bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] --no-check-cert does not avoid cert warning


From: Ángel González
Subject: Re: [Bug-wget] --no-check-cert does not avoid cert warning
Date: Thu, 10 Dec 2015 01:23:23 +0100
User-agent: Thunderbird

On 02/12/15 14:33, Giuseppe Scrivano wrote:
Tim agreed so I've changed the patch to add --check-certificate=quiet.

How does the new version look?

Thanks,
Giuseppe

diff --git a/doc/wget.texi b/doc/wget.texi
index c647e33..9cc2bb2 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -1725,6 +1725,9 @@ this option to bypass the verification and proceed with 
the download.
  site's authenticity, or if you really don't care about the validity of
  its certificate.}  It is almost always a bad idea not to check the
  certificates when transmitting confidential or important data.
+If you are really sure of what you are doing, you can specify
+--check-certificate=quiet to ask wget to not print any warning about
+invalid certificates, in most cases this is the wrong thing to do.

What about adding a hint about providing the self-signed as trusted?

Something like:
diff --git a/doc/wget.texi b/doc/wget.texi
index 64cb056..f3925ca 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -1725,9 +1725,12 @@ this option to bypass the verification and proceed with the download.
 site's authenticity, or if you really don't care about the validity of
 its certificate.}  It is almost always a bad idea not to check the
 certificates when transmitting confidential or important data.
-If you are really sure of what you are doing, you can specify
---check-certificate=quiet to tell wget to not print any warning about
-invalid certificates, in most cases this is the wrong thing to do.
+For self-signed/internal certificates, you should download the certificate
+and verify against that instead of forcing this insecure mode.
+If you are really sure of not desiring any certificate verification, you
+can specify --check-certificate=quiet to tell wget to not print any
+warning about invalid certificates, albeit in most cases this is the
+wrong thing to do.

 @cindex SSL certificate
 @item address@hidden

Regards





reply via email to

[Prev in Thread] Current Thread [Next in Thread]