tg.at.mirbsd.de:
> I suggest the following: ...
I tried this suggestion before Stefan's one because it seemed easier.
As results, it does not work for me:
Lynx comes out with the same, old error "SSL error:issuer is not a CA-Continue?"
Additionally, the command line
$ sudo dpkg -i ca-bundle_20090709_all.deb
erased completely and then re-created the whole content of the certificates
directory /etc/ssl/certs/ which now looks completely different than before.
Then, since libcrypto.so seeks the certificates in /usr/local/ssl/certs, I
created the link /usr/local/ssl => /etc/ssl and I tried the clarification of
Stef.at.caunter.ca:
>Yes, that's OpenSSL - you need to put the certs in that directory and ...
I manually created the shell variable SSL_CERT_DIR=/usr/local/ssl/certs and
shell variable the SSL_CERT_FILE=/usr/local/ssl/certs/ca-certificates.crt. This
file consists of the certificates resulting from
ssl.certs.shar that I concatenated together.
Here Lynx comes out with the error "SSL error:no issuer was found-Continue?"
Earlier today I also extracted the certificates from Firefox and concatenated
them into a ca-certificates.crt. While with Firefox I can login to Etrade, Lynx
still comes out with the error "SSL error:issuer is not a CA-Continue?".
I've Lynx Version 2.8.7dev.9 and OpenSSL 0.9.8g 19 Oct 2007.
Any further suggestion/hint is welcome.
Paolo Piacentini
> Date: Thu, 23 Jul 2009 18:21:55 +0000
> From: t...@mirbsd.de
> To: s...@caunter.ca
> CC: paolopi...@hotmail.com; lynx-dev@nongnu.org
> Subject: Re: [Lynx-dev] Re: Lynx: missing SSL certificate
>
> Stefan Caunter dixit:
>
> >Yes, that's OpenSSL - you need to put the certs in that directory and
> >make sure they are hashed. The .shar file has done this for you. Make
> >sure that the SSL_CERT_FILE and SSL_CERT_DIR variables are exported to
> >your shell.
>
> Actually, OpenSSL needs SSL_CERT_DIR and the hashed files from the .shar
> file, while GnuTLS needs SSL_CERT_FILE and them concatenated all into one
>
> I suggest the following:
>
> $ wget
> http://www.freewrt.org/~tg/debs/dists/hardy/wtf/pkgs/ca-bundle/ca-bundle_20090709_all.deb
> $ sudo dpkg -i ca-bundle_20090709_all.deb
>
> Then set it to /etc/ssl/certs/ca-certificates.crt instead. Lynx is, sadly,
> linked with inferior GnuTLS on Debian and derivates, which also cannot yet
> handle X.509v3 subjectAltName extensions on certificates such as the one
> on www.mirbsd.org ☹
>
> //mirabilos
> --
> “It is inappropriate to require that a time represented as
> seconds since the Epoch precisely represent the number of
> seconds between the referenced time and the Epoch.”
> -- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2
_________________________________________________________________
Bing™ brings you maps, menus, and reviews organized in one place. Try it now.
http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TXT_MLOGEN_Local_Local_Restaurants_1x1
_______________________________________________
Lynx-dev mailing list
Lynx-dev@nongnu.org
http://lists.nongnu.org/mailman/listinfo/lynx-dev
