Debian Bug report logs - #695653
lynx-cur: on any https URL, I get "SSL error:self signed certificate"

version graph

Package: lynx-cur; Maintainer for lynx-cur is Atsuhito KOHDA <kohda@debian.org>; Source for lynx-cur is src:lynx-cur.

Reported by: Vincent Lefevre <vincent@vinc17.net>

Date: Tue, 11 Dec 2012 08:57:02 UTC

Severity: grave

Tags: fixed-upstream

Found in version lynx-cur/2.8.8dev.15-1

Fixed in version lynx-cur/2.8.8pre1-1

Done: Atsuhito Kohda <kohda@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#695653; Package lynx-cur. (Tue, 11 Dec 2012 08:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
New Bug report received and forwarded. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Tue, 11 Dec 2012 08:57:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Tue, 11 Dec 2012 09:55:38 +0100
Package: lynx-cur
Version: 2.8.8dev.15-1
Severity: grave
Justification: renders package unusable

On any https URL[*], I get te following error:

  SSL error:self signed certificate-Continue? (y) 

As accepting is regarded as a security problem (for most sites),
one can consider that lynx no longer works with https URL's (or
can tend to make users do insecure things), which is a major
problem nowadays.

[*] I've tried with:
  * https://gforge.inria.fr/
  * https://www.gandi.net/
  * https://www.vinc17.net/
  * https://ent.ens-lyon.fr/

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages lynx-cur depends on:
ii  libbsd0       0.4.2-1
ii  libbz2-1.0    1.0.6-4
ii  libc6         2.13-37
ii  libgcrypt11   1.5.0-3
ii  libgnutls26   2.12.20-2
ii  libidn11      1.25-2
ii  libncursesw5  5.9-10
ii  libtinfo5     5.9-10
ii  zlib1g        1:1.2.7.dfsg-13

Versions of packages lynx-cur recommends:
ii  mime-support  3.52-2

lynx-cur suggests no packages.

-- debconf information:
  lynx-cur/defaulturl: http://www.lip.ens-lyon.fr/
  lynx-cur/etc_lynx.cfg:



Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#695653; Package lynx-cur. (Tue, 11 Dec 2012 09:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Tue, 11 Dec 2012 09:39:06 GMT) Full text and rfc822 format available.

Message #10 received at 695653@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.net>, 695653@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Tue, 11 Dec 2012 04:37:02 -0500
[Message part 1 (text/plain, inline)]
On Tue, Dec 11, 2012 at 09:55:38AM +0100, Vincent Lefevre wrote:
> Package: lynx-cur
> Version: 2.8.8dev.15-1
> Severity: grave
> Justification: renders package unusable
> 
> On any https URL[*], I get te following error:
> 
>   SSL error:self signed certificate-Continue? (y) 
> 
> As accepting is regarded as a security problem (for most sites),
> one can consider that lynx no longer works with https URL's (or
> can tend to make users do insecure things), which is a major
> problem nowadays.
> 
> [*] I've tried with:
>   * https://gforge.inria.fr/
>   * https://www.gandi.net/
>   * https://www.vinc17.net/
>   * https://ent.ens-lyon.fr/

fwiw, lynx built according to the Debian options (with gnutls) works
fine on my Debian 6 machine (will investigate this evening to see
what's different in the current package or environment).

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#695653; Package lynx-cur. (Wed, 12 Dec 2012 10:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Wed, 12 Dec 2012 10:12:03 GMT) Full text and rfc822 format available.

