On Sun, 12 Sep 2004, A. R. Vener wrote: > I finally upgraded to lynx 2.8.5. > > It seems to work, but when I access https sites, I get the message: > ssl error unable to get local issuer certificate. continue? (y): > > hitting 'y' gets past the ssl error and I connect. > > This problem never happened with lynx 2.8.4. Why does it happen with lynx 2.8.5 and > what can I do about it?
The essence is that lynx 2.8.4 was never giving you a secure connection; you were just never told. When you connect over a secure connection, your browser needs to compare the certificate presented by the website with a certificate that you trust, to make sure that they are who they claim to be, rather than an imposter website. In the past lynx never complained if the check failed. This error usually means that you never installed a set of trusted certificates. Since the value of the certificates depends on how you got them, such a set is not distributed with lynx. If your security needs are minimal, you can get a copy of the set of certificates that I use from my web site. Sets of certificates are also distributed with some software packages. Otherwise you need to get your own certificates in a secure manner from the certificating agencies which you trust. The default location for the certificate bundle varies according to platform and as to how the openssl library with which lynx was linked was compiled. On unix, typical locations might be /usr/local/ssl/cert/cert.pem or /usr/share/ssl/cert/cert.pem. On DJGPP, the default is usually /dev/env/DJDIR/ssl/cert/cert.pem. You can place it wherever you like, if you set the environment variable "SSL_CERT_FILE" to the full path of the cert bundle. Once you install the certificates, the error will go away. You can get a set of certificates from me at "http://www.rahul.net/dkaufman/cert.zip"; Doug -- Doug Kaufman Internet: [EMAIL PROTECTED] _______________________________________________ Lynx-dev mailing list [EMAIL PROTECTED] http://lists.nongnu.org/mailman/listinfo/lynx-dev
