[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] wget seems to be "out of touch" with sec urity (fails on

From: Mike Frysinger
Subject: Re: [Bug-wget] wget seems to be "out of touch" with sec urity (fails on most (all?) http websites...( where browsers work)
Date: Sat, 21 Dec 2013 17:02:53 -0500
User-agent: KMail/1.13.7 (Linux/3.12.1; KDE/4.6.5; x86_64; ; )

On Saturday 21 December 2013 16:51:56 L Walsh wrote:
> mancha wrote:
> > L Walsh <wget <at> tlinx.org> writes:
> >> I recently started using 1.14 of wget included with my distro's updates:
> >> GNU Wget 1.14 built on linux-gnu.
> >> 
> >> Trouble is, it gives security warnings on almost every https
> >> site I access.
> >> 
> >> I can't think of 1 where I didn't have to override the security
> >> warning (and this time, I just put it in my .wgetrc file).
> >> 
> >> So why does wget get all these errors when my browsers don't?
> > 
> > It appears your wget is built against the openssl library. For https
> > certificate verification to work in wget automagically as it does in
> > the major browsers, openssl needs a properly configured root
> > certificate store (default location: /etc/ssl/certs).
> -----
> What format file does wget require?

in your build, wget uses openssl, and thus openssl is doing the cert parsing.  
wget has no idea about file format.

> I noticed firefox points at the /etc/pki/nssdb

that's because firefox uses nss, and nss does all the parsing

Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]