Message #15 received at 695653@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 695653-submitter@bugs.debian.org
Cc: 695653@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Wed, 12 Dec 2012 05:08:21 -0500
[Message part 1 (text/plain, inline)]
On Tue, Dec 11, 2012 at 04:37:02AM -0500, Thomas Dickey wrote:
> On Tue, Dec 11, 2012 at 09:55:38AM +0100, Vincent Lefevre wrote:
> > Package: lynx-cur
> > Version: 2.8.8dev.15-1
> > Severity: grave
> > Justification: renders package unusable
> > 
> > On any https URL[*], I get te following error:
> > 
> >   SSL error:self signed certificate-Continue? (y) 
> > 
> > As accepting is regarded as a security problem (for most sites),
> > one can consider that lynx no longer works with https URL's (or
> > can tend to make users do insecure things), which is a major
> > problem nowadays.
> > 
> > [*] I've tried with:
> >   * https://gforge.inria.fr/
> >   * https://www.gandi.net/
> >   * https://www.vinc17.net/
> >   * https://ent.ens-lyon.fr/
> 
> fwiw, lynx built according to the Debian options (with gnutls) works
> fine on my Debian 6 machine (will investigate this evening to see
> what's different in the current package or environment).

I'm not able to reproduce the problem, either by recompiling, or by installing
this version on my Debian/testing system.  For each configuration, lynx
accepts the certificate and does not prompt.

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Message sent on to Vincent Lefevre <vincent@vinc17.net>:
Bug#695653. (Wed, 12 Dec 2012 10:12:05 GMT) Full text and rfc822 format available.

Information stored :
Bug#695653; Package lynx-cur. (Wed, 12 Dec 2012 11:06:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
Extra info received and filed, but not forwarded. (Wed, 12 Dec 2012 11:06:13 GMT) Full text and rfc822 format available.

Message #23 received at 695653-quiet@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: dickey@his.com, 695653-quiet@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Wed, 12 Dec 2012 12:03:39 +0100
On 2012-12-12 05:08:21 -0500, Thomas Dickey wrote:
> I'm not able to reproduce the problem, either by recompiling, or by
> installing this version on my Debian/testing system. For each
> configuration, lynx accepts the certificate and does not prompt.

The problem occurs when $LYNX_CFG is set, including to an empty
config file.

I can reproduce the problem on my two Debian/unstable machines, but
not on a Debian 6.0.6 machine, where my user config is the same.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#695653; Package lynx-cur. (Wed, 12 Dec 2012 11:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Wed, 12 Dec 2012 11:33:03 GMT) Full text and rfc822 format available.

Message #28 received at 695653@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: 695653@bugs.debian.org
Cc: 695653-submitter@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Wed, 12 Dec 2012 06:28:56 -0500
[Message part 1 (text/plain, inline)]
On Wed, Dec 12, 2012 at 05:08:21AM -0500, Thomas Dickey wrote:
> I'm not able to reproduce the problem, either by recompiling, or by installing
> this version on my Debian/testing system.  For each configuration, lynx
> accepts the certificate and does not prompt.

I tested first with LYNX_CFG unset, and then with it set to ''.

I put a script and detailed logs to demonstrate the latter in
	ftp://invisible-island.net/temp/db695693-logs.zip


-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Message sent on to Vincent Lefevre <vincent@vinc17.net>:
Bug#695653. (Wed, 12 Dec 2012 11:33:09 GMT) Full text and rfc822 format available.

Information stored :
Bug#695653; Package lynx-cur. (Wed, 12 Dec 2012 11:48:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
Extra info received and filed, but not forwarded. (Wed, 12 Dec 2012 11:48:08 GMT) Full text and rfc822 format available.

Message #36 received at 695653-quiet@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: dickey@his.com, 695653-quiet@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Wed, 12 Dec 2012 12:44:23 +0100
On 2012-12-12 06:28:56 -0500, Thomas Dickey wrote:
> On Wed, Dec 12, 2012 at 05:08:21AM -0500, Thomas Dickey wrote:
> > I'm not able to reproduce the problem, either by recompiling, or
> > by installing this version on my Debian/testing system. For each
> > configuration, lynx accepts the certificate and does not prompt.
> 
> I tested first with LYNX_CFG unset, and then with it set to ''.

