[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: debugging https access under emacs/w3



Hi Peter,

the following value of ssl-program-arguments works for me:

("s_client" "-quiet" "-connect"
 (format "%s:%s" host port)
 "-verify"
 (int-to-string ssl-certificate-verification-policy)
 "-CApath" "~/.certs")

I can access for example:
https://mail.ethz.ch
https://gmail.com
https://www.web.de

However, the link you posted in your initial mail does still not
work. I suspect a problem with the url package.

By the way, my openssl version is:
OpenSSL 0.9.8a 11 Oct 2005

Thanks for posting information about the fix.

Lukas

Peter Rayner writes ("debugging https access under emacs/w3"):
> Replying to my own mail ...
> 
> I mentioned  a while ago I was having trouble with https  pages.
> Getting back to this the problem seems to be a change in the format
> for the arguments of the s_client command of openssl.  
> For my version
> OpenSSL 0.9.7a Feb 19 2003
> the synopsis line for the manual reads 
>        openssl s_client [-connect host:port>] [-verify depth] [-cert file-
> ....
> rather than the -host hostname -port port form I have seen in older
> versions.  this needs a change in the ssl-program-arguments variable.
> Mine is now set to
> ssl-program-arguments's value is 
> ("s_client" "-quiet" "-connect" host ":" service "-verify"
>  (int-to-string ssl-certificate-verification-policy)
>  "-CApath ~/.certs")
> This also doesn't work directly since it makes spaces around the colon
> which openssl doesn't like.  So I hacked the  quietssl script to
> remove the space. 
> ----------------------------------------------------------------------
> #!/bin/sh
> #redirect stderr so emacs doesn't barf on opensll
> newargs=`echo "$@" |sed 's/ : /:/'`
> exec 2>/dev/null
> exec openssl $newargs
> U70-
> Clearly a better way to do this is within the variable definition
> #itself, something like
> 
> ("s_client" "-quiet" "-connect" (format "%s:%d" host service) "-verify"
>  (int-to-string ssl-certificate-verification-policy)
>  "-CApath ~/.certs")
> but for some reason this doesn't work, almost certainly a trivial
>  elisp misunderstanding on my part (would someone care to enlighten me).
> I hope this is useful for anyone else with the same problem.
> cheers
> Peter
>  
>  
> 
> -- 
> Peter Rayner: LSCE/IPSL, Laboratoire CEA-CNRS-UVSQ
> address: Bat. 701 LSCE - CEA de Saclay
> Orme des Merisiers, 91191 Gif/Yvette
> work: +33  (1) 69 08 88 11;	mobile: +33 (6) 75 46 56 52;	 fax: +33 (1) 69 08 77 16
> mail-to: peter.rayner@cea.fr
> 
> -- 
> Peter Rayner: LSCE/IPSL, Laboratoire CEA-CNRS-UVSQ
> address: Bat. 701 LSCE - CEA de Saclay
> Orme des Merisiers, 91191 Gif/Yvette
> work: +33  (1) 69 08 88 11;	mobile: +33 (6) 75 46 56 52;	 fax: +33 (1) 69 08 77 16
> mail-to: peter.rayner@cea.fr

-----------------------------------------------------------------------------
To unsubscribe from the emacspeak list or change your address on the
emacspeak list send mail to "emacspeak-request@cs.vassar.edu" with a
subject of "unsubscribe" or "help"


Emacspeak Files | Subscribe | Unsubscribe | Search