[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3
Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 220.127.116.11
Thu, 24 Nov 2011 03:14:27 +0000
Thanks Jochen for your response.
BTW, a little questions -
Currently Does wget new version support or verify SAN/UCC SSL certificate? If
yes, but I tried to install wget 1.13.x, but there still was issue as below.
(gnutls-2.12.14 without p11-kit-1), Please advie.
address@hidden wget-1.13.4]# wget -v -O xx https://www.verisign.net
--2011-11-23 19:07:54-- https://www.verisign.net/
Resolving www.verisign.net (www.verisign.net)... 18.104.22.168
Connecting to www.verisign.net (www.verisign.net)|22.214.171.124|:443...
ERROR: The certificate of `www.verisign.net' is not trusted.
ERROR: The certificate of `www.verisign.net' hasn't got a known issuer.
address@hidden wget-1.13.4]# wget -V
GNU Wget 1.13.4 built on linux-gnu.
+digest +https +ipv6 +iri +large-file +nls -ntlm +opie +ssl/gnutls
Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/local/etc/wgetrc"
-DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib -O2
Link: gcc -O2 -Wall /usr/local/lib/libgnutls.so /usr/local/lib/libnettle.a
-lgmp /usr/local/lib/libhogweed.a -lz -lpthread -Wl,-rpath
-Wl,/usr/local/lib -lz -lidn -lrt ftp-opie.o gnutls.o
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Originally written by Hrvoje Niksic <address@hidden>.
Please send bug reports and questions to <address@hidden>.
address@hidden wget-1.13.4]# uname -a
Linux xx-linux.corp.walmart.com 2.6.9-89.ELsmp #1 SMP Mon Apr 20 10:34:33 EDT
2009 i686 i686 i386 GNU/Linux
Thanks for your time.
Cloud-9 Mansion 19F
1118 West Yan'an Road.
Shanghai, P.R.C. 200052
This email may contain confidential information and/or copyright material. This
email and any attachments are solely for the intended recipient.
If you are not the intended recipient, disclosure, copying, use or distribution
of the information included in this message may be unlawful. please advise the
sender immediately by using the reply facility in your email software, and
immediately and permanently delete.
Thank you for your cooperation.
From: Jochen Roderburg [mailto:address@hidden
Sent: Wednesday, November 23, 2011 9:36 PM
To: Wallance Hou
Subject: Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC
3280 part 126.96.36.199
Zitat von Wallance Hou <address@hidden>:
> Could you give me a favor about the below issue for wget? But other
> linux installing wget 1.8.2-15.rpm is ok. Now I want to degrade
> version 1.8.2-15, can you help me how to install it? Because that
> exists many dependent relationship.
> address@hidden ~]# wget https://www.verisign.net
> --2011-11-22 23:30:37-- https://www.verisign.net/
> Resolving www.verisign.net (www.verisign.net)... 188.8.131.52
> Connecting to www.verisign.net
> (www.verisign.net)|184.108.40.206|:443... connected.
> ERROR: certificate common name â€œwww.verisign.comâ€ doesnâ€™t
> match requested host name â€œwww.verisign.netâ€.
> To connect to www.verisign.net insecurely, use â€˜--no-check-certificateâ€™.
> address@hidden ~]# wget -version
> wget: Invalid --execute command â€œrsionâ€
> address@hidden ~]# wget --version
> GNU Wget 1.12 built on linux-gnu.
wget 1.8.2 (a very old version from 2002) works, because it does not
check certificates at all.
wget 1.12 does not work, because it checks certificates by default,
but does not handle certificates with multiple hostnames. The error
message tells you that you can inhibit this checking with the
parameter --no-check-certificate (then you have the same behaviour as
in the older versions).
Recent 1.13.x versions have no problem with this situation.
Choose your weapon at will. ;-)