Certificate Management Interface details

The certificate management interface will be based on the Lynx Cookie Jar system. A new internal URL scheme, LYNXCERT, will be added to facilitate this. The LYNXCERT:/ URL will bring up the top level page. The SSLeay X509_subject_name_hash function is used to index individual certificates. For example, LYNXCERT://e44425b2 will bring up the information page for the MIT Certificate Authority. The following extensions are defined:

The trust parameters are stored in a per-user configuration file. Each user's file contains the trust information for all known certificates. The below format was chosen for easy extensibility and so that it could be hand edited.

The trust configuration file has these additional properties:

• Comments may be included in the file -- any text after a hash mark is ignored. (Comments may also be placed at the end of valid statements.) Each line is case-sensitive.
• The ordering of the various parameters is not important (i.e. it need not be ordered as nick, trust, path).
• For the trust parameter, ``ALWAYS'' corresponds to a fully trusted site. ``NEVER'' corresponds untrusted. The ``ASK'' setting has lynx-cert prompt for each connection.
• The file is tentatively stored in Lynx_Dir()/cert-trust. (The actual file name under Lynx_Dir is actually a CPP define.)

The SSLeay-provide LHASH hashing structure is used internally to store information regarding each certificate. The certificate itself is not loaded except as needed by the SSLeay library or when extra information needs to be displayed about the certificate.