[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3
Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 188.8.131.52
Fri, 25 Nov 2011 02:35:20 +0000
Ok, Still Many thanks for your kind reply. :)
What a big Headache with SAN/UCC!!!
Cloud-9 Mansion 19F
1118 West Yan'an Road.
Shanghai, P.R.C. 200052
This email may contain confidential information and/or copyright material. This
email and any attachments are solely for the intended recipient.
If you are not the intended recipient, disclosure, copying, use or distribution
of the information included in this message may be unlawful. please advise the
sender immediately by using the reply facility in your email software, and
immediately and permanently delete.
Thank you for your cooperation.
From: Jochen Roderburg [mailto:address@hidden
Sent: Friday, November 25, 2011 5:23 AM
To: Wallance Hou
Subject: RE: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC
3280 part 184.108.40.206
Zitat von Wallance Hou <address@hidden>:
> Currently Does wget new version support or verify SAN/UCC SSL
> certificate? If yes, but I tried to install wget 1.13.x, but there
> still was issue as below. (gnutls-2.12.14 without p11-kit-1), Please
> address@hidden wget-1.13.4]# wget -v -O xx https://www.verisign.net
> --2011-11-23 19:07:54-- https://www.verisign.net/
> Resolving www.verisign.net (www.verisign.net)... 220.127.116.11
> Connecting to www.verisign.net
> (www.verisign.net)|18.104.22.168|:443... connected.
> ERROR: The certificate of `www.verisign.net' is not trusted.
> ERROR: The certificate of `www.verisign.net' hasn't got a known issuer.
> address@hidden wget-1.13.4]#
No idea what SAN/UCC means.
The wget messages look like it did not find the so-called CA
certificates which are needed for the verification of the server
certificates. It it possible that you have a CA-certificates pack on
your Linux (as part of installed SSL/TLS libraries), it is often seen
under a name like ca-bundle.crt or similar. I am not familiar enough
with gnutls (I have my SSL-capable programs usually installed with
OpenSSL) to know if this can be configured to automatically use such a
file, but in any case you can give it to wget with the parameter