lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev README.ssl


From: Stef Caunter
Subject: Re: lynx-dev README.ssl
Date: Thu, 15 Jan 2004 09:04:57 -0500 (EST)

Another update to README.ssl, below:

mentions:

-> the experimental gnutls support
-> the https://www.gnutls.org:5555/ test site for ssl connections
-> added some mild badgering about certificate handling.

I know nothing about gnutls -- please advise if I have
referred incorrectly to it in the document.

The remaining gap in the puzzle is how to get lynx to
present a client certificate. Can it do such a thing?

__Stef

SSL support for Lynx 2.8.5pre.1
-- adapted from http://www.mentovai.com/lynx/

Lynx, in its unmodified form, will not allow you to make secure socket layer
(SSL) connections.  SSL is used for the secure transfer of information over the
Internet.  Many sites are now requiring SSL to ensure security for themselves
and their users.  With a version of Lynx modified to support SSL, Lynx users
can now visit these sites with ease as well.

The SSL configure option (--with-ssl) for Lynx provides the ability to make use
of SSL over HTTP for secure access to web sites (HTTPS) and over NNTP for
secure access to news servers (SNEWS).  SSL is handled transparently, allowing
users to continue accessing web sites and news services from within Lynx
through the same interface for both secure and standard transfers.

This is based on, and requires, the OpenSSL library.  OpenSSL's distribution
and use may be restricted by licenses and laws.  For information on obtaining
OpenSSL, as well as information on its distribution, see
http://www.openssl.org/.  The main distribution site is at 
ftp://ftp.openssl.org/source/.

Lynx also has experimental support for GnuTLS (configure option --with-gnutls).
For information on GnuTLS, see http://www.gnu.org/software/gnutls/.

To test your version of Lynx for SSL support, try it out with an SSL site.
Below are secure (https) pages which will load if your browser contains SSL
support and you accept their certificates; they give you some information about
the connection.

https://www.gnutls.org:5555/
https://www2.ggn.net/cgi-bin/ssl

Lynx will complain about the certificate, since the certificate presented is
untrusted.  You may accept this certificate to test your configuration, since
it is a test, but it is a bad idea to blindly accept certificates from unknown
websites if you are transmitting form data or files.

You should review the document README.sslcerts for a detailed discussion
of correct certificate handling possibilities and procedures in lynx.

It is the user's responsibility to ensure that all patent laws,
export restrictions, and other considerations have been taken into account
before using this software.

-- Note:

Lynx is GPL'd, so it falls under the regulations in EAR section
740.13(e)(1):

    (1) Encryption source code controlled under 5D002, which would be
        considered publicly available under section 734.3(b)(3) and
        which is not subject an express agreement for the payment a
        licensing fee or royalty for commercial production or sale of
        any product developed with the source code, is released from
        EI controls and may be exported or reexported without review
        under License Exception TSU, provided you have submitted
        written notification to BXA of the Internet location (e.g.,
        URL or Internet address) or a copy of source code by the time
        of export.

On Wed, 14 Jan 2004, Thomas Dickey wrote:

> On Wed, 14 Jan 2004, Stef Caunter wrote:
>
> > On Wed, 14 Jan 2004, [ISO-8859-1] Fr?d?ric L. W. Meunier wrote:
> >
> > > http://www.moxienet.com/lynx/ -> http://www.mentovai.com/lynx/
> > >
> > > http://www.moxienet.com/lynx/ssl-test is gone. I found
> > > http://www.mit.edu/afs/sipb/user/jmorzins/lynx-notes, so it
> > > looks like you can change it to
> > > https://www2.ggn.net/cgi-bin/ssl (and remove the "will redirect
> > > you to").
> > >
> > > I guess other parts also need to be updated (GNU
> > > TLS and certificates).
> >
> > Correcting the part about "lynx does not yet do
> > certificates" on the mit site would seem to be in order,
> > does anyone know the maintainer?
>
> The last line on the lynx-notes page is obsolete by almost 7 years -
> it refers to pre-autoconf lynx.
>
> --
> Thomas E. Dickey
> http://invisible-island.net
> ftp://invisible-island.net
>
> ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
>
>

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden


reply via email to

[Prev in Thread] Current Thread [Next in Thread]