On Sun, 13 Aug 2006, I wrote: > On Sat, 12 Aug 2006, [EMAIL PROTECTED] wrote: > > > OpenSSL uses the environment variable SSL_CERT_FILE to indicate where > > the collection of trusted certificates resides. How does GnuTLS find the > > file if it isn't in the default location which was compiled in? > > I don't know well but I suspect that Lynx with GnuTLS doesn't refer > the certificate files because it doesn't show any warnings to the site > which has self-signed certificate. > If it's true, the binary with GnuTLS is inferior to the one with OpenSSL > on this point.
I wrote a patch to improve this point. After applying this patch, Lynx with GnuTLS verify the server's certificate. Note that users must set the environment variable SSL_CERT_FILE to verify properly. I also tried the patch which is posted by Thorsten Glaser on 5 Jul against DN format probrem. It suppressed the unexpected message for normal https sites as far as I tested Lynx with GnuTLS. Unfortunately I couldn't test abnormal https sites, which doesn't have CN, because I don't know their URLs. -- Takeshi Hataguchi E-mail: [EMAIL PROTECTED]
lynx.patch_for_286dev18-4
Description: Binary data
_______________________________________________ Lynx-dev mailing list Lynx-dev@nongnu.org http://lists.nongnu.org/mailman/listinfo/lynx-dev
