Subject: lynx-dev SSL error:Unable to get local issuer certificate-Continue?
> Unfortunately, I feel like I need to bring this topic up again since it > was not addressed in the last release. My understanding was that there > would be an option somewhere in lynx to suppress this message. It seems > like the users are loosing on this issue. Most lynx users who are not > programmers just want to be able to use the browser without much hassle. Since I've already been killed on this subject, let me add support to this view. This is like the cookie thing and the 3 second alert messages. Nagging users drives them away from the world's greatest browser. > The sysadmin > for my ISP recommended that we should use lynx2.8.5dev8 because there was > a "bug" in the latest version. I didn't do this, but do not blame him at > all for alerting others to this annoyance. > <rant> As I stated, this is my workaround, too; use 2.8.5dev8. Last time, I received a pleasantly alarmist lecture on untrusted hosts, which was nice, since it happens to be what I lecture on sometimes. Bluntly, no one cares that the server to which they are connecting does not have a $225 e-com cert installed into it -- we just want an encrypted connection to it; it's probably just a file server and we don't want the password in the clear. That's it. We don't buy certs (there's no point, they serve themselves and the major browsers, and they disclaim everything), we don't shop on lynx, (there's not much point) we can't do financial stuff much as we'd like to, as bank sites are all poisoned by javascript, and there's apparently no way to install a server cert into lynx. </rant> I found some reference to an old MIT project to introduce cert management to lynx. It did not seem to go anywhere. I was able to translate a server.crt file to a gpg style cert using openssl, but I don't know how to tell lynx about the certificate file. If this helps or gets someone started... # Still don't know where to put the unix .crt to have it accepted # by openssl and not generate the lynx2.8dev9 ssl error. # copy the .crt cert to a dir # for a server.crt file to make it human readable do openssl asn1parse -in server.crt # to extract just the pubkey prime number # search this output for the number associated with BIT STRING # use it as an arg to -strparse like the next line openssl asn1parse -in server.crt -strparse 359 # to convert the .crt file to a standard certfile that openssl likes openssl x509 -inform DER -in server.crt -outform PEM -out new_server.crt > Stef > > > ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED] > ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