LYNX_CFG contains a filename. Do not set it to '', but to /dev/null
for instance.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Information stored :
Bug#695653; Package lynx-cur. (Wed, 12 Dec 2012 11:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
Extra info received and filed, but not forwarded. (Wed, 12 Dec 2012 11:54:03 GMT) Full text and rfc822 format available.

Message #41 received at 695653-quiet@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: dickey@his.com, 695653-quiet@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Wed, 12 Dec 2012 12:51:32 +0100
On 2012-12-12 12:03:39 +0100, Vincent Lefevre wrote:
> The problem occurs when $LYNX_CFG is set, including to an empty
> config file.
> 
> I can reproduce the problem on my two Debian/unstable machines, but
> not on a Debian 6.0.6 machine, where my user config is the same.

Here's what I get with "-trace-mask=255 -trace":

[...]
Making HTTPS connection to gforge.inria.fr
TCP: Error 115 in `SOCKET_ERRNO' after call to this socket's first connect() failed.
        Operation now in progress
TCP: Error 115 in `SOCKET_ERRNO' after call to this socket's first select() failed.
        Operation now in progress
->:+VERS-TLS1.0:+VERS-SSL3.0
->:+AES-128-CBC:+3DES-CBC:+AES-256-CBC:+ARCFOUR-128
->:+COMP-DEFLATE:+COMP-NULL
->:+DHE-RSA:+RSA:+DHE-DSS
->:+SHA1:+MD5
set priorities NONE:+VERS-TLS1.0:+VERS-SSL3.0:+AES-128-CBC:+3DES-CBC:+AES-256-CBC:+ARCFOUR-128:+COMP-DEFLATE:+COMP-NULL:+DHE-RSA:+RSA:+DHE-DSS:+SHA1:+MD5
CHECK 0:
HTParse: aName:`https://gforge.inria.fr/'
   relatedName:`'
   want: host
HTParse:      result:`gforge.inria.fr'
...called gnutls_server_name_set(gforge.inria.fr) ->0
HTLoadHTTP: SSL error:self signed certificate-Continue?
[...]

On the Debian 6.0.6 machine:

[...]
Making HTTPS connection to gforge.inria.fr
TCP: Error 115 in `SOCKET_ERRNO' after call to this socket's first connect() failed.
        Operation now in progress
TCP: Error 115 in `SOCKET_ERRNO' after call to this socket's first select() failed.
        Operation now in progress
HTParse: aName:`https://gforge.inria.fr/'
   relatedName:`'
   want: host
HTParse:      result:`gforge.inria.fr'
Validating CNs in '/C=FR/O=INST NAT RECHERCHE INFORMATIQUE AUTOMA/CN=gforge.inria.fr'
Matching
        ssl_host  'gforge.inria.fr'
        cert_host 'gforge.inria.fr'
CSS.CS:<status> style 505 code 0x1f9, color 0x200800
CACHED: <status> @(59,0)
CSS:LYAttrset color 0x200800 -> (yellow/blue)
[59, 0] LYwaddnstr(Verified connection to gforge.inria.fr (cert=gforge.inria.fr), 61)
CSS.CS:</status> style 505 code 0x1f9, color 0x200800
CSS:LYAttrset color 0x1500 -> (lightgray/black)
Verified connection to gforge.inria.fr (cert=gforge.inria.fr)
CSS.CS:<status> style 505 code 0x1f9, color 0x200800
CACHED: <status> @(59,0)
CSS:LYAttrset color 0x200800 -> (yellow/blue)
[59, 0] LYwaddnstr(Certificate issued by: /C=NL/O=TERENA/CN=TERENA SSL CA, 54)
CSS.CS:</status> style 505 code 0x1f9, color 0x200800
CSS:LYAttrset color 0x1500 -> (lightgray/black)
Certificate issued by: /C=NL/O=TERENA/CN=TERENA SSL CA
[...]

