[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] certificate revocation lists (CRLs) #43501
From: |
Tim Ruehsen |
Subject: |
Re: [Bug-wget] certificate revocation lists (CRLs) #43501 |
Date: |
Wed, 05 Nov 2014 12:48:49 +0100 |
User-agent: |
KMail/4.14.2 (Linux/3.16-3-amd64; KDE/4.14.2; x86_64; ; ) |
On Wednesday 05 November 2014 12:24:06 Noël Köthe wrote:
> Hello,
>
> wget does not support CRLs. There is a bug report about this here:
> https://savannah.gnu.org/bugs/?43501
>
> The first step could to document (IMHO prefered in the manpage) this
> behavior (see attached first ugly patch because I don't know where to
> place this better).
>
> The next and better step might be to implement this by loading CRLs
> files (reporter points to curl where this is possible) then this patch
> should be removed again.
>
> Maybe you agree and apply this minor documentation patch.
Thank you, Noël.
On 24th Oct I pushed a change to Mget that allows to specify a CRL file via
--crl-file. If nobody complains, I would fit that patch to Wget's GnuTLS code.
BTW, does Debian meanwhile has a CRL infrastructure (something like
/etc/ssl/certs/) or is planning something like it ?
Also, OCSP certificate status checking might be interesting for Wget.
Tim
signature.asc
Description: This is a digitally signed message part.