Re: [Lynx-dev] Problem with SSL certificates in Lynx

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] Problem with SSL certificates in Lynx

From:	Aki Tuomi
Subject:	Re: [Lynx-dev] Problem with SSL certificates in Lynx
Date:	Fri, 30 Jun 2006 10:25:07 +0300
User-agent:	Mutt/1.5.11+cvs20060403

On Thu, Jun 29, 2006 at 11:10:55PM -0500, Stef Caunter wrote:
> You appear to have lynx built with gnutls, but succeed in testing with 
> openssl. Are you able to build with openssl? Documented usage procedures 
> are done with openssl. The 2.8.5 release will connect without error unless 
> cert is a wildcard cert. You have exported SSL_CERT_DIR and SSL_CERT_FILE 
> appropriately for your shell?
> 
> Stef
> http://caunter.ca/contact.html
> 
> On Mon, 26 Jun 2006, Aki Tuomi wrote:
> 
> >I tried looking thru the mailing list archives and could not find
> >anything useful for the following issue.
> >
> >When connecting to a site with a proper certificate (not self-signed,
> >using a proper CA, listed properly in /etc/ssl/certs) i get error
> >
> >SSL error:Can't find common name in certificate-Continue?
> >
> >This error does not exhibit itself in other browsers, nor when testing
> >with
> >
> >openssl -CApath /etc/ssl/certs -connect site:443
> >
> >I've set SSL_CERT_DIR=/etc/ssl/certs
> >
> >I am now wondering why it won't work when it's done properly. This is
> >most annoying since I am using a commercially signed certificate. If you
> >need more information please don't hesitate to ask.
> >
> >Aki Tuomi
> >
> >
> >_______________________________________________
> >Lynx-dev mailing list
> >address@hidden
> >http://lists.nongnu.org/mailman/listinfo/lynx-dev
> >
> 
Found the problem, it is somehow related to the handling of
SSL_CERT_FILE enviroment variable

As you can see from the dump below, it does not even attempt to open
SSL_CERT_FILE, dunno why. Perhaps it is not speaking to gnutls library
properly?

Aki Tuomi

env SSL_CERT_FILE=/etc/apache2/ssl/intra.tdcsong.fi.chain.crt strace
-eopen lynx https://intra.tdcsong.fi/ -dump

open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/usr/lib/libbz2.so.1.0", O_RDONLY) = 3
open("/usr/lib/libncursesw.so.5", O_RDONLY) = 3
open("/usr/lib/libgnutls-extra.so.11", O_RDONLY) = 3
open("/usr/lib/libgnutls-openssl.so.11", O_RDONLY) = 3
open("/usr/lib/libgnutls.so.11", O_RDONLY) = 3
open("/lib/libcrypt.so.1", O_RDONLY)    = 3
open("/lib/libc.so.6", O_RDONLY)        = 3
open("/usr/lib/libz.so.1", O_RDONLY)    = 3
open("/usr/lib/libopencdk.so.8", O_RDONLY) = 3
open("/usr/lib/libgcrypt.so.11", O_RDONLY) = 3
open("/usr/lib/libgpg-error.so.0", O_RDONLY) = 3
open("/usr/lib/liblzo.so.1", O_RDONLY)  = 3
open("/usr/lib/libtasn1.so.2", O_RDONLY) = 3
open("/lib/libnsl.so.1", O_RDONLY)      = 3
open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/locale/en_FI/LC_MESSAGES/lynx.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/en/LC_MESSAGES/lynx.mo", O_RDONLY) = -1 ENOENT
(No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES/lynx.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/usr/share/locale/en_GB/LC_MESSAGES/lynx.mo", O_RDONLY) = -1
ENOENT (No such file or directory)
open("/etc/lynx.cfg", O_RDONLY)         = 3
open("/etc/lynx.cfg", O_RDONLY)         = 3
directory)
open("/etc/mailcap", O_RDONLY)          = 3
open(".mailcap", O_RDONLY)              = 3
open(".mailcap", O_RDONLY)              = 3
open("/etc/mime.types", O_RDONLY)       = 3
open(".mime.types", O_RDONLY)           = 3
open(".mime.types", O_RDONLY)           = 3
open("/var/run/utmp", O_RDONLY)         = 3
open("/etc/nsswitch.conf", O_RDONLY)    = 3
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/libnss_files.so.2", O_RDONLY) = 3
open("/etc/hosts", O_RDONLY)            = 3
open("/etc/hosts", O_RDONLY)            = 3
open("/dev/urandom", O_RDONLY)          = 4
HTTP: Access authorization required.
       Use the -auth=id:pw parameter.

Looking up intra.tdcsong.fi
Making HTTPS connection to intra.tdcsong.fi
SSL error:Can't find common name in certificate-Continue? yes
Secure 128-bit TLS 1.0 (DHE_RSA_AES_128_CBC_SHA) HTTP connection
Sending HTTP request.
HTTP request sent; waiting for response.
Alert!: Access without authorization denied -- retrying

lynx: Can't access startfile https://intra.tdcsong.fi/

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Lynx-dev] Problem with SSL certificates in Lynx, Aki Tuomi, 2006/07/01
- Re: [Lynx-dev] Problem with SSL certificates in Lynx, Aki Tuomi <=
- Re: [Lynx-dev] Problem with SSL certificates in Lynx, patakuti, 2006/07/04
  - Re: [Lynx-dev] Problem with SSL certificates in Lynx, Thorsten Glaser, 2006/07/04
    - Re: [Lynx-dev] Problem with SSL certificates in Lynx, Aki Tuomi, 2006/07/04
    - Re: [Lynx-dev] Problem with SSL certificates in Lynx, patakuti, 2006/07/05
    - Re: [Lynx-dev] Problem with SSL certificates in Lynx, Thomas Dickey, 2006/07/05
    - Re: [Lynx-dev] Problem with SSL certificates in Lynx, Thorsten Glaser, 2006/07/05
    - Re: [Lynx-dev] Problem with SSL certificates in Lynx, Thomas Dickey, 2006/07/05

Prev by Date: Re: [Lynx-dev] Problem with SSL certificates in Lynx
Next by Date: Re: [Lynx-dev] Problem with SSL certificates in Lynx
Previous by thread: Re: [Lynx-dev] Problem with SSL certificates in Lynx
Next by thread: Re: [Lynx-dev] Problem with SSL certificates in Lynx
Index(es):
- Date
- Thread