Re: [Bug-wget] [PATCH] certificate revocation lists (CRLs) #43501

[Tim Ruehsen]

On Friday 07 November 2014 09:26:58 Giuseppe Scrivano wrote:
> Tim Ruehsen <address@hidden> writes:
> > Here is a first patch (GnuTLS only) for review and comments (and playing
> > around).
>
> I think we should fail and avoid any connection instead of printing just
> a warning as it seems from the code now.  Have you tested it with some
> crl file?  Would be good to add some automatic tests for this new
> feature.
>
> > - Should we support complete directories ?
> > - Should we allow more than one --crl-file option ?
>
> We can add this later, but we need to ensure that wget fails now if more
> --crl-file are passed so that the user knows it is not supported now.

Amended patch.

I asked Darshit to recreate testenv/certs/wget-cert.pem, so that the CN has
127.0.0.1. From such a cert I can create a CRL (I hope) that can be used in a
test case.

Tim

0001-Added-crl-file-to-load-a-Certificate-Revocation-List.patch
Description: Text Data

signature.asc
Description: This is a digitally signed message part.