lynx binary is renamed
to lynx1.  You may wish to trap other signals in the second line or to
use a nicer sed script. The second line needs an actual \003 rather than
the ^C as written below.


#!/bin/sh
trap 'echo ^C' 2
eassl 2>/dev/null &
lynx1 $*
kill `ps -x |sed -n -e '/eassl$/s/^ *//' -e  '/eassl$/s/[^0-9].*$//p'`

__
Doug Kaufman
Internet: address@hidden (preferred)
          address@hidden

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;