On Sun, Apr 17, 2011 at 11:21 AM, Marco Peereboom <sl...@peereboom.us> wrote: > On Sun, Apr 17, 2011 at 11:18:00AM +0200, Tomas Bodzar wrote: >> On Sun, Apr 17, 2011 at 11:04 AM, Marco Peereboom <sl...@peereboom.us> wrote: >> > Not correct. >> > >> > On openbsd use "ssl_ca_file = /etc/ssl/cert.pem" per the example in the >> > config file. ??The ~/.xxxterm/certs/ directory is where certs are saved >> > to when prompted by the user. >> >> Then question is why if it's set "my way" it shows in address bar blue > > Because you saved it. B Not because you point to that directory.
yep, it's in man. sorry > >> color for correct certs and yellow when untrusted because man says >> that it must be green. But will try correct way if color will be >> green. > > It will be if the cert is trusted. corrected and now it points to .pem files. Anyway all are yellow now including mail.google.com I thought that gmail has certs in fine state > >> >> > >> > On Sun, Apr 17, 2011 at 08:05:42AM +0200, Tomas Bodzar wrote: >> >> On Sun, Apr 17, 2011 at 7:39 AM, Tomas Bodzar <tomas.bod...@gmail.com> wrote: >> >> > Hi all, >> >> > >> >> > as stated in man page for xxxterm: >> >> > >> >> > ssl_ca_file B ??B ??B ??B ??B ??B ??B ??B ??If set to a valid PEM file all server >> >> > B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??certificates will be validated against >> >> > B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??it. B The URL bar will be colored green >> >> > B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??when the certificate is trusted and >> >> > B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??yellow when untrusted. >> >> > >> >> > B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??If ssl_ca_file is not set then the URL >> >> > B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??bar will color all HTTPS connections >> >> > B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??B ??red. >> >> > >> >> > >> >> > it looks like it's able to autenticate only against PEM file, but >> >> > certs are stored as ASCII text in .xxxterm/certs so what's the correct >> >> > setting for that? >> >> >> >> yep >> >> >> >> ssl_ca_file = /home/username/.xxxterm/certs/ >> >> >> >> is all you need. Just not proper wording in man page.
