[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3
From: |
Wallance Hou |
Subject: |
Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7 |
Date: |
Thu, 24 Nov 2011 03:14:27 +0000 |
Thanks Jochen for your response.
BTW, a little questions -
Currently Does wget new version support or verify SAN/UCC SSL certificate? If
yes, but I tried to install wget 1.13.x, but there still was issue as below.
(gnutls-2.12.14 without p11-kit-1), Please advie.
address@hidden wget-1.13.4]# wget -v -O xx https://www.verisign.net
--2011-11-23 19:07:54-- https://www.verisign.net/
Resolving www.verisign.net (www.verisign.net)... 69.58.181.89
Connecting to www.verisign.net (www.verisign.net)|69.58.181.89|:443...
connected.
ERROR: The certificate of `www.verisign.net' is not trusted.
ERROR: The certificate of `www.verisign.net' hasn't got a known issuer.
address@hidden wget-1.13.4]#
address@hidden wget-1.13.4]# wget -V
GNU Wget 1.13.4 built on linux-gnu.
+digest +https +ipv6 +iri +large-file +nls -ntlm +opie +ssl/gnutls
Wgetrc:
/usr/local/etc/wgetrc (system)
Locale: /usr/local/share/locale
Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/local/etc/wgetrc"
-DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib -O2
-Wall
Link: gcc -O2 -Wall /usr/local/lib/libgnutls.so /usr/local/lib/libnettle.a
-lgmp /usr/local/lib/libhogweed.a -lz -lpthread -Wl,-rpath
-Wl,/usr/local/lib -lz -lidn -lrt ftp-opie.o gnutls.o
../lib/libgnu.a
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Originally written by Hrvoje Niksic <address@hidden>.
Please send bug reports and questions to <address@hidden>.
address@hidden wget-1.13.4]# uname -a
Linux xx-linux.corp.walmart.com 2.6.9-89.ELsmp #1 SMP Mon Apr 20 10:34:33 EDT
2009 i686 i686 i386 GNU/Linux
Thanks for your time.
Best Regards
Wallance hou
Bleum Incorporated
Wallance Hou
Network Engineer
Email: address@hidden
Cloud-9 Mansion 19F
Tel: 86-21-62821122
1118 West Yan'an Road.
Shanghai, P.R.C. 200052
This email may contain confidential information and/or copyright material. This
email and any attachments are solely for the intended recipient.
If you are not the intended recipient, disclosure, copying, use or distribution
of the information included in this message may be unlawful. please advise the
sender immediately by using the reply facility in your email software, and
immediately and permanently delete.
Thank you for your cooperation.
-----Original Message-----
From: Jochen Roderburg [mailto:address@hidden
Sent: Wednesday, November 23, 2011 9:36 PM
To: Wallance Hou
Cc: address@hidden
Subject: Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC
3280 part 4.2.1.7
Zitat von Wallance Hou <address@hidden>:
> Could you give me a favor about the below issue for wget? But other
> linux installing wget 1.8.2-15.rpm is ok. Now I want to degrade
> version 1.8.2-15, can you help me how to install it? Because that
> exists many dependent relationship.
>
> address@hidden ~]# wget https://www.verisign.net
> --2011-11-22 23:30:37-- https://www.verisign.net/
> Resolving www.verisign.net (www.verisign.net)... 69.58.181.89
> Connecting to www.verisign.net
> (www.verisign.net)|69.58.181.89|:443... connected.
> ERROR: certificate common name “www.verisign.com†doesn’t
> match requested host name “www.verisign.netâ€.
> To connect to www.verisign.net insecurely, use ‘--no-check-certificate’.
> address@hidden ~]# wget -version
> wget: Invalid --execute command “rsionâ€
> address@hidden ~]# wget --version
> GNU Wget 1.12 built on linux-gnu.
wget 1.8.2 (a very old version from 2002) works, because it does not
check certificates at all.
wget 1.12 does not work, because it checks certificates by default,
but does not handle certificates with multiple hostnames. The error
message tells you that you can inhibit this checking with the
parameter --no-check-certificate (then you have the same behaviour as
in the older versions).
Recent 1.13.x versions have no problem with this situation.
Choose your weapon at will. ;-)
Regards, J.Roderburg