Using the lynx browser compiled with openssl, the environment
variable SSL_CERT_FLLE seems to be ignored. If I place the trusted
root certificates in the default location, the application finds
them without difficulty. If placed in a non-default location,
setting the value of SSL_CERT_FILE to that location doesn't allow
the certificates to be read in. I recently noted this with the
20021115 snapshot of openssl 0.9.7. I now see that a similar
report was noted earlier on the lynx-dev mailing list with a
proposed patch for openssl 0.9.6g by Takeshi Hataguchi (see:
"http://www.flora.org/lynx-dev/html/month102002/msg00057.html";).
Applying that patch to 0.9.7 led to a failure in "make test", so
it may not be the appropriate patch. I don't remember seeing this
discussion on openssl-dev.
Could someone verify independently that SSL_CERT_FILE doesn't allow
reading certificates in non-default locations? If verified, can
someone familiar with how this is supposed to work come up with a
patch? The code for this is in crypto/x509/by_file.c, with similar
code for SSL_CERT_DIR in crypto/x509/by_dir.c (with associated code
in crypto/x509/x509_def.c and crypto/cryptlib.h). If this is really a
problem with the application, let me know and I will take the problem
back to the lynx-dev mailing list.
Thanks.
Doug
__
Doug Kaufman
Internet: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
