|
| From: | Paolo Piace |
| Subject: | RE: [Lynx-dev] Re: Lynx: missing SSL certificate |
| Date: | Thu, 23 Jul 2009 17:10:52 -0700 |
|
tg.at.mirbsd.de: > I suggest the following: ... I tried this suggestion before Stefan's one because it seemed easier. As results, it does not work for me: Lynx comes out with the same, old error "SSL error:issuer is not a CA-Continue?" Additionally, the command line $ sudo dpkg -i ca-bundle_20090709_all.deb erased completely and then re-created the whole content of the certificates directory /etc/ssl/certs/ which now looks completely different than before. Then, since libcrypto.so seeks the certificates in /usr/local/ssl/certs, I created the link /usr/local/ssl => /etc/ssl and I tried the clarification of Stef.at.caunter.ca: >Yes, that's OpenSSL - you need to put the certs in that directory and ... I manually created the shell variable SSL_CERT_DIR=/usr/local/ssl/certs and shell variable the SSL_CERT_FILE=/usr/local/ssl/certs/ca-certificates.crt. This file consists of the certificates resulting from ssl.certs.shar that I concatenated together. Here Lynx comes out with the error "SSL error:no issuer was found-Continue?" Earlier today I also extracted the certificates from Firefox and concatenated them into a ca-certificates.crt. While with Firefox I can login to Etrade, Lynx still comes out with the error "SSL error:issuer is not a CA-Continue?". I've Lynx Version 2.8.7dev.9 and OpenSSL 0.9.8g 19 Oct 2007. Any further suggestion/hint is welcome. Paolo Piacentini > Date: Thu, 23 Jul 2009 18:21:55 +0000 > From: address@hidden > To: address@hidden > CC: address@hidden; address@hidden > Subject: Re: [Lynx-dev] Re: Lynx: missing SSL certificate > > Stefan Caunter dixit: > > >Yes, that's OpenSSL - you need to put the certs in that directory and > >make sure they are hashed. The .shar file has done this for you. Make > >sure that the SSL_CERT_FILE and SSL_CERT_DIR variables are exported to > >your shell. > > Actually, OpenSSL needs SSL_CERT_DIR and the hashed files from the .shar > file, while GnuTLS needs SSL_CERT_FILE and them concatenated all into one > > I suggest the following: > > $ wget http://www.freewrt.org/~tg/debs/dists/hardy/wtf/pkgs/ca-bundle/ca-bundle_20090709_all.deb > $ sudo dpkg -i ca-bundle_20090709_all.deb > > Then set it to /etc/ssl/certs/ca-certificates.crt instead. Lynx is, sadly, > linked with inferior GnuTLS on Debian and derivates, which also cannot yet > handle X.509v3 subjectAltName extensions on certificates such as the one > on www.mirbsd.org â¹ > > //mirabilos > -- > âIt is inappropriate to require that a time represented as > seconds since the Epoch precisely represent the number of > seconds between the referenced time and the Epoch.â > -- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2 Bing⢠brings you maps, menus, and reviews organized in one place. Try it now. |
| [Prev in Thread] | Current Thread | [Next in Thread] |