On Wed, Dec 12, 2012 at 12:44:23PM +0100, Vincent Lefevre wrote: > On 2012-12-12 06:28:56 -0500, Thomas Dickey wrote: > > On Wed, Dec 12, 2012 at 05:08:21AM -0500, Thomas Dickey wrote: > > > I'm not able to reproduce the problem, either by recompiling, or > > > by installing this version on my Debian/testing system. For each > > > configuration, lynx accepts the certificate and does not prompt. > > > > I tested first with LYNX_CFG unset, and then with it set to ''. > > LYNX_CFG contains a filename. Do not set it to '', but to /dev/null > for instance.
I can reproduce this, and see that the problem is arguably a
configuration error on your part. The first interesting difference is
this line omitted from a trace of the malfunctioning session:
HTGetSSLHandle: certfile is set to /etc/ssl/certs/ca-certificates.crt by config
SSL_CERT_FILE
What is happening is that gnutls is confused about the reason why the
certificate could not be traced to an authority - it only knows that
the attempt failed. It sets the status which lynx reports here:
if (ret == 0 && tls_status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
msg2 = gettext("self signed certificate");
Since there is no configuration information available to lynx,
there is no way for it to check any of the certificates.
--
Thomas E. Dickey <[email protected]>
http://invisible-island.net
ftp://invisible-island.net
signature.asc
Description: Digital signature
