[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] wget seems to be "out of touch" with security (fails on m

From: L Walsh
Subject: Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work)
Date: Sat, 21 Dec 2013 13:51:56 -0800
User-agent: Thunderbird

mancha wrote:
L Walsh <wget <at> tlinx.org> writes:

I recently started using 1.14 of wget included with my distro's updates:
GNU Wget 1.14 built on linux-gnu.
Trouble is, it gives security warnings on almost every https
site I access.

I can't think of 1 where I didn't have to override the security
warning (and this time, I just put it in my .wgetrc file).

So why does wget get all these errors when my browsers don't?

It appears your wget is built against the openssl library. For https
certificate verification to work in wget automagically as it does in
the major browsers, openssl needs a properly configured root
certificate store (default location: /etc/ssl/certs).

What format file does wget require?

I noticed in /etc/ssl/certs:
     The OpenSSL project does not (any longer) include root CA certificates.
(and a suggestion to go read an FAQ (not in same dir -- have to find it)
other than that -- a bunch of .pem files but only for local daemons (likely
self-signed... imaps stuff mostly.
I noticed firefox points at the /etc/pki/nssdb, where I see
cert9.db, key4.db and pkcs11.txt (all dated Dec 9)...
would wget be able to read those?   That seems to be where the
current cert-store is...but not in pem

(FWIW -- one would think SUSE would have set this up
in advance for their distro version of wget... but I guess
that'd be too much "like right"...sigh)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]