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Information stored :
Bug#695653; Package lynx-cur. (Wed, 12 Dec 2012 12:06:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
Extra info received and filed, but not forwarded. (Wed, 12 Dec 2012 12:06:03 GMT) Full text and rfc822 format available.

Message #46 received at 695653-quiet@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: dickey@his.com, 695653-quiet@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Wed, 12 Dec 2012 13:03:43 +0100
On 2012-12-12 12:03:39 +0100, Vincent Lefevre wrote:
> The problem occurs when $LYNX_CFG is set, including to an empty
> config file.
> 
> I can reproduce the problem on my two Debian/unstable machines, but
> not on a Debian 6.0.6 machine, where my user config is the same.

I've reverted to lynx-cur 2.8.8dev.14-1 on Debian/unstable, and
the problem doesn't occur. After reinstalling 2.8.8dev.15-1, the
problem occurs again. The changelog is:

lynx-cur (2.8.8dev.15-1) unstable; urgency=low

  * New Upstream Release.
   - Fixed a security bug, CVE-2012-5821: improve checking of certificates
     in the gnutls_certificate_verify_peers2() by handling special case where
     self-signed certificates should be reported (patch by Jamie Strandboge).
     (Closes: #692443)
   - revise nsl-fork logic for passing addrinfo and hostent data back
     to eliminate fixed limit on the number of records to return
     (Closes: #691904)
   - corrected position of highlighting from search/whereis function when using
     multibyte characters.  (Closes: #673385)
  * Updated patches files in debian/patches.

 -- Atsuhito KOHDA <kohda@debian.org>  Wed, 21 Nov 2012 21:54:10 +0900

I suppose that the fix of CVE-2012-5821 is wrong.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Message sent on to Vincent Lefevre <vincent@vinc17.net>:
Bug#695653. (Wed, 12 Dec 2012 23:39:03 GMT) Full text and rfc822 format available.

Message #49 received at 695653-submitter@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Vincent Lefevre <vincent@vinc17.net>
Cc: 695653-submitter@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Wed, 12 Dec 2012 18:34:48 -0500
[Message part 1 (text/plain, inline)]
On Wed, Dec 12, 2012 at 12:44:23PM +0100, Vincent Lefevre wrote:
> On 2012-12-12 06:28:56 -0500, Thomas Dickey wrote:
> > On Wed, Dec 12, 2012 at 05:08:21AM -0500, Thomas Dickey wrote:
> > > I'm not able to reproduce the problem, either by recompiling, or
> > > by installing this version on my Debian/testing system. For each
> > > configuration, lynx accepts the certificate and does not prompt.
> > 
> > I tested first with LYNX_CFG unset, and then with it set to ''.
> 
> LYNX_CFG contains a filename. Do not set it to '', but to /dev/null
> for instance.

I can reproduce this, and see that the problem is arguably a
configuration error on your part.  The first interesting difference is
this line omitted from a trace of the malfunctioning session:

HTGetSSLHandle: certfile is set to /etc/ssl/certs/ca-certificates.crt by config SSL_CERT_FILE

What is happening is that gnutls is confused about the reason why the
certificate could not be traced to an authority - it only knows that
the attempt failed.  It sets the status which lynx reports here:

	    if (ret == 0 && tls_status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
		msg2 = gettext("self signed certificate");

Since there is no configuration information available to lynx,
there is no way for it to check any of the certificates.

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#695653; Package lynx-cur. (Thu, 13 Dec 2012 01:45:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Thu, 13 Dec 2012 01:45:05 GMT) Full text and rfc822 format available.

Message #54 received at 695653@bugs.debian.org (full text, mbox):

From: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
To: dickey@his.com, 695653@bugs.debian.org
Cc: 695653-submitter@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Thu, 13 Dec 2012 10:12:51 +0900 (JST)
Hi all,

I can't reproduce the problem with neither testing
(2.8.8dev.12-2) nor unstable (2.8.8dev.15-1).

