[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3
From: |
Wallance Hou |
Subject: |
Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7 |
Date: |
Fri, 25 Nov 2011 02:35:20 +0000 |
Ok, Still Many thanks for your kind reply. :)
What a big Headache with SAN/UCC!!!
Best Regards
Wallance hou
Bleum Incorporated
Wallance Hou
Network Engineer
Email: address@hidden
Cloud-9 Mansion 19F
Tel: 86-21-62821122
1118 West Yan'an Road.
Shanghai, P.R.C. 200052
This email may contain confidential information and/or copyright material. This
email and any attachments are solely for the intended recipient.
If you are not the intended recipient, disclosure, copying, use or distribution
of the information included in this message may be unlawful. please advise the
sender immediately by using the reply facility in your email software, and
immediately and permanently delete.
Thank you for your cooperation.
-----Original Message-----
From: Jochen Roderburg [mailto:address@hidden
Sent: Friday, November 25, 2011 5:23 AM
To: Wallance Hou
Cc: address@hidden
Subject: RE: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC
3280 part 4.2.1.7
Zitat von Wallance Hou <address@hidden>:
> Currently Does wget new version support or verify SAN/UCC SSL
> certificate? If yes, but I tried to install wget 1.13.x, but there
> still was issue as below. (gnutls-2.12.14 without p11-kit-1), Please
> advie.
>
> address@hidden wget-1.13.4]# wget -v -O xx https://www.verisign.net
> --2011-11-23 19:07:54-- https://www.verisign.net/
> Resolving www.verisign.net (www.verisign.net)... 69.58.181.89
> Connecting to www.verisign.net
> (www.verisign.net)|69.58.181.89|:443... connected.
> ERROR: The certificate of `www.verisign.net' is not trusted.
> ERROR: The certificate of `www.verisign.net' hasn't got a known issuer.
> address@hidden wget-1.13.4]#
Hi Wallace,
No idea what SAN/UCC means.
The wget messages look like it did not find the so-called CA
certificates which are needed for the verification of the server
certificates. It it possible that you have a CA-certificates pack on
your Linux (as part of installed SSL/TLS libraries), it is often seen
under a name like ca-bundle.crt or similar. I am not familiar enough
with gnutls (I have my SSL-capable programs usually installed with
OpenSSL) to know if this can be configured to automatically use such a
file, but in any case you can give it to wget with the parameter
--ca-certificate=/path/to/file.
Best Regards,
J.Roderburg