Re: [Bug-wget] Message faults in wget 1.13-pre1
Petr Pisar petr.pi...@atlas.cz writes: # FIXME: Double dot #: src/http.c:3121 msgid Cannot write to WARC file..\n # FIXME: missing space after comma #: src/main.c:1197 #, c-format msgid Both --no-clobber and --convert-links were specified,only --convert-links will be used.\n Thanks! I have fixed it. Giuseppe
Re: [Bug-wget] [PATCH] add RFC 2617 Digest Authentication
Tim Ruehsen tim.rueh...@gmx.de writes: Hi, it is a quicky, but I just tested it with Apache2. * http.c (digest_authentication_encode): added rudimentary support for RFC 2617 qop='auth' @Michael: maybe you can apply the patch and test it with your server. But i'm pretty confident that it works. Thanks! I have applied it, I will try to test it more later. Michael, does it work for you? Giuseppe
Re: [Bug-wget] [FEATURE-REQUEST] Pinning SSL certificates / check SSL fingerprints
On 07/07/2012 12:50 PM, Ángel González wrote: On 06/07/12 01:01, pro...@secure-mail.biz wrote: Because SSL CA's have failed many times (Comodo, DigiNotar, ...) I wish to have an option to pin a SSL certificate. The fingerprint may be optionally provided through a new option. Have you tried using --ca-certificate option? I believe the OP wants to pin the certificate of the remote server (that is, the end entity certificate), whereas --ca-certificate pins the certificate of the issuing authority. --dkg signature.asc Description: OpenPGP digital signature
Re: [Bug-wget] [FEATURE-REQUEST] Pinning SSL certificates / check SSL fingerprints
d...@fifthhorseman.net wrote: On 07/07/2012 12:50 PM, Ángel González wrote: On 06/07/12 01:01, pro...@secure-mail.biz wrote: Because SSL CA's have failed many times (Comodo, DigiNotar, ...) I wish to have an option to pin a SSL certificate. The fingerprint may be optionally provided through a new option. Have you tried using --ca-certificate option? I believe the OP wants to pin the certificate of the remote server (that is, the end entity certificate), whereas --ca-certificate pins the certificate of the issuing authority. Yes, that's what I actually wanted to say. Thanks for clarifying. Cheers, proper __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts.
Re: [Bug-wget] [FEATURE-REQUEST] Pinning SSL certificates / check SSL fingerprints
Hi, I have a tiny comment from a downstream packager standpoint: It would be nice if the capath would be configurable during configure time instead of hardcoding it to /etc/ssl/certs as it is now - we e.g. use /etc/opt/csw/ssl/certs and need to perl-pi in the unpacked sources. Not a real problem, but also not the most elegant solution. Best regards -- Dago -- You don't become great by trying to be great, you become great by wanting to do something, and then doing it so hard that you become great in the process. - xkcd #896
Re: [Bug-wget] [FEATURE-REQUEST] Pinning SSL certificates / check SSL fingerprints
On 07/07/2012 02:20 PM, Dagobert Michelsen wrote: I have a tiny comment from a downstream packager standpoint: It would be nice if the capath would be configurable during configure time instead of hardcoding it to /etc/ssl/certs as it is now - we e.g. use /etc/opt/csw/ssl/certs and need to perl-pi in the unpacked sources. Not a real problem, but also not the most elegant solution. fwiw, I agree with this, and suspect that a patch wouldn't be hard to come up with (and would be fairly non-controversial). If you're building against GnuTLS, Look around line 88 of gnutls.c, because i don't think GnuTLS embeds a default location for a trusted root certificate store. If you're building against OpenSSL, i think you might want to change your OpenSSL configuration directly (at least on debian, libcrypto seems to hardcode a default path to /usr/lib/ssl/certs, which is a symlink to /etc/ssl/certs). hth, --dkg signature.asc Description: OpenPGP digital signature
