tags 646983 + pending thanks I just uploaded an NMU to DELAYED/5 to resolve #646983 to re-enable client-side certificates in wget.
Attached is the debdiff between 1.13.4-2 and my new 1.13.4-2.1 version.
Regards,
--dkg
diff -Nru wget-1.13.4/debian/changelog wget-1.13.4/debian/changelog
--- wget-1.13.4/debian/changelog 2012-01-13 14:10:21.000000000 -0500
+++ wget-1.13.4/debian/changelog 2012-04-06 02:45:03.000000000 -0400
@@ -1,3 +1,10 @@
+wget (1.13.4-2.1) unstable; urgency=low
+
+ * Non-Maintainer Upload.
+ * Support client-side certificates when using GnuTLS. (Closes: #646983)
+
+ -- Daniel Kahn Gillmor <d...@fifthhorseman.net> Tue, 03 Apr 2012 15:10:44 -0400
+
wget (1.13.4-2) unstable; urgency=low
* added hardened build flag. thx Moritz for the patch
diff -Nru wget-1.13.4/debian/patches/gnutls-client-cert wget-1.13.4/debian/patches/gnutls-client-cert
--- wget-1.13.4/debian/patches/gnutls-client-cert 1969-12-31 19:00:00.000000000 -0500
+++ wget-1.13.4/debian/patches/gnutls-client-cert 2012-04-03 16:00:16.000000000 -0400
@@ -0,0 +1,54 @@
+--- a/src/gnutls.c
++++ b/src/gnutls.c
+@@ -54,6 +54,20 @@
+ # include "w32sock.h"
+ #endif
+
++static int
++key_type_to_gnutls_type (enum keyfile_type type)
++{
++ switch (type)
++ {
++ case keyfile_pem:
++ return GNUTLS_X509_FMT_PEM;
++ case keyfile_asn1:
++ return GNUTLS_X509_FMT_DER;
++ default:
++ abort ();
++ }
++}
++
+ /* Note: some of the functions private to this file have names that
+ begin with "wgnutls_" (e.g. wgnutls_read) so that they wouldn't be
+ confused with actual gnutls functions -- such as the gnutls_read
+@@ -101,6 +115,30 @@
+ closedir (dir);
+ }
+
++ /* Use the private key from the cert file unless otherwise specified. */
++ if (opt.cert_file && !opt.private_key)
++ {
++ opt.private_key = opt.cert_file;
++ opt.private_key_type = opt.cert_type;
++ }
++ /* Use the cert from the private key file unless otherwise specified. */
++ if (!opt.cert_file && opt.private_key)
++ {
++ opt.cert_file = opt.private_key;
++ opt.cert_type = opt.private_key_type;
++ }
++
++ if (opt.cert_file && opt.private_key) {
++ if (opt.private_key_type != opt.cert_type) {
++ /* GnuTLS can't handle this */
++ logprintf (LOG_NOTQUIET, _("ERROR: GnuTLS requires the key and the cert to be of the same type. Preferring --private-key-type over --certificate-type.\n"));
++ }
++
++ gnutls_certificate_set_x509_key_file (credentials, opt.cert_file,
++ opt.private_key,
++ key_type_to_gnutls_type(opt.private_key_type));
++ }
++
+ if (opt.ca_cert)
+ gnutls_certificate_set_x509_trust_file (credentials, opt.ca_cert,
+ GNUTLS_X509_FMT_PEM);
diff -Nru wget-1.13.4/debian/patches/series wget-1.13.4/debian/patches/series
--- wget-1.13.4/debian/patches/series 2011-08-12 08:25:02.000000000 -0400
+++ wget-1.13.4/debian/patches/series 2012-04-03 15:06:07.000000000 -0400
@@ -3,3 +3,4 @@
wget-fr.po-spelling-correction
wget-passive_ftp-default
debian-changes-1.13-1
+gnutls-client-cert
pgpSWp2UL5EHK.pgp
Description: PGP signature
