diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/README.cookies | 60 | ||||
| -rw-r--r-- | docs/README.options | 81 | ||||
| -rw-r--r-- | docs/README.sslcerts | 54 |
3 files changed, 175 insertions, 20 deletions
diff --git a/docs/README.cookies b/docs/README.cookies new file mode 100644 index 00000000..af044f92 --- /dev/null +++ b/docs/README.cookies @@ -0,0 +1,60 @@ +README.cookies + +Cookie handling when using the lynx browser: + +General Usage on a unix system: + +Cookie handling may be set so that you read them in on session start up from a +saved file, and to restore all cookies to that file on session close. + +Warning and Disclaimer: + +The lynx browser provides great opportunity to examine and make decisions about +cookies by default, but some users just want the speed benefits of the lynx +browser without the prompting for a decision to accept or reject the cookie. +Should you think that this is your situation, please read this: + +There are a number of privacy issues with accepting all cookies blindly, not +the least of which is that you are storing evidence of your browsing activity +into a regular disk file. + +You have been warned. There are many resources available that will provide you +with more information about making informed choices about this subject. + +With that in mind, here is how to accept all cookies transparently and rapidly: + +The following .lynxrc or lynx.cfg settings provide the user with the ability +to by default accept all cookies transparently. + +SET_COOKIES:TRUE +ACCEPT_ALL_COOKIES:TRUE +PERSISTENT_COOKIES:TRUE +COOKIE_FILE:/path/to/directory/.lynx_cookies +COOKIE_SAVE_FILE:/path/to/directory/.lynx_cookies +COOKIE_LOOSE_INVALID_DOMAINS:sports.espn.go.com,espn.go.com,.go.com, +FORCE_SSL_COOKIES_SECURE:FALSE + +You must have a "cookie save file" that you own and for which you have +read/write permission; cookies are flushed out to that disk location when you +exit lynx, and are read in for use at the start of a lynx session from there. +Cookies do not persist unless this happens. + +If you wish to see for yourself that this actually happens, please use the +-trace command line option and then read the resulting file "Lynx.trace". +It will show the cookies being read in at the start of a session, and being +written out at the conclusion of a session. + +FORCE_SSL_COOKIES_SECURE is for ebay and the like, or they won't remember you; +(their login is secure but everything else isn't, like a lot of big sites). +If lynx attempts to transmit the ebay cookie securely, it's not taken. +This doesn't affect cookie acceptance but it's a functionality issue for users. + +The COOKIE_LOOSE_INVALID_DOMAINS is for botched cookies from sites you read a +lot. This causes a great deal of prompting and if you are a frequent site user +you may want to convenience yourself with a set of loose invalid domains. + + +Stef Caunter +http://caunter.ca/contact.html +http://caunter.ca/README.cookies + diff --git a/docs/README.options b/docs/README.options new file mode 100644 index 00000000..b388d4c3 --- /dev/null +++ b/docs/README.options @@ -0,0 +1,81 @@ +README.options + +Using the lynx browser [O]ptions configuration tool. + +General Usage on a unix system: + +Press "O" at any time in your lynx session to access this utility page. +This is one of several custom "system" URLs that cause lynx to self-configure. + +Please note: +Ensure and confirm that your [O]ptions session is flushed to disk, by selecting: + +Save options to disk: [_] before selecting "Accept Changes". + +This freshens your .lynxrc file, which is your default "personal" configuration +for the lynx browser. Otherwise you will only affect settings for your +individual session; they aren't remembered next time you use lynx, (since you +actually did not tell lynx to remember them). + +This disk write to .lynxrc is not default behaviour for [O]ptions +configurations. The lynx browser tends to tread lightly at first. Note that +you must first have permission on your system to create, write to and read +from a .lynxrc file in your home directory. + +Using some of the menu items: + +User mode controls the amount of "on screen" help at the bottom of the screen. +You get the familiar view of the link target you are on when you use ADVANCED +user mode, and this