Best regards,			2012-12-13(Thu)

-- 
 Debian Developer - much more I18N of Debian
 Atsuhito Kohda <kohda AT debian.org>
 Department of Math., Univ. of Tokushima



Message sent on to Vincent Lefevre <vincent@vinc17.net>:
Bug#695653. (Thu, 13 Dec 2012 01:45:07 GMT) Full text and rfc822 format available.

Message sent on to Vincent Lefevre <vincent@vinc17.net>:
Bug#695653. (Thu, 13 Dec 2012 01:45:09 GMT) Full text and rfc822 format available.

Message #60 received at 695653-submitter@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: Thomas Dickey <dickey@his.com>
Cc: 695653-submitter@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Thu, 13 Dec 2012 02:44:06 +0100
On 2012-12-12 18:34:48 -0500, Thomas Dickey wrote:
> I can reproduce this, and see that the problem is arguably a
> configuration error on your part.  The first interesting difference is
> this line omitted from a trace of the malfunctioning session:
> 
> HTGetSSLHandle: certfile is set to /etc/ssl/certs/ca-certificates.crt by config SSL_CERT_FILE
> 
> What is happening is that gnutls is confused about the reason why the
> certificate could not be traced to an authority - it only knows that
> the attempt failed.  It sets the status which lynx reports here:
> 
> 	    if (ret == 0 && tls_status & GNUTLS_CERT_SIGNER_NOT_FOUND) {
> 		msg2 = gettext("self signed certificate");
> 
> Since there is no configuration information available to lynx,
> there is no way for it to check any of the certificates.

The certificate is *not* self signed. There may be an error, but the
error message should be meaningful for the user and correct. Using a
"self signed certificate" is always an error from the web server,
thus not a config problem. This is not the case here.

http://www.gnu.org/software/gnutls/manual/gnutls.html says:

  GNUTLS_CERT_SIGNER_NOT_FOUND
    The certificate’s issuer is not known. This is the case if the
    issuer is not included in the trusted certificate list.

The error message could be:

  unknown certificate's issuer

or

  untrusted certificate

The second one may be better, because the lynx man page uses the word
"trusted" for SSL_CERT_DIR and SSL_CERT_FILE.

Note: When there is an error about a certificate's issuer with Firefox,
one can get some information that can be useful to know which CA
certificate is missing. Something similar should be done here.

BTW, do you mean that previous lynx versions never checked the
certificate chain? Because though my list of trusted certificates
was empty, I never got such an error from lynx. In such a case, a
security bug should be reported against the previous versions in
Debian...

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#695653; Package lynx-cur. (Thu, 13 Dec 2012 01:51:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to dickey@his.com:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Thu, 13 Dec 2012 01:51:08 GMT) Full text and rfc822 format available.

Message #65 received at 695653@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@his.com>
To: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
Cc: dickey@his.com, 695653@bugs.debian.org, 695653-submitter@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Wed, 12 Dec 2012 20:48:08 -0500
[Message part 1 (text/plain, inline)]
On Thu, Dec 13, 2012 at 10:12:51AM +0900, Atsuhito Kohda wrote:
> Hi all,
> 
> I can't reproduce the problem with neither testing
> (2.8.8dev.12-2) nor unstable (2.8.8dev.15-1).

I can - but even if we modified lynx so that the default path for the cert
file is compiled-in, there's still some ambiguity in the return-codes from
gnutls which could be viewed as the same issue.

-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]

Information stored :
Bug#695653; Package lynx-cur. (Thu, 13 Dec 2012 01:51:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
Extra info received and filed, but not forwarded. (Thu, 13 Dec 2012 01:51:09 GMT) Full text and rfc822 format available.

Message #70 received at 695653-quiet@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>, 695653-quiet@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Thu, 13 Dec 2012 02:48:39 +0100
Hi,

On 2012-12-13 10:12:51 +0900, Atsuhito Kohda wrote:
> I can't reproduce the problem with neither testing
> (2.8.8dev.12-2) nor unstable (2.8.8dev.15-1).

