bug-wget
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Trust On First Use & GSoC 2015 participation

From: Ángel González
Subject: Re: [Bug-wget] Trust On First Use & GSoC 2015 participation
Date: Tue, 10 Mar 2015 02:06:19 +0100
User-agent: Thunderbird 
Molnár Géza wrote:

Greetings all,


Greetings Molnár,

I'm glad you were attracted by wget project :)


I am writing to you regarding two topics:

1.) I was delighted to find that Wget has a GSoC page. Last night I read
the project ideas and the instructions on how to start contributing to
Wget. I found project number two particularly interesting and I would love
to work on it. I believe implementing the use of if-modified-since headers
and TCP Fast Open would a lot of fun, and of course I think this project
would fit be well.  I will start reading the RFC-s tomorrow, so I can get
up to speed.
Also, do you guys think it would be a good project idea to implement basic
HTTP2 support for Wget?
It would surely be a nice project. However, I suspect it would be too big for GSoC. Remember that GSoC requires clear deliverables and it's preferable to have a small finished project that a big incomplete one. 



2.) I got excited last night and built wget from source, ran all the test
and started looking at the open bugs. I started familiarizing with the
source code earlier today and I love it! ;) It seems very well documented
and I well structured. I can picture my self working on it. :)

Heh. I wish everybody got so excited by looking at wget source code ;)


One of the bugs (or requested feature perhaps) caught my eyes, and  that
was Trust On First Use. Is there anyone currently working on it? (I checked
the mail-list archives and it does not seem like anyone expressed interest.)

I don't think so.


If it's clear to work on, that I have a couple of questions about it:
  - From what I understand, the ssl_check_certificate() in gnutls.c (and
perhaps a few other things) should be changed to check and store
problematic certificates if the user decides to do so. Is that right?
The function name seems appropiate (I'm not familiar with that part of the code). 
Note that wget can be built with either gnutls or openssl.



- How to involve the user into the decision? I mean, should wget prompt the
user with a question similar to ssh? "The authenticity of host '' can't be
established..."
   Perhaps a new command line options should be added to control behavior in
such situations?

Try to come up with a few options and submit them to the list.
A potential problem is that wget can be used either as an interactive tool than as a batch one. It isn't appropiate that a cron job stops asking if it should trust a certificate (ok, here we would just chack isatty), but what to do if after 6 hours downloading recursively, the process finds an unknown certificate? How to combine with the traditional PKI ssl? Maybe in the future we will want to support DANE, and design the switches supporting that, too? 



 Looking forward to work with you guys,



Me too. I think you will have very interesting contributions :)

Best regards
reply via email to
[Prev in Thread] Current Thread [Next in Thread]