Public bug reported: When browsing to a site that uses Server Name Indication (http://en.wikipedia.org/wiki/Server_Name_Indication), Lynx receives the wrong certificate.
Here is an example: pierre@pierre-MacBook:~$ lynx https://rudloff.pro Looking up rudloff.pro Making HTTPS connection to rudloff.pro UNVERIFIED connection to rudloff.pro (cert=CN<www2.strasweb.fr>) Certificate issued by: /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA Secure 128-bit TLS1.0 (DHE_RSA_AES_128_CBC_SHA1) HTTP connection Sending HTTP request. HTTP request sent; waiting for response. Alert!: Unexpected network read error; connection aborted. Can't Access `https://rudloff.pro/' Alert!: Unable to access document. lynx: Can't access startfile Here is the same example with curl: pierre@pierre-MacBook:~$ curl -vvv -I https://rudloff.pro * About to connect() to rudloff.pro port 443 (#0) * Trying 195.132.195.143... connected * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using DHE-RSA-AES256-SHA * Server certificate: * subject: description=pZ7mRJriYb7YHtFn; C=FR; CN=blog.rudloff.pro; [email protected] * start date: 2012-05-13 08:19:20 GMT * expire date: 2013-05-14 10:06:31 GMT * subjectAltName: rudloff.pro matched * issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA * SSL certificate verify ok. > HEAD / HTTP/1.1 > User-Agent: curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 > zlib/1.2.3.4 libidn/1.23 librtmp/2.3 > Host: rudloff.pro > Accept: */* > As you can see, curl sends the SNI and receives the right certificate. ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lynx 2.8.8dev.9-2 ProcVersionSignature: Ubuntu 3.2.0-32.51-generic-pae 3.2.30 Uname: Linux 3.2.0-32-generic-pae i686 ApportVersion: 2.0.1-0ubuntu13 Architecture: i386 Date: Sun Oct 14 03:02:59 2012 PackageArchitecture: all ProcEnviron: LANGUAGE=fr_FR:en TERM=xterm PATH=(custom, no user) LANG=fr_FR.UTF-8 SHELL=/bin/bash SourcePackage: lynx-cur UpgradeStatus: Upgraded to precise on 2012-04-27 (170 days ago) ** Affects: lynx-cur (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug i386 precise -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1066424 Title: Lynx does not support Server Name Indication To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/1066424/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