Try:

  SSL_CERT_FILE=/dev/null lynx https://gforge.inria.fr/

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Message sent on to Vincent Lefevre <vincent@vinc17.net>:
Bug#695653. (Thu, 13 Dec 2012 01:51:11 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#695653; Package lynx-cur. (Thu, 13 Dec 2012 03:33:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Thu, 13 Dec 2012 03:33:05 GMT) Full text and rfc822 format available.

Message #78 received at 695653@bugs.debian.org (full text, mbox):

From: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
To: vincent@vinc17.net
Cc: 695653@bugs.debian.org, dickey@his.com
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Thu, 13 Dec 2012 12:29:54 +0900 (JST)
Hi Vincent,

Please stop to mail only to 695653-quiet@bugs.debian.org
but mail to 695653@bugs.debian.org
I seldom visit web site "http://www.debian.org/Bugs/".

I've failed to get your most reports.  Thanks.

Best regards,  	   	     	      2012-12-13(Thu)

-- 
 Debian Developer - much more I18N of Debian
 Atsuhito Kohda <kohda AT debian.org>
 Department of Math., Univ. of Tokushima



Information stored :
Bug#695653; Package lynx-cur. (Thu, 13 Dec 2012 03:45:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>:
Extra info received and filed, but not forwarded. (Thu, 13 Dec 2012 03:45:04 GMT) Full text and rfc822 format available.

Message #83 received at 695653-quiet@bugs.debian.org (full text, mbox):

From: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
To: vincent@vinc17.net
Cc: 695653-quiet@bugs.debian.org, kohda@pm.tokushima-u.ac.jp
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Thu, 13 Dec 2012 12:15:55 +0900 (JST)
Hi Vincent,

On Thu, 13 Dec 2012 02:48:39 +0100, Vincent Lefevre wrote:

> Try:
> 
>   SSL_CERT_FILE=/dev/null lynx https://gforge.inria.fr/

But this is apparently wrong usage.  What is your main point?


Best regards,			2012-12-13(Thu)

-- 
 Debian Developer - much more I18N of Debian
 Atsuhito Kohda <kohda AT debian.org>
 Department of Math., Univ. of Tokushima



Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#695653; Package lynx-cur. (Thu, 13 Dec 2012 09:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Thu, 13 Dec 2012 09:27:03 GMT) Full text and rfc822 format available.

Message #88 received at 695653@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
Cc: 695653@bugs.debian.org
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Thu, 13 Dec 2012 10:23:33 +0100
On 2012-12-13 12:15:55 +0900, Atsuhito Kohda wrote:
> >   SSL_CERT_FILE=/dev/null lynx https://gforge.inria.fr/
> 
> But this is apparently wrong usage.  What is your main point?

No, this is not forbidden, just like not using the global config file
(which happened by mistake after the location of the global config file
has changed from /etc/lynx.cfg to /etc/lynx-cur/lynx.cfg in the past).

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)



Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#695653; Package lynx-cur. (Thu, 13 Dec 2012 21:24:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Thu, 13 Dec 2012 21:24:06 GMT) Full text and rfc822 format available.

Message #93 received at 695653@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>, 695653@bugs.debian.org
Cc: vincent@vinc17.net, dickey@his.com
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Thu, 13 Dec 2012 21:18:31 +0000
On Thu, 2012-12-13 at 12:29 +0900, Atsuhito Kohda wrote:
> Please stop to mail only to 695653-quiet@bugs.debian.org
> but mail to 695653@bugs.debian.org

The BTS automatically sets the Reply-To: for a mail to NNNN-submitter to
use NNNN-quiet.

Regards,

Adam




Information forwarded to debian-bugs-dist@lists.debian.org, Atsuhito KOHDA <kohda@debian.org>:
Bug#695653; Package lynx-cur. (Fri, 14 Dec 2012 07:30:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>:
Extra info received and forwarded to list. Copy sent to Atsuhito KOHDA <kohda@debian.org>. (Fri, 14 Dec 2012 07:30:05 GMT) Full text and rfc822 format available.

