Where are we at and where are we going with the issue of https, ssl and certificates? I usually run with https enabled and find it is a VERY useful adjunct to the main program - it has quirky behaviour on sites such as playstation2-linux (where the answer is to log in via ssl then leave ssl), but at least it enables posting there. Other sites now accessible include amazon.co.uk and groups.yahoo.com - a significant gain. But the situation over certificates appears confusing: - as I (cursorily) read the code, it uses standard SSL functions to parse entries in the .dillo/certs directory. I have a block of certificates stolen from another browser but they don't seem to change the need to force by the 'remote certificate cannot be verified20' messages. (Are these imported certs in a non-standard format perhaps?) And the code also appears to have a function to store accepted certificates, but I've never been aware of this happening. The code is reaching a level of maturity and acceptance where these remaining blemishes are puzzling 'us users'. Bob -- robert w hall
In article <nNw1CoADb66BFwrn@n-cantrell.demon.co.uk>, robert w hall <bobh@n-cantrell.demon.co.uk> writes
But the situation over certificates appears confusing: - as I (cursorily) read the code, it uses standard SSL functions to parse entries in the .dillo/certs directory.
OK, Garrett has been trying to help me understand root certificates. The problem I now appear to have is that openssl-0.9.6 had a fairly comprehensive block of certs but they're all out of date. Latest openssl (0.9.7) is more up-to-date but rather restricted (eg no RSA etc). Did anyone find a decent set of root certs hiding anywhere or find a workaround via their own self-signing route?? Bob -- robert w hall
participants (1)
-
robert w hall