I believe wget has a security flaw in its certificate hostname matching code.
In the attached server certificate, the hostname is provided via a
Subject Alt Name (SAN). The only SAN entry is a DNS name for *.com.
Also attached is the default CA, which was used to sign the server's
certificate.
Hi Jeffrey--
On 03/18/2014 01:43 AM, Jeffrey Walton wrote:
I believe wget has a security flaw in its certificate hostname matching code.
In the attached server certificate, the hostname is provided via a
Subject Alt Name (SAN). The only SAN entry is a DNS name for *.com.
Also attached is
I was trying to download a large ISO (4GB) through a metalink file.
The first thing that struck me was: The file is first downloaded to
/tmp and then moved to the location.
Is there any specific reason for this? I understand that downloading
partial files to /tmp , stitching them and then moving
I don't think wget should be checking correct hostname scope of the
certificate.
I mean, it'd be ok to have some general rule as noone can use a
certificate for
*.whatever or *. [1] but embedding the Public Suffix List seems overkill.
And the implementation should probably be performed at
Hi Jeffrey,
thanks for pointing this out.
BTW, to reproduce the issue I used a GnuTLS compiled/linked version of Wget:
$ wget -d --ca-certificate=ca-rsa-cert.pem --private-key=ca-rsa-key-plain.pem
https://example.com:8443
2014-03-18 21:48:04 (1.88 GB/s) - Read error at byte 5116 (The TLS
On 03/18/2014 05:31 PM, Tim Rühsen wrote:
$ wget -d --ca-certificate=ca-rsa-cert.pem --private-key=ca-rsa-key-plain.pem
https://example.com:8443
2014-03-18 21:48:04 (1.88 GB/s) - Read error at byte 5116 (The TLS connection
was non-properly terminated.).Retrying.
There seems to be a
I have an account with smsglobal, they have sms http api as so:
http://www.smsglobal.com/http-api/
If I use a browser like so:
http://www.smsglobal.com/http-api.php?action=sendsmsuser=mynamepassword=mypasswordfrom=myselfto=targetcellphonetext=Hello%20world
browser says:
OK: 0; Sent queued