Re: [Bug-wget] certificate revocation lists (CRLs) #43501

[Noël Köthe]

Hello Tim,

Am Mittwoch, den 05.11.2014, 12:48 +0100 schrieb Tim Ruehsen:

> > https://savannah.gnu.org/bugs/?43501
> > 
> > The first step could to document (IMHO prefered in the manpage) this
> > behavior (see attached first ugly patch because I don't know where to
> > place this better).
> > 
> > The next and better step might be to implement this by loading CRLs
> > files (reporter points to curl where this is possible) then this patch
> > should be removed again.

> On 24th Oct I pushed a change to Mget that allows to specify a CRL file via
> --crl-file. If nobody complains, I would fit that patch to Wget's GnuTLS code.

:) That you be perfect for this request.

> BTW, does Debian meanwhile has a CRL infrastructure (something like 
> /etc/ssl/certs/) or is planning something like it ?

I'm not aware of an infrastructure but asked the people who might know
this (CC: to this list).

> Also, OCSP certificate status checking might be interesting for Wget.

:) ACK.

Thank you.

Regards

        Noël

-- 
Noël Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org

signature.asc
Description: This is a digitally signed message part