[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] wget seems to be "out of touch" with sec urity (fails on
From: |
Mike Frysinger |
Subject: |
Re: [Bug-wget] wget seems to be "out of touch" with sec urity (fails on most (all?) http websites...( where browsers work) |
Date: |
Sat, 21 Dec 2013 17:02:53 -0500 |
User-agent: |
KMail/1.13.7 (Linux/3.12.1; KDE/4.6.5; x86_64; ; ) |
On Saturday 21 December 2013 16:51:56 L Walsh wrote:
> mancha wrote:
> > L Walsh <wget <at> tlinx.org> writes:
> >> I recently started using 1.14 of wget included with my distro's updates:
> >> GNU Wget 1.14 built on linux-gnu.
> >>
> >> Trouble is, it gives security warnings on almost every https
> >> site I access.
> >>
> >> I can't think of 1 where I didn't have to override the security
> >> warning (and this time, I just put it in my .wgetrc file).
> >>
> >> So why does wget get all these errors when my browsers don't?
> >
> > It appears your wget is built against the openssl library. For https
> > certificate verification to work in wget automagically as it does in
> > the major browsers, openssl needs a properly configured root
> > certificate store (default location: /etc/ssl/certs).
>
> -----
> What format file does wget require?
in your build, wget uses openssl, and thus openssl is doing the cert parsing.
wget has no idea about file format.
> I noticed firefox points at the /etc/pki/nssdb
that's because firefox uses nss, and nss does all the parsing
-mike
signature.asc
Description: This is a digitally signed message part.
- Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) https websites...(where browsers work), (continued)
Re: [Bug-wget] wget seems to be "out of touch" with sec urity (fails on most (all?) http websites. ..(where browsers work), mancha, 2013/12/20
Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work), L Walsh, 2013/12/21
- Re: [Bug-wget] wget seems to be "out of touch" with sec urity (fails on most (all?) http websites...( where browsers work),
Mike Frysinger <=