Message #98 received at 695653@bugs.debian.org (full text, mbox):

From: Atsuhito Kohda <kohda@pm.tokushima-u.ac.jp>
To: adam@adam-barratt.org.uk, 695653@bugs.debian.org
Cc: vincent@vinc17.net, dickey@his.com
Subject: Re: Bug#695653: lynx-cur: on any https URL, I get "SSL error:self signed certificate"
Date: Fri, 14 Dec 2012 16:22:43 +0900 (JST)
Hi Adam,

On Thu, 13 Dec 2012 21:18:31 +0000, "Adam D. Barratt" wrote:

> On Thu, 2012-12-13 at 12:29 +0900, Atsuhito Kohda wrote:
>> Please stop to mail only to 695653-quiet@bugs.debian.org
>> but mail to 695653@bugs.debian.org
> 
> The BTS automatically sets the Reply-To: for a mail to NNNN-submitter to
> use NNNN-quiet.

Thanks for your explanation.  
My intention is not to criticize anybody but only to
request to set an appropriate address so that mails
reach me (the maintainer).
Thanks again.  

Best regards,			2012-12-14(Fri)

-- 
 Debian Developer - much more I18N of Debian
 Atsuhito Kohda <kohda AT debian.org>
 Department of Math., Univ. of Tokushima



Added tag(s) fixed-upstream. Request was from Thomas Dickey <dickey@his.com> to control@bugs.debian.org. (Fri, 29 Nov 2013 01:51:09 GMT) Full text and rfc822 format available.

Reply sent to Atsuhito Kohda <kohda@debian.org>:
You have taken responsibility. (Tue, 03 Dec 2013 04:36:37 GMT) Full text and rfc822 format available.

Notification sent to Vincent Lefevre <vincent@vinc17.net>:
Bug acknowledged by developer. (Tue, 03 Dec 2013 04:36:37 GMT) Full text and rfc822 format available.

Message #105 received at 695653-close@bugs.debian.org (full text, mbox):

From: Atsuhito Kohda <kohda@debian.org>
To: 695653-close@bugs.debian.org
Subject: Bug#695653: fixed in lynx-cur 2.8.8pre1-1
Date: Tue, 03 Dec 2013 04:33:54 +0000
Source: lynx-cur
Source-Version: 2.8.8pre1-1

