lynx-dev lynx, hotmail, and cookies - an update

[Kim DeVaughn]

Well I finally got around to building up an ssl'ified lynx, and I can
once again access my hotmail.com mailbox.  After a fashion (more about
that later).

First, just to let folks know, I built the openssl-0.9.3a package on
FreeBSD 2.2.8-STABLE, and applied the lynx ssl patch that is available
for the 2.8.2rel.1 release to the current 2.8.3dev.6 package.

The patch applied OK (with a few offsets and fuzz's), but the subsequent
lynx built OK, and the ssl support seems to be working OK, without my
having to do any tweaking of the lynx patch, per se (at least I got a
good response from the ssl-test site mentioned in the patch's documenta-
tion).  To wit:

>                                                                 SSL Test
>
>   Hello, user from shell3.ba.best.com (206.184.139.134)!
>
>   You have successfully connected using SSL (TLSv1). You received this
>   document using the 192-bit EDH-RSA-DES-CBC3-SHA cipher.
>
>   Congratulations! Your version of Lynx supports SSL!

In building the openssl package, I *did* have to fiddle the Configure
script to explicitely use perl5 ("perl" == perl4, here), and then when
building the patched lynx, I had to fiddle adound with ssl include files'
location, in order for make to find them (even though I'd already "fixed"
the top-level Makefile's SSL-related entries).  I suspect that the existing
patch for lynx doesn't fully support the includes being in a non-standard
location ... something I'll eventually check into ...


As may be ... time to try getting into my hotmail account ...

There doesn't seem to be any problem with the SSL stuff interacting with
hotmail, but lynx *really* doesn't seem to like the cookies that hotmail
is now using.

The url used is <http://www.hotmail.com/>, and after entering the account
and password, I get:

Accept invalid cookie domain=.passport.com for 'lc1.law5.hotmail.passport.com'

a "y" reply then gets me:

Accept invalid cookie path=/ppsecure as a prefix of '/cgi-bin'? (n)

replying "y" here results in a statusline msg exactly like the 1st one, to
which I have to reply "y" to FOUR (4) times before *anything* on the screen
changes

after the 4th "y", several msgs are rapidly dumped to the statusline, with
it finally displaying yet another invalid msg ... again, just like the 1st
one

a "y" to that msg results in a page being brought up that looks like a
redirect page, with a gawd-awful looking link, that looks like the entire
cookie

activating that link results in more invalid cookie prompts for a .msn.com
cookie

this time, only a total of THREE (3) "y" replies are needed ... following
the 3rd one, I have *finally* gotten to my hotmail mailbox page, and can
navigate it normally from there on.

Of course, adding:

COOKIE_LOOSE_INVALID_DOMAINS:.passport.com,.msn.com

to my lynx.cfg obviates the need for all the manual interaction, but I
thought I'd go thru all the gory details in case one of our cookie-guru's
wants to look into *why* so many (TEN, count 'em, 10) prompts/replies are
required.

And it isn't at all obvious that several of the "y" replies are even doing
anything ... many folks might think lynx was hung, before they've entered
enough y(eses) ... as I did initially ... :-) ...!


Anyway ... I've setup an account/mailbox at hotmail.com for lynx testing,
if anyone else wants to use it, and made a trace of all the above nonesense
(beginning with account entry, and ending when the actual hotmail page is
rendered).

The trace is available at <http://www.best.com/~kimdv/lynx/hotmail_trace.gz>,
and the account/passwd data is embedded.


One last point of information ... adding SSL support increased the size of
my lynx binary by ~400k (stripped), so it's not something I'd recommend for
anyone short on disk space ...!

/kim