Re: [Bug-wget] Docs missing info on ca_directory and ca

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Docs missing info on ca_directory and ca_certfile

From:	Ander Juaristi
Subject:	Re: [Bug-wget] Docs missing info on ca_directory and ca_certfile
Date:	Thu, 3 Jan 2019 18:23:14 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1

Hi,

The patch looks good to me. As Tim says, I would also pass NULL as the
second param in line 20.  If we provide --ca-directory what would happen
is that OpenSSL will pick up the most suitable certificate from the
directory based on the hash value of the name, and some other field I
don't remember. GnuTLS will consider all of them. In the end it's the
same behavior.

Tim, could you merge the patch?

On 29/12/18 17:54, Jeffrey Walton wrote:
> On Sat, Dec 29, 2018 at 11:43 AM Tim Rühsen <address@hidden> wrote:
>>
>> On 29.12.18 05:00, Jeffrey Walton wrote:
>>> On Fri, Dec 28, 2018 at 10:07 PM Jeffrey Walton <address@hidden> wrote:
>>>>
>>>> The sample wgetrc is missing info on ca_directory . Also see
>>>> https://www.gnu.org/software/wget/manual/html_node/Sample-Wgetrc.html.
>>>>
>>>> I also cannot figure out how to tell Wget to use cacert.pem. I've
>>>> tried ca_cert, ca_certs and ca_certfile but it produces:
>>>>
>>>>     wget: Unknown command ‘ca_file’ in /opt/bootstrap/etc/wgetrc at line 
>>>> 141
>>>>     Parsing system wgetrc file failed.
>>>
>>> My bad... I found it. openssl.c used "opt.ca_cert", so I was trying to
>>> use the same in rc file. The correct name is ca_certificate.
>>
>> There are some inconsistencies with the naming in rc files and on the
>> command line. We do not have this any more with wget2.
>>
>>> Tim, you may want this when Wget is built against OpenSSL. It makes
>>> Wget/OpenSSL behave like Wget/GnuTLS:
>>> https://github.com/noloader/Build-Scripts/blob/master/bootstrap/wget.patch
>>
>> Thanks for the pointer.
>>
>> On L20 the second param to SSL_CTX_load_verify_locations can be NULL.
>>
>> I personally don't care much for OpenSSL - I put Ander on CC.
> 
> Yeah, understood.
> 
> The problem I'm facing is I need a working Wget quickly. Trying to
> build GnuTLS from sources is too heavy weight at this point in the
> process. I can do it later, but I need the lightweight version
> immediately.
> 
> The patch tested OK on Linux back to Fedora 1 with GCC 3. I've still
> got AIX, OS X, Solaris and some other testing to do.
> 
> Jeff
>

pEpkey.asc
Description: application/pgp-keys

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Bug-wget] Docs missing info on ca_directory and ca_certfile, Ander Juaristi <=
- Re: [Bug-wget] Docs missing info on ca_directory and ca_certfile, Jeffrey Walton, 2019/01/03

Prev by Date: [Bug-wget] Wrong results on this e-book page
Next by Date: Re: [Bug-wget] Docs missing info on ca_directory and ca_certfile
Previous by thread: [Bug-wget] Wrong results on this e-book page
Next by thread: Re: [Bug-wget] Docs missing info on ca_directory and ca_certfile
Index(es):
- Date
- Thread