We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 695653@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Atsuhito Kohda <kohda@debian.org> (supplier of updated lynx-cur package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 02 Dec 2013 15:45:55 +0900
Source: lynx-cur
Binary: lynx-cur lynx-cur-wrapper lynx
Architecture: source all amd64
Version: 2.8.8pre1-1
Distribution: unstable
Urgency: low
Maintainer: Atsuhito KOHDA <kohda@debian.org>
Changed-By: Atsuhito Kohda <kohda@debian.org>
Description: 
 lynx       - Text-mode WWW Browser (transitional package)
 lynx-cur   - Text-mode WWW Browser with NLS support (development version)
 lynx-cur-wrapper - Wrapper for lynx-cur (transitional package)
Closes: 254603 295273 334787 350853 398274 398304 404893 546264 584080 695653 720541 724812 729864
Changes: 
 lynx-cur (2.8.8pre1-1) unstable; urgency=low
 .
   * New upstream release
    - add clarification in manpage regarding -force_html option versus -dump
      or -crawl.  (Closes: #254603, #295273)
    - simplify file-URLs shown in reference list of -dump.  (Closes: #334787)
    - improve manpage descriptions of -reload, -get_data and -post_data.
      (Closes: #350853)
    - modify the INFO page  (Closes: #398274)
    - extend the "Bad HTML" warning feature to -dump option when the -stderr
      option is also set (Closes: #398304)
    - modify configuration of COLOR_STYLE value in lynx.cfg, allowing multiple
      filenames to be specified and providing those as choices in the O'ptions
      menu (Closes: #404893)
    - correct search logic to match links which are wrapped on the right margin.
      (Closes: #546264)
    - add -list_inline option, which modifies -dump output to put links inline
      with the text.  (Closes: #584080)
    - improve warning message for GNUTLS_CERT_SIGNER_NOT_FOUND (Closes: #695653)
    - minor change to Content-Length logic to work with Amazon's cookies
      (Closes: #720541)
    - ignore non-fatal return codes from gnutls_handshake  (Closes: #724812)
   * Applied a patch to use dh_autotools-dev to update config.{sub,guess}
     for new ports.  Thanks to Matthias Klose <doko AT debian DOT org>
     (Closes: #729864)
Checksums-Sha1: 
 85755ea1a9afcdfb61c983be70fe815b7ee44cc6 1291 lynx-cur_2.8.8pre1-1.dsc
 51b1c4bd22d721e39d3b525ae1c0de2d275a95fa 3563261 lynx-cur_2.8.8pre1.orig.tar.gz
 7c4c2b9998b60276161b33f7850ab9430aa1c32d 32816 lynx-cur_2.8.8pre1-1.diff.gz
 e56a30136ec39c51ac92503e0209322a2574b8d3 228910 lynx-cur-wrapper_2.8.8pre1-1_all.deb
 0ebd6404694a7f48d24311be44b174c6629154e0 229278 lynx_2.8.8pre1-1_all.deb
 15eb966a2886cf9e521fe11c10235189fdeff97f 1600442 lynx-cur_2.8.8pre1-1_amd64.deb
Checksums-Sha256: 
 70ddd5243b0e140184540ffaf16e6063852c655d3c1ca71bdc3ad20cc33a7b88 1291 lynx-cur_2.8.8pre1-1.dsc
 81e49cec92fd3d3b726155c93538ee7b5eca04db5a48835716ac78c723625e3b 3563261 lynx-cur_2.8.8pre1.orig.tar.gz
 8dfd986c3569866c9fd79e3f2e7786273d7825c337adc571c50011d480915b45 32816 lynx-cur_2.8.8pre1-1.diff.gz
 17406e5d134b55192f87e24c7ca9016d1065051e6da04d0d2d91fc12372947c2 228910 lynx-cur-wrapper_2.8.8pre1-1_all.deb
 fca1a17518123a1cdc711d553df09e545ff53d37c2b817ad8224abadebc137bb 229278 lynx_2.8.8pre1-1_all.deb
 af4a4fdc5bdbf024a32c1e85303d54470f3edcd1514e4f863b2197779c02179c 1600442 lynx-cur_2.8.8pre1-1_amd64.deb
Files: 
 dcdaefcade63f9017a6ebb228d139bf8 1291 web extra lynx-cur_2.8.8pre1-1.dsc
 7f5ed21fb95c48235b06abf3e7ed7668 3563261 web extra lynx-cur_2.8.8pre1.orig.tar.gz
 b13c186dab265409e5843083ce611b5d 32816 web extra lynx-cur_2.8.8pre1-1.diff.gz
 97307e4fb693a2db6e9982d49e63e346 228910 oldlibs extra lynx-cur-wrapper_2.8.8pre1-1_all.deb
 d39f581483dfdd17f6541d522b6af79a 229278 oldlibs extra lynx_2.8.8pre1-1_all.deb
 283889b66061ea77b9714a9abfe87028 1600442 web extra lynx-cur_2.8.8pre1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iEYEARECAAYFAlKdW9oACgkQ1IXdL1v6kOy/8QCfRVF5A5dwN0MBHsNAMwKZhLwY
HRgAn1Z8YFwDCrPcKQhZuTLqfc8/3EzW
=H90l
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 10 Jan 2014 07:31:48 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 13:38:35 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.