Re: lynx-dev FORCE_SSL_PROMPT:NO

[Doug Kaufman]

On Fri, 25 Jul 2003, Stef Caunter wrote:

> Thanks. Fixed. I'll be offline for a day and a half.

> ... 
> INSTALLING A SELF-SIGNED CERTIFICATE:
> 
> When you would like to trust a self-signed (non-commercial) certificate you 
> will
> need to get hold of the actual file. If it's a cert local to your network you
> can ask the sysadmin to make it available for download as a link on a webpage.

I am not sure how much information that isn't specific to lynx belongs
in a file like this. This part of the file would be a reasonable place
to mention how you can get the server certificate using the s_client
mode of openssl. To get the certificate from the site "whatever.invalid",
assuming a standard https connection to port 443, you can do 
"openssl s_client -connect whatever.invalid:443 |tee certfile",
then type "QUIT" followed by a carriage return; or do 
"echo QUIT | openssl s_client -connect whatever.invalid:443 > certfile"

Then just edit the file "certfile" to get rid of the material around the
server certificate. This should eliminate the need to ask administrators
to make the file available as a link.
                              Doug
-- 
Doug Kaufman
Internet: address@hidden


; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden