[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] Implement --pinnedpubkey option to pin public keys
|
From: |
moparisthebest |
|
Subject: |
[Bug-wget] Implement --pinnedpubkey option to pin public keys |
|
Date: |
Tue, 23 Feb 2016 13:17:14 -0500 |
Hello wget team,
The attached patch implements a --pinnedpubkey option to pin public keys
for TLS/SSL. I also pushed this to github [1]. I implemented and
tested this for both the openssl and gnutls backends, and they share
code which I put in util.c.
It supports a path to a single .der or .pem file public key file, or any
number of base64 encoded sha256 hashes in the format of
'sha256//hashhere;sha256//secondhashhere' etc (like the HTTP HPKP
standard). This makes it behave identically to curl's option of the
same name [2], which I also contributed.
I'm not sure if automated tests can be added for this functionality, or
if any additional documentation needs updated or anything else? If you
can point me to anything else that needs done that would make this
easier to accept I'd appreciate it.
Thanks for the great tool,
Travis Burtrum
[1]: https://github.com/moparisthebest/wget
[2]: https://curl.haxx.se/docs/manpage.html#--pinnedpubkey
0001-Implement-pinnedpubkey-option-to-pin-public-keys.patch
Description: Text Data
- [Bug-wget] Implement --pinnedpubkey option to pin public keys,
moparisthebest <=