Hi, Here's the https-relevant part of a private email: ---------- Forwarded message ---------- Date: Wed, 7 Jul 2004 10:25:24 -0400 (CLT) From: Jorge Arellano Cid <jcid@dillo.org> To: Brett Wynkoop <wynkoop@wynn.com> Subject: Re: dillo 0.8.2rc2 On Wed, 7 Jul 2004, Brett Wynkoop wrote:
[...] I was surprised that there is no SSL support. I remember a recent release used wget for ssl. Is there any way to re-enable that on the current release?
The problem is that our former plugin didn't do certificate authentication (among other things commented in the code). As the Dillo project takes security seriously, it was withdrawn from the newer releases... In other words, the https dpi allowed the user to see https URLs, but there was no security backing it. I know that some big browsers had the same bug for years, before it was made public. This allowed for instance, man-in-the-middle attacks by faking the destination site. Https is a very complex matter, and I'd rather prefer not to assert ours will be flawless. The least we can do is not to release one we know is broken. I hope we can make a good https dpi soon. If you want to use it anyway, assuming the risks, just get the https.c from 0.8.0 and drop it into the new tree. You will not even be able to post or send forms, but it'll allow to read some https forums. Atentamente Jorge.-
In article <Pine.LNX.4.60.0407071025390.2969@infinity.cl>, Jorge Arellano Cid <jcid@dillo.org> writes
Https is a very complex matter, and I'd rather prefer not to assert ours will be flawless. The least we can do is not to release one we know is broken. I hope we can make a good https dpi soon.
Any more news here? Things seemed to be going rather well a month back :-) -- robert w hall
Any more news here? Things seemed to be going rather well a month back :-)
I sent in a patch a month or so ago, but I don't know if there is much more to be done at this stage. Things seem to work well, and most error conditions notify the user specifically. Those that don't give a generic error message (very unlikely cases). I'm not sure where to go from here. The dpi infrastructure makes it hard to do some things, but I guess it might be possible to convert the plugin to a process. Other than that, I don't know if there is much more that needs to be done. - Garrett
On Sat, Sep 11, 2004 at 02:09:13PM -0400, Garrett Kajmowicz wrote:
I sent in a patch a month or so ago, but I don't know if there is much more to be done at this stage. Things seem to work well, and most error conditions notify the user specifically. Those that don't give a generic error message (very unlikely cases).
I'm not sure where to go from here. The dpi infrastructure makes it hard to do some things, but I guess it might be possible to convert the plugin to a process. Other than that, I don't know if there is much more that needs to be done.
i've just started to get into this myself, and i've come to the point where i've realized that i'm not every going to send any money to any "proper" CA, so i've generated a CA Root Cert of my own. how so i import this into the dillo cert chain? i've not looked at this at all and should probably get the latest dillo before saying anything else [0] at this point. :) -brian [0] or anything at all for that matter? ;) -- "The cats tend to administer themselves, and contrary to the expected facts, the house and everything in it was installed for their benefit." -- Nic Clews
On September 12, 2004 12:05 am, Brian Hechinger wrote:
i've just started to get into this myself, and i've come to the point where i've realized that i'm not every going to send any money to any "proper" CA, so i've generated a CA Root Cert of my own. how so i import this into the dillo cert chain? i've not looked at this at all and should probably get the latest dillo before saying anything else [0] at this point. :)
-brian
[0] or anything at all for that matter? ;)
Simple - just toss it into either /etc/ssl/certs/ or ~/.dillo/certs/ OpenSSL will pick up the certificate from there. - Garrett
In article <200409111409.13477.gkajmowi@tbaytel.net>, Garrett Kajmowicz <gkajmowi@tbaytel.net> writes
Any more news here? Things seemed to be going rather well a month back :-)
I sent in a patch a month or so ago, but I don't know if there is much more to be done at this stage. Things seem to work well, and most error conditions notify the user specifically. Those that don't give a generic error message (very unlikely cases).
I'm not sure where to go from here. The dpi infrastructure makes it hard to do some things, but I guess it might be possible to convert the plugin to a process. Other than that, I don't know if there is much more that needs to be done.
- Garrett
Thanks - I hadn't tried it for a bit and was pleasantly surprised to find that the functionality is now sufficient (provided you ignore the certification messages) to post to the playstation2-linux group. But I didn't manage to get into my amazon account - I think I've managed that with previous dillo-ssl's. Is there a work around? This was with the x86 version. Will now try out a ps2-compilation. When 0.8.3 is finalised it's probably time for a new ps2-rpm version - the last was 0.7.2 or so... (rpm - ugh! any offers? I'm a slackware .tgz man myself) Bob
_______________________________________________ Dillo-dev mailing list Dillo-dev@lists.auriga.wearlab.de http://lists.auriga.wearlab.de/cgi-bin/mailman/listinfo/dillo-dev
-- robert w hall
Thanks - I hadn't tried it for a bit and was pleasantly surprised to find that the functionality is now sufficient (provided you ignore the certification messages) to post to the playstation2-linux group.
But I didn't manage to get into my amazon account - I think I've managed that with previous dillo-ssl's. Is there a work around? This was with the x86 version. Will now try out a ps2-compilation.
The biggest problem I have run into is Dillo itself caching the pages. Pages sent over SSL frequently will have the same URL but different content. If you disable caching (not sure how) you will notice significant improvements in functionality. - Garrett
participants (4)
-
Brian Hechinger -
Garrett Kajmowicz -
Jorge Arellano Cid -
robert w hall