On Sat, Jan 14, 2006 at 12:09:10AM -0500, Richard wrote: Hi there,
The gmail website is using Twarte Certificate Authority for https certificates. I did not configure the https DPI to recognize Twarte (I don't know if it is even possible). So each time I go to the gmail login page, dillo pops up the warning dialog box asking the user whether or not to proceed with an unrecognized certificate. [snip] There are too many dialog boxes that get poped up and some of them get dropped and are not shown to the user.
That makes sense. The right answer will probably involve keeping a cache of certificates which the user has clicked to trust, and then not popping up the dialog for the same certificate twice. The quick answer for gmail is to avoid the dialog box in the first place, by adding the issuer cert locally. Get the vsign3.pem file from, for example, an openssl distribution (It's small, and text, so I've pasted it below for convenience). Copy it to .dillo/certs (or /etc/ssl/certs, or wherever your ssl libraries look ("grep cert" in the output of "strace -f dillo" when accessing https may help)) under a convenient name, and then symlink a suitable hash name to it "openssl x509 -noout -hash -in vsign3.pem" gives me 7651b327, so I "ln -s vsign3.pem 7651b327.0" That should allow you to verify the www.google.com certificate, and also the mail.google.com one. It will still give one dialog, because the www.googleadservices.com certificate was issued by another company -- but that can be clicked away easily enough :-) With cookies suitably set, I can authenticate and read mail handily enough in the "basic view". There is a separate problem with signing out -- dillo finds a redirect loop which prevents it happening. Presumably setting cookies to "session" and killing the cookies dpi when dillo exits will brute-force through that issue, until a proper fix is decided upon. All the best, f -- Francis Daly francis@daoine.org Oh, the Verisign certificate: -----BEGIN CERTIFICATE----- MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k -----END CERTIFICATE-----