also gives you the most top to bottom screen area. +ADVANCED user mode also allows for sub bookmark functionality (see below). + +The (for now) command line only option --nomargins provides the largest +readable left to right screen coverage. + +Editor is for jumping to vi or whatever you prefer during local file edits +and for textarea editing with ^Xe if you are filling out a form while browsing. + +Please see README.cookies for a brief cookie handling discussion. + +Multi-bookmarks allows several files to be your bookmarks; it will introduce +a browse list of them if they are defined as below. + +Once the Multi-bookmarks setup on Options is done and has been written out to +your .lynxrc (remember to Accept Changes and to Save Changes to disk), +in .lynxrc you will see a list of 25 possible "other" bookmark files +(26 letters minus "A") - you need to then associate some of them with +(meaningful) filenames to get the Multi-bookmark menu. + +Note that the files must be relative to your home directory. + +The best way to create and manage them is by using the MultiBookmarkMenu (MBM) +configuration tool selectable from the [O]ptions menu. + +The MBM allows you to describe the sub bookmark, and name a file relative +to your home directory that will contain the html for the saved links. +You populate one of the lettered sub bookmarks, describe it, and provide a +filename. ">" saves the edits, and ^G cancels edits. + +The sub bookmarks will be accessible by pressing the associated key from a +menu when invoking the bookmark choice (lynx -book, or 'V' in a session), or +when saving new bookmarks. You can directly access your sub bookmarks by letter +key alone by defining sub_bookmarks=ADVANCED in .lynxrc or lynx.cfg, if you +have ADVANCED general user mode selected as well. +The Multi-bookmark submenu can still be seen in ADVANCED by pressing "=", and +is always seen in STANDARD mode. + +They are seen in your .lynxrc like so: + +multi_bookmarkB=cars,Cars +multi_bookmarkC=news,News +multi_bookmarkD=sports,Sports + +Filename precedes description in .lynxrc, whereas in the MBM configuration +utility, the description is the left column, and the filename is in the right +column displayed. + + +Stef Caunter +http://caunter.ca/contact.html +http://caunter.ca/README.options + diff --git a/docs/README.sslcerts b/docs/README.sslcerts index 4ad82a90..39c3dcda 100644 --- a/docs/README.sslcerts +++ b/docs/README.sslcerts @@ -1,11 +1,11 @@ - Lynx SSL support for certificates - README.sslcerts file + Lynx SSL support for certificates - README.sslcerts file BACKGROUND: The original README.ssl document for lynx stated: - Note that the server... may not have a valid certificate. Lynx will not - complain, as it does not yet support certificates... + Note that the server... may not have a valid certificate. Lynx will not + complain, as it does not yet support certificates... Such lack of support is no longer the case. Lynx now features excellent certificate management through the openssl project. There is almost no @@ -29,7 +29,7 @@ self-signed certificate from a known server source and have it be trusted by client programs. Briefly, the procedure will involve confirming the default system location for -certificates, possibly setting values for SSL_CERT_DIR and SSL_CERT_FILE in +certificates, setting values for SSL_CERT_DIR and SSL_CERT_FILE in the environment, and converting and hashing the certificates using openssl utilities to enable recognition. @@ -51,8 +51,8 @@ The ability to turn off reporting of this error to the user was added to lynx2.8.5dev16 as the FORCE_SSL_PROMPT setting in lynx.cfg as noted in the CHANGELOG: - This lets the user decide whether to ignore prompting for questionable - aspects of an SSL connection. + This lets the user decide whether to ignore prompting for questionable + aspects of an SSL connection. While this is a convenient setting to employ when using lynx to script https -dumps, it by definition ignores the issue of certificate validity @@ -114,13 +114,24 @@ Note also that there is no CA cert bundle distributed with OpenSSL. The OpenSSL team specifically decided NOT to do that. Getting a set of trusted certificates is left up to the installer. -It is a fairly trivial procedure to pull the bundle of trusted root certs out -of a recent version of Internet Explorer. The MirOS BSD project also provides -them. The procedure to convert and install them is detailed later in this -document, and if you simply need to have commercially provided certificates -trusted by lynx, you can skip down a few lines to the INSTALLING OR UPDATING +It is no longer a fairly trivial procedure to pull the bundle of trusted root certs out +of a recent version of Internet Explorer. Multiple certificates are no longer +exportable as a DER formatted file; extraction of a single certificate is the only +export for DER, and DER is what converts to PEM. + +Users with access to Apple OS X can export all certificates from Keychain Access System Roots as +a .pem file. Place this in SSL_CERT_DIR and hash it and you're done. + +The MirOS BSD project also provides them. The procedure to convert and install them +is detailed later in this document, and if you simply need to have commercially provided +certificates trusted by lynx, you can skip down a few lines to the INSTALLING OR UPDATING THE CA BUNDLE section. +Extracted Mozilla cert bundles are available for download from the curl project, +http://curl.haxx.se/docs/caextract.html along with a script to extract from Mozilla +source. + + INSTALLING A SELF-SIGNED CERTIFICATE: When you would like to trust a self-signed (non-commercial) certificate you will @@ -153,7 +164,7 @@ INSTALLING OR UPDATING THE CA BUNDLE: Now would be a good time to check to see if you have the bundle of CA certs /usr/local/ssl/cert.pem, or to update them. -CA bundles are available in various places, such as the MirBSD distribution, +CA bundles are available in various places, such as the MirOS BSD distribution, for those who want to take that route, or you can extract the current bundle from a current version of Internet Explorer (export them all from IE and transfer it onto your system). @@ -166,9 +177,10 @@ It includes the cacert.org certificate. Download the latest revision; read the file to see how to get the certs out. No hashing is necessary with this set of certs; it is already done; ignore -the c_rehash usage below for this bundle. +the c_rehash usage below for this bundle. Simply run `sh ssl.certs.shar` +in SSL_CERT_DIR. -From IE certs extract as a PKCS7 file and need to be converted with something +From IE 5.x certs extract as a PKCS7 file and need to be converted with something like: openssl pkcs7 -inform DER -in bundle.crt -outform PEM -out cert.pem \ @@ -208,10 +220,10 @@ All pem encoded certs in /usr/local/ssl/certs will now be recognized. SETTING AND EXPORTING ENVIRONMENT VARIABLES: -If lynx is still not recognizing certs, environment variables may need +If lynx is still not recognizing certs, environment variables need to be set; if on a sh type shell, the variables also need to be exported. -The environment variables SSL_CERT_DIR and SSL_CERT_FILE only need to be set +The environment variables SSL_CERT_DIR and SSL_CERT_FILE need to be set if a non-default location is used for certificates, or if certs just can't be found by lynx. They may be set as follows in /etc/profile, or a shell initialization .profile or .*shrc, if we run a non csh type shell, according @@ -226,14 +238,15 @@ On csh type shells, you can use: setenv SSL_CERT_DIR "/usr/local/ssl/certs" setenv SSL_CERT_FILE "/usr/local/ssl/cert.pem" -On many systems setting and exporting them makes all the difference. Apparently -this is not an issue on other systems, but this might help someone -somewhere. - Note that the environment variable SSL_CERT_FILE applies to the cert-bundle if used outside of the default location (/usr/local/ssl/cert.pem) compiled into OpenSSL. There are issues with SSL_CERT_FILE in 0.9.6x versions of openssl. +The configuration file lynx.cfg allows a system SSL_CERT_FILE variable to be set +which can simplify matters. + +SSL_CERT_FILE:/etc/ssl/certs/ca-certificates.crt + Make sure you have FORCE_SSL_PROMPT set to PROMPT in lynx.cfg like so: FORCE_SSL_PROMPT:PROMPT @@ -246,6 +259,7 @@ SSL error:self signed certificate-Continue? (y) A quick check confirms that these procedures have the same effect with ssl errors in the pine program. +2003 updated 2009 Stefan Caunter <stefan.caunter@mohawkcollege.ca> Mohawk College Department of Computer Science Hamilton Ontario Canada |