Haven't seen anything about this on the list in a while. While I welcome the convenience of being able to ignore commercial CA propaganda, it would be nice to be able to _manage_ self-signed certs.
A trace of an https session seems to indicate that there is _no_ routine to check anywhere for a stored and OKed copy of a site's cert. There is no indication in lynx.cfg that such a location can be defined. Sorry if I've missed that. I've stored pem certs and the latest copy of ca-bundle.crt from mod_ssl in /usr/local/ssl/certs to see if openssl itself is used by lynx, but it seems that nothing is doing any checking, not even for commercial certs. An https request to hotmail, which worked nicely with older lynxes, (presumably because _no_ cert checking was done), produces the same ssl nag as an "untru$ted" cert, notwithstanding their recent foray into javascript service denial. There seem to be well-established procedures for cert import with many browsers. I'm guessing this is not a simple request, but I'm wondering... Can the openssl commands to confirm certs be used? They work in the shell obviously. Can they be set up as a piped command? --Stef http://caunter.ca/crypto.html <[EMAIL PROTECTED]> ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
