lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] ANN: lynx2.9.0dev.7

From: Stef Caunter
Subject: Re: [Lynx-dev] ANN: lynx2.9.0dev.7
Date: Tue, 27 Jul 2021 11:16:59 -0400 
On Tue, Jul 27, 2021 at 10:52 AM Nelson H. F. Beebe <beebe@math.utah.edu> wrote:
>
> Today, I successfully rebuilt and installed lynx2.9.0dev.7 with the
> --with-ssl option on 23 platforms; the only build failures were on old
> CentOS 5 systems that lack needed support libraries.
>
> I did not remember to use the --with-ssl option on my first round of
> automated builds, so I had to redo them with that option.
>
> Given that the Web world is rapidly moving to https:, rather than
> http:, connections by default, with major GUI browsers forcing that
> move, would it not make good sense for the next release of lynx to
> make --with-ssl the default, and allow --without-ssl as an option to
> suppress https support?

systems rely on trusted provider certificate bundles, and deciding to
use them (with lynx) should be a conscious one on the part of the user
(in my opinion)...

a server user installs a certificate, so a server system compiled with
ssl still won't work without that, and clients won't trust it without
that

a client user has to trust certificate providers somehow, so a client
system compiled with ssl by default, has just assumed it has a list of
trustworthy certificate providers, or possibly has no list of
providers, and just ignores providers and accepts all server
certificates...

lynx has never made this assumption for users in my recollection

when you compile --with-ssl your system is checked for certs in
default or specified locations to trust, which seems enough of a
default to me

--

---

Stefan Caunter
Hamilton
phone: 6474599475
reply via email to
[Prev in Thread] Current Thread [Next in Thread]