Hi, The patch looks good to me. As Tim says, I would also pass NULL as the second param in line 20. If we provide --ca-directory what would happen is that OpenSSL will pick up the most suitable certificate from the directory based on the hash value of the name, and some other field I don't remember. GnuTLS will consider all of them. In the end it's the same behavior.
Tim, could you merge the patch? On 29/12/18 17:54, Jeffrey Walton wrote: > On Sat, Dec 29, 2018 at 11:43 AM Tim Rühsen <[email protected]> wrote: >> >> On 29.12.18 05:00, Jeffrey Walton wrote: >>> On Fri, Dec 28, 2018 at 10:07 PM Jeffrey Walton <[email protected]> wrote: >>>> >>>> The sample wgetrc is missing info on ca_directory . Also see >>>> https://www.gnu.org/software/wget/manual/html_node/Sample-Wgetrc.html. >>>> >>>> I also cannot figure out how to tell Wget to use cacert.pem. I've >>>> tried ca_cert, ca_certs and ca_certfile but it produces: >>>> >>>> wget: Unknown command ‘ca_file’ in /opt/bootstrap/etc/wgetrc at line >>>> 141 >>>> Parsing system wgetrc file failed. >>> >>> My bad... I found it. openssl.c used "opt.ca_cert", so I was trying to >>> use the same in rc file. The correct name is ca_certificate. >> >> There are some inconsistencies with the naming in rc files and on the >> command line. We do not have this any more with wget2. >> >>> Tim, you may want this when Wget is built against OpenSSL. It makes >>> Wget/OpenSSL behave like Wget/GnuTLS: >>> https://github.com/noloader/Build-Scripts/blob/master/bootstrap/wget.patch >> >> Thanks for the pointer. >> >> On L20 the second param to SSL_CTX_load_verify_locations can be NULL. >> >> I personally don't care much for OpenSSL - I put Ander on CC. > > Yeah, understood. > > The problem I'm facing is I need a working Wget quickly. Trying to > build GnuTLS from sources is too heavy weight at this point in the > process. I can do it later, but I need the lightweight version > immediately. > > The patch tested OK on Linux back to Fedora 1 with GCC 3. I've still > got AIX, OS X, Solaris and some other testing to do. > > Jeff >
pEpkey.asc
Description: application/pgp-keys
