[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3
Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 22.214.171.124
Thu, 24 Nov 2011 22:23:15 +0100
Dynamic Internet Messaging Program (DIMP) H3 (1.1.4)
Zitat von Wallance Hou <address@hidden>:
Currently Does wget new version support or verify SAN/UCC SSL
certificate? If yes, but I tried to install wget 1.13.x, but there
still was issue as below. (gnutls-2.12.14 without p11-kit-1), Please
address@hidden wget-1.13.4]# wget -v -O xx https://www.verisign.net
--2011-11-23 19:07:54-- https://www.verisign.net/
Resolving www.verisign.net (www.verisign.net)... 126.96.36.199
Connecting to www.verisign.net
ERROR: The certificate of `www.verisign.net' is not trusted.
ERROR: The certificate of `www.verisign.net' hasn't got a known issuer.
No idea what SAN/UCC means.
The wget messages look like it did not find the so-called CA
certificates which are needed for the verification of the server
certificates. It it possible that you have a CA-certificates pack on
your Linux (as part of installed SSL/TLS libraries), it is often seen
under a name like ca-bundle.crt or similar. I am not familiar enough
with gnutls (I have my SSL-capable programs usually installed with
OpenSSL) to know if this can be configured to automatically use such a
file, but in any case you can give it to wget with the parameter