On Thu, Mar 06, 2014 at 07:04:40PM +0100, Vincent Lefevre wrote: > Package: lynx-cur > Version: 2.8.8pre5-1 > Severity: important > > On some major web sites, such as www.ens-lyon.fr and www.loria.fr, > with all the certificates provided by ca-certificates installed, > I get the following error for "lynx https://www.ens-lyon.fr/": > > SSL error:the certificate has no known issuer-Continue? (y) > > Other commands such as > > wget https://www.ens-lyon.fr/ > curl https://www.ens-lyon.fr/ > > do not return any error. A strace shows that wget uses > "/etc/ssl/certs/ca-certificates.crt" like lynx, but curl > uses "/etc/ssl/certs/157753a5.0". And > > openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect > www.ens-lyon.fr:443
hmm - but Debian's package for lynx doesn't use openssl (it uses gnutls). It's possible that they differ, and that the area for improvement would be to document the quirks due to gnutls. > Perhaps the difference between lynx and wget is that the lynx-cur > package depends on libgnutls26 while wget depends on libgnutls28. > Even if the cause is libgnutls26, the real bug is in the lynx-cur > package, since it depends on a old library. Then that's an issue for the packager (offhand, I'm not aware of impediments to upgrading that component). -- Thomas E. Dickey <dic...@invisible-island.net> http://invisible-island.net ftp://invisible-island.net
signature.asc
Description: Digital signature
