[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Docs missing info on ca_directory and ca_certfile

From: Jeffrey Walton
Subject: Re: [Bug-wget] Docs missing info on ca_directory and ca_certfile
Date: Thu, 3 Jan 2019 12:39:21 -0500

On Thu, Jan 3, 2019 at 12:23 PM Ander Juaristi <address@hidden> wrote:
> The patch looks good to me. As Tim says, I would also pass NULL as the
> second param in line 20.  If we provide --ca-directory what would happen
> is that OpenSSL will pick up the most suitable certificate from the
> directory based on the hash value of the name, and some other field I
> don't remember. GnuTLS will consider all of them. In the end it's the
> same behavior.
> Tim, could you merge the patch?

Feel free to knob turn on it. I'm fine with merciless editing.

The three use cases I was trying to capture is:

(1) wget ...  # no CA's specified; use defaults from wgetrc

(2) wget --ca-file=... # Use only this CA or collection of CAs

(3) wget --ca_directory=...   # Use only this collection of CAs

Cases (2) and (3) attempt to avoid unwanted additional CAs for those
who are trying to be strict about what they are willing to accept.

If I mis-parsed the Wget sources and what is happening, then my
apologies. That's just ignorance on my part and I apologize for it.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]