[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [PATCH] Trust on first use
From: |
Molnár Géza |
Subject: |
[Bug-wget] [PATCH] Trust on first use |
Date: |
Mon, 16 Mar 2015 23:49:32 +0100 |
Hi all,
Here is my initial implementation of the trust on first use feature. Here
is how it works:(hopefully)
As suggested by Ángel González, I introduced a new command line option
called trust-model. Possible values:
trust-on-first-use - When wget encounters a certificate with unknown
signer, it tries to save it to a directory (right now it's "./", but is
should be changed to something). After successfully saving the certificate,
downloading can begin/continue.
default - ssl certificate validation works just like before but
certificates saved using trust-on-first-use model will also be checked.
(Same as ssh)
explicit-only - same behavior as before the patch: only default or user
specified certifications are considered valid.
The patch should work with both gnutls and openssl. I'll add some test
cases soon.
Three questions:
1.) Is the above mentioned behavior logical and acceptable to you guys?
2.) Any suggestions on where to save trusted certificates? ssh uses
~./ssh.. Maybe something like that would do?
3.) I had to move some code to functions, is that ok? Hope I did not mess
anything up.
Regards,
Geza
tofu.patch
Description: Binary data
- [Bug-wget] [PATCH] Trust on first use,
Molnár Géza <=