Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3

From:	Wallance Hou
Subject:	Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7
Date:	Thu, 24 Nov 2011 03:14:27 +0000

Thanks Jochen for your response.

BTW, a little questions - 

 Currently Does wget new version support or verify SAN/UCC SSL certificate? If 
yes, but I tried to install wget 1.13.x, but there still was issue as below. 
(gnutls-2.12.14 without p11-kit-1), Please advie.

address@hidden wget-1.13.4]# wget -v -O xx https://www.verisign.net
--2011-11-23 19:07:54--  https://www.verisign.net/
Resolving www.verisign.net (www.verisign.net)... 69.58.181.89
Connecting to www.verisign.net (www.verisign.net)|69.58.181.89|:443... 
connected.
ERROR: The certificate of `www.verisign.net' is not trusted.
ERROR: The certificate of `www.verisign.net' hasn't got a known issuer.
address@hidden wget-1.13.4]#


address@hidden wget-1.13.4]# wget -V
GNU Wget 1.13.4 built on linux-gnu.

+digest +https +ipv6 +iri +large-file +nls -ntlm +opie +ssl/gnutls 

Wgetrc: 
    /usr/local/etc/wgetrc (system)
Locale: /usr/local/share/locale 
Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/local/etc/wgetrc" 
    -DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib -O2 
    -Wall 
Link: gcc -O2 -Wall /usr/local/lib/libgnutls.so /usr/local/lib/libnettle.a 
    -lgmp /usr/local/lib/libhogweed.a -lz -lpthread -Wl,-rpath 
    -Wl,/usr/local/lib -lz -lidn -lrt ftp-opie.o gnutls.o 
    ../lib/libgnu.a 

Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic <address@hidden>.
Please send bug reports and questions to <address@hidden>.

address@hidden wget-1.13.4]# uname -a
Linux xx-linux.corp.walmart.com 2.6.9-89.ELsmp #1 SMP Mon Apr 20 10:34:33 EDT 
2009 i686 i686 i386 GNU/Linux


Thanks for your time.

Best Regards 
Wallance hou



 
Bleum Incorporated
 
Wallance Hou
Network Engineer                                                 
Email: address@hidden
Cloud-9 Mansion 19F
Tel: 86-21-62821122
1118 West Yan'an Road.
Shanghai, P.R.C. 200052

This email may contain confidential information and/or copyright material. This 
email and any attachments are solely for the intended recipient.
If you are not the intended recipient, disclosure, copying, use or distribution 
of the information included in this message may be unlawful. please advise the 
sender immediately by using the reply facility in your email software, and 
immediately and permanently delete. 
Thank you for your cooperation.


-----Original Message-----
From: Jochen Roderburg [mailto:address@hidden 
Sent: Wednesday, November 23, 2011 9:36 PM
To: Wallance Hou
Cc: address@hidden
Subject: Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 
3280 part 4.2.1.7

Zitat von Wallance Hou <address@hidden>:

> Could you give me a favor about the below issue for wget? But other  
> linux installing wget 1.8.2-15.rpm is ok. Now I want to degrade  
> version 1.8.2-15, can you help me how to install it? Because that  
> exists many dependent relationship.
>
> address@hidden ~]# wget https://www.verisign.net
> --2011-11-22 23:30:37--  https://www.verisign.net/
> Resolving www.verisign.net (www.verisign.net)... 69.58.181.89
> Connecting to www.verisign.net  
> (www.verisign.net)|69.58.181.89|:443... connected.
> ERROR: certificate common name â€œwww.verisign.comâ€ doesnâ€™t  
> match requested host name â€œwww.verisign.netâ€.
> To connect to www.verisign.net insecurely, use â€˜--no-check-certificateâ€™.
> address@hidden ~]# wget -version
> wget: Invalid --execute command â€œrsionâ€
> address@hidden ~]# wget --version
> GNU Wget 1.12 built on linux-gnu.

wget 1.8.2 (a very old version from 2002) works, because it does not  
check certificates at all.

wget 1.12 does not work, because it checks certificates by default,  
but does not handle certificates with multiple hostnames. The error  
message tells you that you can inhibit this checking with the  
parameter --no-check-certificate (then you have the same behaviour as  
in the older versions).

Recent 1.13.x versions have no problem with this situation.

Choose your weapon at will.  ;-)

Regards, J.Roderburg

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7, Wallance Hou, 2011/11/23
- Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7, Jochen Roderburg, 2011/11/23
  - Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7, Wallance Hou <=
    - Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7, Jochen Roderburg, 2011/11/24
    - Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7, Wallance Hou, 2011/11/25

Prev by Date: Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7
Next by Date: Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7
Previous by thread: Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7
Next by thread: Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7
Index(es):
- Date
- Thread