Ubuntu
lynx-cur package

Lynx does not support Server Name Indication

Bug #1066424 reported by Pierre Rudloff
This bug report is a duplicate of:  Bug #732177: No SNI support in Lynx. Edit Remove
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lynx
Unknown
Unknown
lynx-cur (Ubuntu)
New
Undecided
Unassigned

Bug Description

When browsing to a site that uses Server Name Indication (http://en.wikipedia.org/wiki/Server_Name_Indication), Lynx receives the wrong certificate.

Here is an example:
pierre@pierre-MacBook:~$ lynx https://rudloff.pro

Looking up rudloff.pro
Making HTTPS connection to rudloff.pro
UNVERIFIED connection to rudloff.pro (cert=CN<www2.strasweb.fr>)
Certificate issued by: /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
Secure 128-bit TLS1.0 (DHE_RSA_AES_128_CBC_SHA1) HTTP connection
Sending HTTP request.
HTTP request sent; waiting for response.
Alert!: Unexpected network read error; connection aborted.
Can't Access `https://rudloff.pro/'
Alert!: Unable to access document.

lynx: Can't access startfile

Here is the same example with curl:
pierre@pierre-MacBook:~$ curl -vvv -I https://rudloff.pro
* About to connect() to rudloff.pro port 443 (#0)
* Trying 195.132.195.143... connected
* successfully set certificate verify locations:
* CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: description=pZ7mRJriYb7YHtFn; C=FR; CN=blog.rudloff.pro; <email address hidden>
* start date: 2012-05-13 08:19:20 GMT
* expire date: 2013-05-14 10:06:31 GMT
* subjectAltName: rudloff.pro matched
* issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA
* SSL certificate verify ok.
> HEAD / HTTP/1.1
> User-Agent: curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: rudloff.pro
> Accept: */*
>

As you can see, curl sends the SNI and receives the right certificate.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lynx 2.8.8dev.9-2
ProcVersionSignature: Ubuntu 3.2.0-32.51-generic-pae 3.2.30
Uname: Linux 3.2.0-32-generic-pae i686
ApportVersion: 2.0.1-0ubuntu13
Architecture: i386
Date: Sun Oct 14 03:02:59 2012
PackageArchitecture: all
ProcEnviron:
 LANGUAGE=fr_FR:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=fr_FR.UTF-8
 SHELL=/bin/bash
SourcePackage: lynx-cur
UpgradeStatus: Upgraded to precise on 2012-04-27 (170 days ago)

Revision history for this message
Pierre Rudloff (rudloff) wrote :
Revision history for this message
Thomas Dickey (dickey-his) wrote :

See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668208

Revision history for this message
Thomas Dickey (dickey-his) wrote :

Also https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/732177
(this report is a duplicate either way)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.