On Mon, Jun 20, 2016 at 6:18 PM, Francesco Ariis <fa...@ariis.it> wrote: > Hello lynx users, > I am trying to configure lynx to handle ssl certs following > `README.sslcerts` [1]. I am using Lynx Version 2.8.9dev.1 (12 Mar 2014) > on Debian stable. > I am having problems with setting SSL_CERT_DIR and SSL_CERT_FILE > environment variables. > > [1] http://lynx.invisible-island.net/current/README.sslcerts > > Long story short, the guide asks you to determine where `libcrypto.a` is, > so I invoked: > > u@m:/usr$ find -name libcrypto.a > ./lib/i386-linux-gnu/libcrypto.a > > Then, to determine the default location for the certs the > guide asks you to run: > > strings libcrypto.a | grep -in cert | less > [...] > 28697:/usr/lib/ssl/certs > 28698:/usr/lib/ssl/cert.pem > 28699:SSL_CERT_DIR > 28700:SSL_CERT_FILE > [...] > > I modified my .bashrc to export those variables: > > u@m:~$ echo $SSL_CERT_DIR; echo $SSL_CERT_FILE > /usr/lib/ssl/certs > /usr/lib/ssl/cert.pem > > `FORCE_SSL_PROMPT` is set to `PROMPT` in lynx.cfg, still when I browse, > say, duckduckgo.com I get: > > SSL error:the certificate has no known issuer-Continue? (y) > > I suspect there is a problem with SSL_CERT_FILE, because > `/usr/lib/ssl/certs` exists (904 elements) but I see > no `/usr/lib/ssl/cert.pem`. > > Any hint on how to solve the issue? > -F
You need to get a certificate bundle, in PEM format, in /usr/lib/ssl/cert.pem and rehash so your system is aware of it. TG set up a bundle (in 2006 https://lists.nongnu.org/archive/html/lynx-dev/2006-03/msg00059.html) and it is still working, so running lynx 'https://www.mirbsd.org/cvs.cgi/~checkout~/src/etc/ssl.certs.shar?rev=1.46;content-type=application%2Fx-shar' will get you a reasonably recent cert bundle in shar format (the link to http://caunter.ca/ssl.certs.shar in README.sslcerts has been updated with the most recent archive). Stefan Caunter > > _______________________________________________ > Lynx-dev mailing list > Lynx-dev@nongnu.org > https://lists.nongnu.org/mailman/listinfo/lynx-dev > _______________________________________________ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
