[j-nsp] out-lynxed

Carl Hayter hayter at usc.edu
Wed Sep 15 15:51:33 EDT 2004


On Wed, Sep 15, 2004 at 07:45:59AM -1000, Randy Bush wrote:
> > maybe you're missing a cert?
> > $ ls -l /etc/ssl/certs/
> 
> ain't got no certs in /etc/ssl/cert.  not even the directory.  but
> i never had it, and it worked up until last weekend.  i am confused.

it may be in a different location depending on your distribution.
i've seen them in /usr/lib/ssl and /usr/share/ssl
the certs (in my distro) come with the openssl package.

but the certs just stop the certificate error message.  you can always
just answer 'y' to ignore the fact that you can't verify the servers
cert (because you don't have the root certs) and things should work.

in my testing on the perl side, to get my old script to work again
i had to enable redirects on POST requests (which is not in the HTTP
spec which says to only follow redirects on GET and HEAD) and enable
sending the Referrer header.  (pseudo patch below)

the 'login' form is a POST which returns a
https://www.juniper.net/customers/csc/ page with a redirect to itself.
if when you follow the redirect you don't set the Referrer header then
you are dumped to the error page that tells you your browser is
unsupported and you have to use IE6 or whatever and it has to be a
128 bit connection.

if you set the Referrer when you follow the redirect then everything
works just fine.

how this translates to lynx i'm not sure...

you might also want to make sure you have the latest packages for
lynx/openssl installed.  even though the version numbers match,
some distros fix bugs/change config/add certs and don't bump the
version numbers.  other than that i would check the support site
for your distro armed with the knowledge that other people's
lynx/openssl is working while yours isn't.

i don't use lynx much, but if there's any way i can help let me know.

the WWW::Mechanize perl script took just a couple changes to work
again.

# newest version
- my $ver = '6.0';       # lazy version matching
+ my $ver = '6.4';       # lazy version matching

# don't think this matters
- $agent->agent( 'whatever i had here');
+ $agent->agent( 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)');

# add referer and follow redirect after login
$agent->submit();

+ $agent->add_header( Referer => 'https://www.juniper.net/customers/csc/' );
+ $agent->get( 'https://www.juniper.net/customers/csc/' );

# link names changed
- $agent->follow(qr(Download software));
- $agent->follow(qr(Encrypted));
+ $agent->follow(qr(\QDownload Software));
+ $agent->follow(qr(\QCanada and U.S.));

----
Carl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/juniper-nsp/attachments/20040915/1eaa9c87/attachment.bin


More information about the juniper-nsp mailing list