[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Windows cert store support
|
From: |
Petr Pisar |
|
Subject: |
Re: [Bug-wget] Windows cert store support |
|
Date: |
Fri, 11 Dec 2015 12:35:08 +0100 |
|
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Fri, Dec 11, 2015 at 01:22:48PM +0200, Eli Zaretskii wrote:
> > Date: Thu, 10 Dec 2015 01:12:37 +0100
> > From: Ángel González <address@hidden>
> > Cc: bug-wget <address@hidden>
> >
> > On 09/12/15 03:06, Random Coder wrote:
> > > I'm not sure if the wget maintainers would be interested, but I've
> > > been carrying this patch around in my private builds of wget for a
> > > while. It allows wget to load SSL certs from the default Windows cert
> > > store.
> > >
> > > The patch itself is fairly straightforward, but as it changes the
> > > default SSL behavior, and no care was taken to follow coding convents
> > > when I wrote it, so it's probably not ready for inclusion in the
> > > codebase. Still, if it's useful, feel free to use it for ideas.
> > Wow, supporting the OS store would certainly be very cool.
> >
> > I would probably move it to windows.c and attempt to make it also work
> > in gnutls, but in general it looks good.
>
> Wget compiled with GnuTLS already supports this feature: it calls
> gnutls_certificate_set_x509_system_trust when the GnuTLS library
> supports that. gnutls_certificate_set_x509_system_trust does
> internally what the proposed patch does.
>
> So I think this code should indeed go only to openssl.c, as gnutls.c
> already has its equivalent.
>
AFAIK OpenSSL source contains crypto engine that delegates all operations
to Windows native cryptographical subsystem. It's only matter of default
configuration.
-- Petr
signature.asc
Description: PGP signature