lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev FORCE_SSL_PROMPT:NO

From: Doug Kaufman
Subject: Re: lynx-dev FORCE_SSL_PROMPT:NO
Date: Mon, 21 Jul 2003 07:49:22 -0700 (PDT) 
On Mon, 21 Jul 2003, Stef Caunter wrote:

> On Sun, 20 Jul 2003, Doug Kaufman wrote:
> 
> > default under OpenSSL for the ca-bundle is a file named "cert.pem" in
> > "/usr/local/ssl", or whatever was defined as your OPENSSL directory. The
> > directory "/usr/local/ssl/certs" should contain hashed certificates. Did
> > you run c_rehash on that directory? The environment variables to change
> 
> Thanks. I had already created the hash for the self-signed
> cert, and I just used c_rehash to recreate everything.
> Environment variables are set.

Note that the environment variable handling of SSL_CERT_FILE was
broken in OpenSSL until a few months ago. Are you using a current
version? I know that it got fixed in the 0.9.7 branch, but I don't
know about the 0.9.6 branch. I am not sure that SSL_CERT_DIR has been
fully tested to see if it really works. What happens if you take the
self-signed ca_cert and concatenate it to your ca-bundle, and put it in
the default location (/usr/local/ssl) as "cert.pem"?
                            Doug
-- 
Doug Kaufman
Internet: address@hidden


; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]