> should be supressed by default. It didn't occur in OpenSSL until 3 months > ago (lynx.cfg, lyrcfile.h, lyreadcfg.c and http.[ch])
Lynx was broken from a security point of view until a few months ago. It failed to authenticate the server. > +.h2 SSL_IGNORE_CERT_ERROR > +# Ignore errors from OpenSSL saying "unable to get local issuer certificate > +# Only affects https sites. Lynx must be compied with USE_SSL for this Typo on compiled. > +# setting to take effect. You should include a warning that this makes Lynx vulnerable to man in the middle attacks and impostor sites. > +# > +#SSL_IGNORE_CERT_ERROR:TRUE NO NO NO NO. The default should be secure. Suppressing symptoms of security problems is a very bad cure for those problems. ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
