bug-wget
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] --no-check-cert does not avoid cert warning

From: Giuseppe Scrivano
Subject: Re: [Bug-wget] --no-check-cert does not avoid cert warning
Date: Thu, 10 Dec 2015 11:23:20 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) 
Hi Ángel,

Ángel González <address@hidden> writes:

> What about adding a hint about providing the self-signed as trusted?
>
> Something like:
>> diff --git a/doc/wget.texi b/doc/wget.texi
>> index 64cb056..f3925ca 100644
>> --- a/doc/wget.texi
>> +++ b/doc/wget.texi
>> @@ -1725,9 +1725,12 @@ this option to bypass the verification and
>> proceed with the download.
>>  site's authenticity, or if you really don't care about the validity of
>>  its certificate.}  It is almost always a bad idea not to check the
>>  certificates when transmitting confidential or important data.
>> -If you are really sure of what you are doing, you can specify
>> ---check-certificate=quiet to tell wget to not print any warning about
>> -invalid certificates, in most cases this is the wrong thing to do.
>> +For self-signed/internal certificates, you should download the
>> certificate
>> +and verify against that instead of forcing this insecure mode.
>> +If you are really sure of not desiring any certificate verification, you
>> +can specify --check-certificate=quiet to tell wget to not print any
>> +warning about invalid certificates, albeit in most cases this is the
>> +wrong thing to do.

thanks for the suggestion, it looks fine to me.  I already pushed the
patch, could you prepare a new one that adds this part?

Regards,
Giuseppe
reply via email to
[Prev in Thread] Current Thread [Next in Thread]