RE: [Lynx-dev] Re: Lynx: missing SSL certificate

[Thorsten Glaser]

Paolo Piace dixit:

>erased completely and then re-created the whole content of the
>certificates directory /etc/ssl/certs/ which now looks completely
>different than before.

Yes, it’s a ca-certificates replacement. The new /etc/ssl/certs/ directory
is directly, as-is, suitable for use with OpenSSL. (It did not erase it
without second thought, merely replace the Debian ca-certificates’ ones,
not these you put in there yourself, if any.)

$ grep ^SSL_CE /etc/lynx-cur/lynx.cfg
SSL_CERT_FILE:/etc/ssl/certs/ca-certificates.crt


>Any further suggestion/hint is welcome.

Press Backspace, then activate the link
        [1][Your recent statusline messages]

For example, if I “lynx https://www.mirbsd.org/” I get:

   11. Data transfer complete
   10. HTTP/1.1 200 OK
    9. HTTP request sent; waiting for response.
    8. Sending HTTP request.
    7. Secure 256-bit TLSv1/SSLv3 (DHE-RSA-AES256-SHA) HTTP connection
    6. Certificate    issued    by:    /O=Root    
CA/OU=http://www.cacert.org/CN=CA   Cert   Signing
       Authority/address@hidden
    5. Verified connection to www.mirbsd.org (subj=www.mirbsd.org)
    4. SSL callback:ok, preverify_ok=1, ssl_okay=0
    3. SSL callback:ok, preverify_ok=1, ssl_okay=0
    2. Making HTTPS connection to www.mirbsd.org
    1. Looking up www.mirbsd.org

This may help in seeing what is wrong.

//mirabilos
-- 
“It is inappropriate to require that a time represented as
 seconds since the Epoch precisely represent the number of
 seconds between the referenced time and the Epoch.”
        -- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2