[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] OpenSSL 1.1.0

From: Ángel González
Subject: Re: [Bug-wget] OpenSSL 1.1.0
Date: Wed, 29 Jun 2016 00:10:34 +0200
User-agent: Thunderbird

On 28/06/16 22:16, Tim Rühsen wrote:
Patching src/openssl.c for 1.1.0 (see below) let it compile.
But the HTTPS tests fail due to

ERROR: cannot verify localhost's certificate, issued by 'O=GNU,OU=Wget,CN=GNU
   unsupported certificate purpose

Any idea ?

server-cert.pem has the following extensions:
Key Usage
Usages:    Revocation list signature
Critical:    Yes

Extended Key Usage
Allowed Purposes:    Server Authentication
Critical:    No

Looks like the second extension isn't supported by OpenSSL 1.1.0, and Server Authentication not being in Key Usage, it is rejected.

Recreate this certificate with no Key Usage at all would probably fix it. I'm not sure about the required steps, though.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]