Elinks: SSL Error

Asked 29/12, 2014 at 23:38 Answered 18/10, 2016 at 17:20

My problem is simple, only look the screenshot:

Elinks Issue

**For tired eyes:

-bash-4.1$ cat /etc/*release
LSB_VERSION=base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
Red Hat Enterprise Linux Server release 6.6 (Santiago)
Red Hat Enterprise Linux Server release 6.6 (Santiago)
-bash-4.1$
-bash-4.1$
-bash-4.1$ elinks -version
ELinks 0.12pre5
Built on Jan  4 2013 07:04:04

Features:
Standard, IPv6, gzip, bzip2, UTF-8, Periodic Saving, Viewer (Search
History, Timer, Marks), Cascading Style Sheets, Protocol
(Authentication, BitTorrent, File, FTP, HTTP, URI rewrite, User
protocols), SSL (OpenSSL), MIME (Option system, Mailcap, Mimetypes
files), LED indicators, Bookmarks, Cookies, Form History, Global
History, Goto URL History
-bash-4.1$
-bash-4.1$
-bash-4.1$ elinks -dump -eval 'set connection.ssl.cert_verify = 1' https://10.113.1.104:443/sgc/registro2.asp
ELinks: SSL error
-bash-4.1$
-bash-4.1$
-bash-4.1$ elinks -dump -eval 'set connection.ssl.cert_verify = 0' https://10.113.1.104:443/sgc/registro2.asp
ELinks: SSL error
-bash-4.1$

I don't understand why elinks still shows the error SSL. Any idea?

Buttonwood answered 29/12, 2014 at 23:38 Comment(2)

Tired eyes cannot see the screenshot. And the site and search engines cannot index the relevant text. Please add the text to the question (its OK to keep the picture, but we need the text). – Luben 30/12, 2014 at 0:14

@Luben done, look now. – Blackett 30/12, 2014 at 19:18

You may configure elinks to ignore SSL verification: edit elinks.conf and change the connection.ssl.cert_verify setting to 0, then restart elinks.


set connection.ssl.cert_verify = 0

Wenger answered 18/10, 2016 at 17:20 Comment(3)

i know it should probably be obvious, but the location of that file would be helpful to us noobs – Fissile 12/4, 2017 at 21:12

jrich, the location is usually /etc/elinks.conf on RHEL Linux + downstream versions. – Wenger 10/5, 2017 at 18:53

FWIW, the file is ~/.elinks/elinks.conf (and doesn't exist by default) and the syntax is set connection.ssl.cert_verify = 0 – this is very poorly documented. – Buckwheat 17/12, 2017 at 12:56

First make sure

your server is indeed listening to port 443 and
it receives/sends traffic from/to that port.

Also check the key length for your server (10.113.1.104) certificate; it might very be that elinks expects 2048-bit keys while your certificate key length is less than that:

$ echo | openssl s_client -connect 10.113.1.104:443 2>/dev/null | openssl x509 -text -noout | grep "Public-Key"

Redingote answered 30/12, 2014 at 0:1 Comment(4)

This is the answer: Public-Key: (1024 bit), what i can do? – Blackett 30/12, 2014 at 19:31

See what the same command gives, without grep: echo | openssl s_client -connect 10.113.1.104:443 2>/dev/null | openssl x509 -text -noout. You'll then have a complete certificate dump. Check if the certificate is self-signed, for instance. – Redingote 9/1, 2015 at 21:30

Yep, the certificate is self-signed. – Blackett 10/1, 2015 at 23:16

Self-signed certificates by definition may not be verified. There should be an option to accept self-signed certificates but that would go against security enforcement... unless for development purposes. If elinks has no such option you'll have to create a certificate coming from either a globally recognized certification authority or an internal certification authority of your own. In the latter case you'll have to add the internal certification authority's certificate to elinks' list of CA certificates somehow. – Redingote 11/1, 2015 at 11:48

Recommended topics

Hot tags