SSL support for Lynx 2.8.2 Lynx, in its unmodified form, will not allow you to make secure socket layer (SSL) connections. SSL is used for the secure transfer of information over the Internet. Many sites are now requiring SSL to ensure security for themselves and their users. With a version of Lynx modified to support SSL, Lynx users can now visit these sites with ease as well. This SSL patch package for Lynx provides the ability to make use of SSL over HTTP for secure access to web sites (HTTPS) and over NNTP for secure access to news servers (SNEWS). SSL is handled transparently, allowing users to continue accessing web sites and news services from within Lynx through the same interface for both secure and standard transfers. These patches are based on, and require, the OpenSSL/SSLeay libraries. OpenSSL's distribution and use may be restricted by licenses and laws. For information on obtaining OpenSSL, as well as information on its distribution, see http://www.cryptsoft.com/ssleay/. The main OpenSSL distribution site is ftp://ftp.psy.uq.oz.au/pub/Crypto/OpenSSL/. OpenSSL or SSLeay is required to be installed for these patches to Lynx to work. This patch set is intended for the June 1, 1999 release of Lynx 2.8.2, and was prepared against a 2.8.2 release source tree. It is guaranteed to work with this version and only this version of Lynx. As Lynx evolves, new versions of this patch will be made available. This patch should work with any release version of OpenSSL or SSLeay, although newer versions are preferrable. This adaptation of the patches was done by Mark Mentovai (mark@moxienet.com). The history of Lynx with SSL support is too detailed to mention here, for more information on this, see the Lynx SSL home page at http://www.moxienet.com/lynx/. To patch your version of Lynx to cooperate with SSL, first be sure to have OpenSSL or SSLeay installed. Then, you must apply these patches to the source. If you have the single-file patch version, decompress it in the same directory you unpacked Lynx 2.8.2 (the parent directory of lynx2-8-2) and apply it using the command "patch -p0 < lynx-282-ssl.patch". If you do not have the patch command, or if this does not work for you, use one of the versions of the patch containing the whole files: decompress and unpack these files in the same directory you decompressed and unpacked Lynx 2.8.2 (the parent directory of lynx2-8-2); the newer files in the update should overwrite those of Lynx 2.8.2. Changes to four source files in the WWW/Library/Implementation directory are made by applying the patch: HTAAUtil.c, HTFormat.c, HTNews.c, and HTTP.c. The makefile.in file in the top-level source directory is also updated to enable SSL support and link with the SSLeay libraries. These patches will work for VMS, although I am no longer supplying VMS build commands, as I have no way to test them. Once the patch has been applied, the configure command should be run, and Lynx should be compiled and installed as normal. Before running make, you may wish to check the generated makefile to ensure that the location of the SSLeay library is set correctly. (It's a good idea to review the makefile created by configure from makefile.in anyway.) After running make, your version of Lynx should contain SSL support. If you come across any problems making Lynx with SSL that you can't solve (or that you can solve but think I might like to know about), please contact me. I would also like to hear from people that are using my patch in interesting settings. To test your version of Lynx for its SSL support, visit http://www.moxienet.com/lynx/ssl-test/. It will redirect you to a page which will give you various interesting details on your SSL connection (or it will fail if SSL isn't working). This tests Lynx' ability to make HTTPS connections, several details regarding the security of the connection will be reported back to you. The distribution of the code contained in this patch may be restricted, although technically, these patches contain no cryptographic code, merely the hooks needed to allow Lynx to make use of cryptographic code provided in the SSL libraries. You can read about my opinion on the matter at http://www.moxienet.com/crippled-cryptography.html. Export restrictions on cryptographic code have been declared unconstitutional by the 9th Circuit Court of Appeals, this may mean that in the future, these SSL patches may be included in the mainstream Lynx distribution. See http://www.eff.org/bernstein/ for more information. Enjoy! Last updated: June 4, 1999 Original release: March 8, 1998 -- Mark Mentovai mark@moxienet.com http://www.moxienet.com/