Re: [Bug-wget] wget seems to be "out of touch" with sec urity (fails on most (all?) http websites...( where browsers work)

[Mike Frysinger]

On Saturday 21 December 2013 16:51:56 L Walsh wrote:
> mancha wrote:
> > L Walsh <wget <at> tlinx.org> writes:
> >> I recently started using 1.14 of wget included with my distro's updates:
> >> GNU Wget 1.14 built on linux-gnu.
> >> 
> >> Trouble is, it gives security warnings on almost every https
> >> site I access.
> >> 
> >> I can't think of 1 where I didn't have to override the security
> >> warning (and this time, I just put it in my .wgetrc file).
> >> 
> >> So why does wget get all these errors when my browsers don't?
> > 
> > It appears your wget is built against the openssl library. For https
> > certificate verification to work in wget automagically as it does in
> > the major browsers, openssl needs a properly configured root
> > certificate store (default location: /etc/ssl/certs).
> 
> -----
> What format file does wget require?

in your build, wget uses openssl, and thus openssl is doing the cert parsing.  
wget has no idea about file format.

> I noticed firefox points at the /etc/pki/nssdb

that's because firefox uses nss, and nss does all the parsing
-mike

signature.asc
Description: This is a digitally signed message part.