On Tue, Jul 27, 2021 at 10:52 AM Nelson H. F. Beebe <be...@math.utah.edu> wrote: > > Today, I successfully rebuilt and installed lynx2.9.0dev.7 with the > --with-ssl option on 23 platforms; the only build failures were on old > CentOS 5 systems that lack needed support libraries. > > I did not remember to use the --with-ssl option on my first round of > automated builds, so I had to redo them with that option. > > Given that the Web world is rapidly moving to https:, rather than > http:, connections by default, with major GUI browsers forcing that > move, would it not make good sense for the next release of lynx to > make --with-ssl the default, and allow --without-ssl as an option to > suppress https support?
systems rely on trusted provider certificate bundles, and deciding to use them (with lynx) should be a conscious one on the part of the user (in my opinion)... a server user installs a certificate, so a server system compiled with ssl still won't work without that, and clients won't trust it without that a client user has to trust certificate providers somehow, so a client system compiled with ssl by default, has just assumed it has a list of trustworthy certificate providers, or possibly has no list of providers, and just ignores providers and accepts all server certificates... lynx has never made this assumption for users in my recollection when you compile --with-ssl your system is checked for certs in default or specified locations to trust, which seems enough of a default to me -- --- Stefan Caunter Hamilton phone: 6474599475 _______________________________________________ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
