bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Implement --pinnedpubkey option to pin public keys


From: Tim Rühsen
Subject: Re: [Bug-wget] Implement --pinnedpubkey option to pin public keys
Date: Tue, 23 Feb 2016 21:23:09 +0100
User-agent: KMail/4.14.10 (Linux/4.4.0-1-amd64; KDE/4.14.14; x86_64; ; )

Hi Travis,

thank you for your contribution to wget !

We'll take a closer look at the functionality the next days and will think 
about automated tests.

Just a few comments from the first glimpse
- the wget options are documented in doc/wget.texi, please add an entry for 
the new option
- xmalloc() won't return if allocation fails, so no need for checking the 
return value
- xfree() also accepts NULL values, so no need for a prior check.
- please use xfree() instead of free(), e.g. 'free(base64data)'.
- some parts of the code are 'if(expr)', please amend to 'if (expr)'
- we have a space between function name and (. (GNU style)


In order to accept your contribution, you have to sign the FSF copyrigth 
assignment. We'll send you information on how to proceed via PM.

Thanks again for your work - it is highly appreciated.

Regards, Tim


Am Dienstag, 23. Februar 2016, 13:17:14 schrieb moparisthebest:
> Hello wget team,
> 
> The attached patch implements a --pinnedpubkey option to pin public keys
> for TLS/SSL.  I also pushed this to github [1].  I implemented and
> tested this for both the openssl and gnutls backends, and they share
> code which I put in util.c.
> 
> It supports a path to a single .der or .pem file public key file, or any
> number of base64 encoded sha256 hashes in the format of
> 'sha256//hashhere;sha256//secondhashhere' etc (like the HTTP HPKP
> standard).  This makes it behave identically to curl's option of the
> same name [2], which I also contributed.
> 
> I'm not sure if automated tests can be added for this functionality, or
> if any additional documentation needs updated or anything else? If you
> can point me to anything else that needs done that would make this
> easier to accept I'd appreciate it.
> 
> Thanks for the great tool,
> Travis Burtrum
> 
> [1]: https://github.com/moparisthebest/wget
> [2]: https://curl.haxx.se/docs/manpage.html#--pinnedpubkey

Attachment: signature.asc
Description: This is a digitally signed message part.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]