[pkg-lynx-maint] [Lynx-dev] ANN: lynx2.8.9dev.7

Thomas Dickey dickey at his.com
Sun Dec 20 23:25:01 UTC 2015


On Mon, Dec 21, 2015 at 12:18:35AM +0100, Axel Beckert wrote:
> Hi Thomas,
> 
> On Sat, Dec 19, 2015 at 01:57:19AM +0000, Thomas Dickey wrote:
> > * set SSL_MODE_AUTO_RETRY in OpenSSL configuration, completing work needed for
> >   Debian #707059 -TD
> > * adopt some of the patches from Debian lynx package:
> >   + add support for client certificates (patch by Simon Kainz, Debian #797901).
> > * fix for gnutls logic to support rehandshake on negotiation for optional
> >   client certificate, e.g., for https://contributors.debian.org (patch by
> >   Simon Kainz, Debian #797059).
> > * use gnutls_set_default_priority() to simplify algorithm priorities in the
> >   gnutls configuration as well as track occassional changes in that library
> >   (patch by Andreas Metzler, Debian #789189, Debian #784430).
> 
> I'm not sure which of the SSL-related changes above actually caused
> this, but there seems a regression between lynx2.8.9dev.6 plus all the
> original Debian patches above and lynx lynx2.8.9dev.7 with all Debian
> patches removed which have been applied (and partially modified)
> upstream -- both compiled against GnuTLS as before in Debian:
> 
> If I surf any HTTPS site by giving its URL as parameter on the
> commandline, it works fine. But if I press enter on any link which
> doesn't change to another server, I get this error message:
> 
> SSL error:The certificate is NOT trusted. The certificate issuer is unknown. -Continue? (n) 

thanks - I'll investigate that difference.
 
> I also verified that this message comes immediately if I connect to a
> site with a self-signed SSL certificate. That still works.
> 
> It happened at least with "lynx https://www.phys.ethz.ch/" and then
> selecting "Sitemap" and with "lynx https://duckduckgo.com/lite/" and
> then searching for anything.
> 
> I planned to upload lynx2.8.9dev.7 tonight to Debian Unstable, but I
> don't think it makes sense to do so with this regression. The current
> state of the packaging in Debian can be seen in the master branch of
> https://anonscm.debian.org/cgit/pkg-lynx/lynx-cur.git
> 
> P.S.: You seem to have signed Lynx releases with the GPG key
> 5DDF8FB7688E31A6 in the past, but this release is signed with
> 702353E0F7E48EDB. While 5DDF8FB7688E31A6 has a signature from
> 702353E0F7E48EDB, 702353E0F7E48EDB hasn't been signed (publically
> known) by 5DDF8FB7688E31A6. It would be nice if the current key used
> to sign releases is also signed by the key previously used for that.

I'll see how to do this (I haven't lost any keys, but hadn't thought
to connect these).

-- 
Thomas E. Dickey <dickey at invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-lynx-maint/attachments/20151220/08b4f626/attachment.sig>


More information about the pkg-lynx-maint mailing list