On 2015-12-11, Constantine A. Murenin <muren...@gmail.com> wrote: > On 11 December 2015 at 02:58, Thijs van Dijk <schnab...@inurbanus.nl> wrote: >> On 11 December 2015 at 05:51, Andy Bradford <amb-open...@bradfords.org> >> wrote: >> >>> If one wants privacy on a website then more is required than just HTTPS. >>> >> >> Right. *I* just want a reasonable (256-bit) guarantee that the signify keys >> on my screen are the ones the OpenBSD authors intended me to see. >> >> I currently just assume they are correct because it'd be enormously complex >> to spoof the entire OpenBSD distribution, but I souldn't have to rely on >> "security through effort involved". >> >> Remember the guy who tried to securely download PuTTY? He couldn't >> <https://noncombatant.org/2014/03/03/downloading-software-safely-is-nearly-impossible/> > > And I couldn't access his web-site from an OpenBSD box: > > % lynx -dump > https://noncombatant.org/2014/03/03/downloading-software-safely-is-nearly-impossible/ > > Looking up noncombatant.org > Making HTTPS connection to noncombatant.org > SSL callback:unable to get local issuer certificate, preverify_ok=0, > ssl_okay=0 > Retrying connection without TLS. > Looking up noncombatant.org > Making HTTPS connection to noncombatant.org > Alert!: Unable to make secure connection to remote host. > > lynx: Can't access startfile > https://noncombatant.org/2014/03/03/downloading-software-safely-is-nearly-impossible/ > % > > C. > >
Works in -current - update /etc/ssl/cert.pem.
