[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lynx-dev FORCE_SSL_PROMPT:NO
|
From: |
Stef Caunter |
|
Subject: |
lynx-dev FORCE_SSL_PROMPT:NO |
|
Date: |
Sun, 20 Jul 2003 23:10:10 -0400 (EDT) |
Haven't seen anything about this on the list in a while.
While I welcome the convenience of being able to ignore
commercial CA propaganda, it would be nice to be able to
_manage_ self-signed certs.
A trace of an https session seems to indicate that there is
_no_ routine to check anywhere for a stored and OKed copy of
a site's cert. There is no indication in lynx.cfg that such a
location can be defined. Sorry if I've missed that.
I've stored pem certs and the latest copy of ca-bundle.crt
from mod_ssl in /usr/local/ssl/certs to see if
openssl itself is used by lynx, but it seems that
nothing is doing any checking, not even for commercial
certs.
An https request to hotmail, which worked nicely with older
lynxes, (presumably because _no_ cert checking was done),
produces the same ssl nag as an "untru$ted" cert,
notwithstanding their recent foray into javascript service
denial.
There seem to be well-established procedures for cert import
with many browsers. I'm guessing this is not a simple
request, but I'm wondering... Can the openssl commands to
confirm certs be used? They work in the shell obviously. Can
they be set up as a piped command?
--Stef
http://caunter.ca/crypto.html
<address@hidden>
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
- lynx-dev FORCE_SSL_PROMPT:NO,
Stef Caunter <=
- Re: lynx-dev FORCE_SSL_PROMPT:NO, Doug Kaufman, 2003/07/21
- Re: lynx-dev FORCE_SSL_PROMPT:NO, Stef Caunter, 2003/07/21
- Re: lynx-dev FORCE_SSL_PROMPT:NO, Doug Kaufman, 2003/07/21
- Re: lynx-dev FORCE_SSL_PROMPT:NO, Stef Caunter, 2003/07/21
- Re: lynx-dev FORCE_SSL_PROMPT:NO, Doug Kaufman, 2003/07/21
- Re: lynx-dev FORCE_SSL_PROMPT:NO, Stef Caunter, 2003/07/22
- Re: lynx-dev FORCE_SSL_PROMPT:NO, Doug Kaufman, 2003/07/23