Re: lynx-dev SSL error

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev SSL error

From:	patakuti
Subject:	Re: lynx-dev SSL error
Date:	Sun, 13 Oct 2002 07:28:01 +0900 (JST)

On Thu, 10 Oct 2002, Michel SUCH wrote:

> When connecting to any https site, I get the following message:
> SSL error:unable to get local issuer certificate-Continue? (y)
> So, I got the cert.pem file as stated in the changes file, put it in my
> home directory and set up the appropriate environment variable pointing to
> this file.
> 
> I retried with trace activated.
> There is no trace of trying to access this file.

Please put the proper cert file, named cert.pem, in the OpenSSL
directory (ex: /usr/local/ssl).  Doing this may prevent to show the
message which you wrote.

I think SSL_CERT_FILE environment variable doesn't work as described
in Lynx's CHAGES file.  I wrote a patch to change OpenSSL's behavior,
though I don't know whether Lynx's CHAGES file is wrong or OpenSSL's
implementation is wrong.

Appling this patch, OpenSSL will check the cert file first which is
indicated by SSL_CERT_FILE environment variable, and then check the
cert.pem in the OpenSSL directory only if the proper certifications
couldn't be found in the former cert file.

I tested Lynx2.8.5dev.9 with OpenSSL 0.9.6g.
--
Takeshi Hataguchi
E-mail: address@hidden

diff -ru orig/openssl-0.9.6g/crypto/x509/by_file.c 
openssl-0.9.6g/crypto/x509/by_file.c
--- orig/openssl-0.9.6g/crypto/x509/by_file.c   Fri Feb 18 06:04:40 2000
+++ openssl-0.9.6g/crypto/x509/by_file.c        Sun Oct 13 06:13:44 2002
@@ -100,19 +100,20 @@
        case X509_L_FILE_LOAD:
                if (argl == X509_FILETYPE_DEFAULT)
                        {
-                       ok = 
(X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+                       file=(char *)Getenv(X509_get_default_cert_file_env());
+                       ok = (X509_load_cert_crl_file(ctx,file,
                                X509_FILETYPE_PEM) != 0);
+                       }
+                       ERR_clear_error();
                        if (!ok)
                                {
-                               
X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
-                               }
-                       else
-                               {
-                               file=(char 
*)Getenv(X509_get_default_cert_file_env());
-                               ok = (X509_load_cert_crl_file(ctx,file,
+                               ok = 
(X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
                                        X509_FILETYPE_PEM) != 0);
+                               if (!ok)
+                                       {
+                                       
X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+                                       }
                                }
-                       }
                else
                        {
                        if(argl == X509_FILETYPE_PEM)

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

lynx-dev SSL error, Michel SUCH, 2002/10/10
- Re: lynx-dev SSL error, Thomas E. Dickey, 2002/10/10
- Re: lynx-dev SSL error, Leslie Fairall, 2002/10/10
  - Re: lynx-dev SSL error, Thomas Dickey, 2002/10/10
- Re: lynx-dev SSL error, David Woolley, 2002/10/10
- Re: lynx-dev SSL error, patakuti <=

Prev by Date: Re: lynx-dev SSL problem.
Next by Date: Re: lynx-dev a highlighting problem with 2.8.5dev.8
Previous by thread: Re: lynx-dev SSL error
Next by thread: lynx-dev SSL problem.
Index(es):
- Date
- Thread