Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7

[Jochen Roderburg]

Zitat von Wallance Hou <address@hidden>:

>  Currently Does wget new version support or verify SAN/UCC SSL  
> certificate? If yes, but I tried to install wget 1.13.x, but there  
> still was issue as below. (gnutls-2.12.14 without p11-kit-1), Please  
> advie.
>
> address@hidden wget-1.13.4]# wget -v -O xx https://www.verisign.net
> --2011-11-23 19:07:54--  https://www.verisign.net/
> Resolving www.verisign.net (www.verisign.net)... 69.58.181.89
> Connecting to www.verisign.net  
> (www.verisign.net)|69.58.181.89|:443... connected.
> ERROR: The certificate of `www.verisign.net' is not trusted.
> ERROR: The certificate of `www.verisign.net' hasn't got a known issuer.
> address@hidden wget-1.13.4]#

Hi Wallace,

No idea what SAN/UCC means.
The wget messages look like it did not find the so-called CA  
certificates which are needed for the verification of the server  
certificates. It it possible that you have a CA-certificates pack on  
your Linux (as part of installed SSL/TLS libraries), it is often seen  
under a name like ca-bundle.crt or similar. I am not familiar enough  
with gnutls (I have my SSL-capable programs usually installed with  
OpenSSL) to know if this can be configured to automatically use such a  
file, but in any case you can give it to wget with the parameter  
--ca-certificate=/path/to/file.

Best Regards,
J.Roderburg