[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] OpenSSL 1.1.0

From: Tim Ruehsen
Subject: Re: [Bug-wget] OpenSSL 1.1.0
Date: Wed, 29 Jun 2016 10:05:45 +0200
User-agent: KMail/4.14.10 (Linux/4.6.0-1-amd64; KDE/4.14.21; x86_64; ; )

On Wednesday 29 June 2016 00:10:34 Ángel González wrote:
> On 28/06/16 22:16, Tim Rühsen wrote:
> > Patching src/openssl.c for 1.1.0 (see below) let it compile.
> > But the HTTPS tests fail due to
> > 
> > ERROR: cannot verify localhost's certificate, issued by
> > 'O=GNU,OU=Wget,CN=GNU> 
> > Wget':
> >    unsupported certificate purpose
> > 
> > Any idea ?
> server-cert.pem has the following extensions:
> Key Usage
> Usages:    Revocation list signature
> Critical:    Yes
> Extended Key Usage
> Allowed Purposes:    Server Authentication
> Critical:    No
> Looks like the second extension isn't supported by OpenSSL 1.1.0, and
> Server Authentication not being in Key Usage, it is rejected.
> Recreate this certificate with no Key Usage at all would probably fix
> it. I'm not sure about the required steps, though.

Thanks for the hint, I'll check it out.

BTW, I documented the creation of the test certs in testenv/certs/README.

Meanwhile I saw that certtool supports also has a non-interactive mode... so 
it would be possible to write a small shell script to automate the process of 
creating the test keys/certs/crl etc.


Attachment: signature.asc
Description: This is a digitally signed message part.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]