[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7526
  • Last Modified:

Lynx browser and SSL Cert acceptance

Using Lynx 2.8.5 to interact with a variety of local machines, I am constantly prompted to accept various self-signed SSL certs. I noticed the option in the configuration to automatically accept the certs, but when I use that, the prompt to accept the cert still appears, and sits there for a second or two before it continues. This actually takes longer than it does to say yes manually. Is there a way to change this behavior?
(Note, I'm not looking for a root cert bundle.)

0
billmercer
Asked:
billmercer
  • 3
  • 2
1 Solution
 
MKraussCommented:
If you're using self made ssl certs then you could import the CA public key into your browser (also known
as TrusedRoot Certification Authority), once you did that you get not prompet for cerst from this CA.

With Lynx you can do that in a simular way but you should be able to turn off prompting for unknown certs anyway.
Have you cheked eg: http://lynx.isc.org/current/README.sslcerts ?
0
 
billmercerAuthor Commented:
I have read that document. In this case, importing a bunch of arbitrary self-signed CAs is not what I want. What I would like is to be able to have Lynx just accept these arbitrary certificates without any prompt at all, similar to the -k option in curl. The FORCE_SSL_PROMPT option does  automatically say YES to any prompts to trust a certificate, but it doesn't do it silently. It first displays the prompt as usual, then waitis a couple of seconds, then answers yes for you. It's actually faster to hit return yourself than it is to allow the automatic accept to happen.
That short delay while the prompt is displayed is what I would like to do away with.
0
 
s_oneilCommented:
There is a setting within Lynx's options to force a yes answer to ssl certs.  Hit O to enter Options, then look for "Security and Privacy".  Setting "SSL Prompting" to "force yes-response" should do what you're looking for.

By default, lynx won't save this setting - To do so requires system-wide changes:
Find your lynx.cfg - usually /usr/lib/lynx.cfg or /etc/lynx.cfg (failing that, enter Lynx's options, and you'll spot a link at the very bottom to your lynx.cfg)

Within that file, search for a line reading:
#ENABLE_LYNXRC:force_ssl_prompt:OFF

and replace it with:
ENABLE_LYNXRC:force_ssl_prompt:ON

lynx will now allow you to save that option.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
s_oneilCommented:
A great start here, I managed to entirely miss your comment, so my previous answer is useless.

I can't find anything in lynx's source that accounts for this behaviour - it doesn't appear to be intentional, so I doubt there's a setting to work around it.  I can't for the life of me, however, figure out why it's behaving any differently from the cookie_noprompt option, as they both use the same routine (HTForcedPrompt)
0
 
billmercerAuthor Commented:
I installed Lynx from a Mandrake RPM. Is it possible this is some fluke of my installation?

0
 
s_oneilCommented:
I see a noticable delay (certainly more noticable than the cookie prompt), but half a second at the most, not two - from Debian packages and source-built
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now