> he said the cert is self-signed. he would have to tell openssl that > this signature is trusted.
Self signing the server certificate is not very sensible, but that would be the one to install if it is self signed. A more sensible approach would be for them to create a self signed (i.e. root certificate) for the whole organisation, and use that to sign the server certificates. > the reason for the "sudden" appearing of thes warnings might be the > better cert checking in recent openssl implementations. from 0.9.7 on > they will even check revocation lists (CRLs) :) Agreed. This is the basis on which I'm saying disabling the warning would be a big mistake. > maybe it's enough to fetch the servers certificate and put it into > local/ssl/certs? I was suggesting installing the self-signed certificate; hopefully it isn't the server certificate, but even if it is, that's the one to install. The certificate is generally public knowledge as the server will send it at the start of every session, but the server isn't generally a trusted source. (It's possible that installing the server one, even if it isn't the self signed one, may work; I think that works on some of the big 2, as the presence in your local certificate store implies ultimate trust.) ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
