Hello Thanks for the quick response. Most probably. Disable javascript in Firefox and try to log in.
That's a good starting point.
Yes I tried that with firefox and JS disabled. Gmail is smart enough to send you a version of the HTML page that does not require JS and you can log in. So JS is probably not the issue why I cannot login with dillo. I had some more time yesterday to look into the problem. It seems for whatever reason, dillo is not sending the form's POST HTTP request when I click on the "Sign In" button of the login form. I'll look into the problem. If it is truly a bug I'll let you guys know. Good. Is JS your expertise area? Not exactly. I am working of some other project right now, but later I may have the necessary time to devote in learning. I'll keep the JS issue in the back of my mind. Best regards Richard Ta-Min
Hi again, So I think I have found the reason why dillo cannot log into gmail and the problem is general enough to affect other websites. The gmail website is using Twarte Certificate Authority for https certificates. I did not configure the https DPI to recognize Twarte (I don't know if it is even possible). So each time I go to the gmail login page, dillo pops up the warning dialog box asking the user whether or not to proceed with an unrecognized certificate. For each image and element that are downloaded with https from the gmail login page, a new https DPI process gets forked and causes the warning dialog box to pop up again. There are too many dialog boxes that get poped up and some of them get dropped and are not shown to the user. As a result there are several https DPI processes hanging around still waiting for an answer from the user. One of those https DPI processes is the one that is sending the HTTP POST request to login to gmail. Best Regards Richard Ta-Min On 1/13/06, Richard <judicator3@gmail.com> wrote:
Hello
Thanks for the quick response.
Most probably. Disable javascript in Firefox and try to log in.
That's a good starting point.
Yes I tried that with firefox and JS disabled. Gmail is smart enough to send you a version of the HTML page that does not require JS and you can log in. So JS is probably not the issue why I cannot login with dillo. I had some more time yesterday to look into the problem. It seems for whatever reason, dillo is not sending the form's POST HTTP request when I click on the "Sign In" button of the login form. I'll look into the problem. If it is truly a bug I'll let you guys know.
Good. Is JS your expertise area?
Not exactly. I am working of some other project right now, but later I may have the necessary time to devote in learning. I'll keep the JS issue in the back of my mind.
Best regards Richard Ta-Min
There's also a problem with the caching when in https IIRC. You have to keep manually refreshing or drop out of SSL as soon as you can. (These tricks used to be enough to get into the playstation2-linux.com site - though I do hear reports that even these aren't now sufficient!) Bob at said, In message <a146ff9b0601132109kc0988ffid53078a4d594673e@mail.gm ail.com>, Richard <judicator3@gmail.com> writes
Hi again,
So I think I have found the reason why dillo cannot log into gmail and the problem is general enough to affect other websites.
-- robert w hall
On Sat, Jan 14, 2006 at 12:09:10AM -0500, Richard wrote: Hi there,
The gmail website is using Twarte Certificate Authority for https certificates. I did not configure the https DPI to recognize Twarte (I don't know if it is even possible). So each time I go to the gmail login page, dillo pops up the warning dialog box asking the user whether or not to proceed with an unrecognized certificate. [snip] There are too many dialog boxes that get poped up and some of them get dropped and are not shown to the user.
That makes sense. The right answer will probably involve keeping a cache of certificates which the user has clicked to trust, and then not popping up the dialog for the same certificate twice. The quick answer for gmail is to avoid the dialog box in the first place, by adding the issuer cert locally. Get the vsign3.pem file from, for example, an openssl distribution (It's small, and text, so I've pasted it below for convenience). Copy it to .dillo/certs (or /etc/ssl/certs, or wherever your ssl libraries look ("grep cert" in the output of "strace -f dillo" when accessing https may help)) under a convenient name, and then symlink a suitable hash name to it "openssl x509 -noout -hash -in vsign3.pem" gives me 7651b327, so I "ln -s vsign3.pem 7651b327.0" That should allow you to verify the www.google.com certificate, and also the mail.google.com one. It will still give one dialog, because the www.googleadservices.com certificate was issued by another company -- but that can be clicked away easily enough :-) With cookies suitably set, I can authenticate and read mail handily enough in the "basic view". There is a separate problem with signing out -- dillo finds a redirect loop which prevents it happening. Presumably setting cookies to "session" and killing the cookies dpi when dillo exits will brute-force through that issue, until a proper fix is decided upon. All the best, f -- Francis Daly francis@daoine.org Oh, the Verisign certificate: -----BEGIN CERTIFICATE----- MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k -----END CERTIFICATE-----
On Sun, Jan 15, 2006 at 03:23:24PM +0000, Francis Daly wrote:
Copy it to .dillo/certs (or /etc/ssl/certs, or wherever your ssl libraries look ("grep cert" in the output of "strace -f dillo" when accessing https may help)) under a convenient name, and then symlink a suitable hash name to it "openssl x509 -noout -hash -in vsign3.pem" gives me 7651b327, so I "ln -s vsign3.pem 7651b327.0"
That should allow you to verify the www.google.com certificate, and also the mail.google.com one. It will still give one dialog, because the www.googleadservices.com certificate was issued by another company -- but that can be clicked away easily enough :-)
That one is from Equifax, it doesn't appear to be in the current openssl distribution, but it is "Root 1" linked from http://www.geotrust.com/resources/root_certificates/index.asp I've pasted it below too -- the hash is 594f1775, so it should be accessible through the filename 594f1775.0 Less clicking for gmail. f -- Francis Daly francis@daoine.org -----BEGIN CERTIFICATE----- MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1 MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y 7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh 1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 -----END CERTIFICATE-----
participants (3)
-
Francis Daly -
Richard -
robert w hall