Bug#646413: [bug #38004] wget should have a way to fall back to the system installed certificates when using --ca-directory

Mon, 31 Dec 2012 01:48:13 -0800 

URL:
  <http://savannah.gnu.org/bugs/?38004>

                 Summary: wget should have a way to fall back to the system
installed certificates when using --ca-directory
                 Project: GNU Wget
            Submitted by: nok
            Submitted on: Mo 31 Dez 2012 10:45:46 CET
                Category: Feature Request
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 1.13.4
        Operating System: GNU/Linux
         Reproducibility: Every Time
           Fixed Release: None
         Planned Release: None
              Regression: None
           Work Required: None
          Patch Included: No

    _______________________________________________________

Details:

Hello,

a forwarded bug http://bugs.debian.org/646413

--8<--
The system installed certificates directory is not complete, so that
one may need to have additional certificates in one's own directory
and use the --ca-directory (either as a command-line option or via
the .wgetrc file). But if such an option is used, the system installed
certificates are no longer used, as documented in the wget man page,
meaning that wget will start to fail on various sites. For instance:

xvii:~> wget --ca-directory=$HOME/wd/config/cacert https://twitter.com/
--2011-10-24 02:29:31--  https://twitter.com/
Resolving twitter.com (twitter.com)... 199.59.148.10, 199.59.149.198,
199.59.149.230
Connecting to twitter.com (twitter.com)|199.59.148.10|:443... connected.
ERROR: The certificate of `twitter.com' is not trusted.
ERROR: The certificate of `twitter.com' hasn't got a known issuer.
zsh: exit 5     wget --ca-directory=$HOME/wd/config/cacert
https://twitter.com/

xvii:~> wget https://twitter.com/
--2011-10-24 02:34:20--  https://twitter.com/
Resolving twitter.com (twitter.com)... 199.59.148.10, 199.59.149.198,
199.59.149.230
Connecting to twitter.com (twitter.com)|199.59.148.10|:443... connected.
HTTP request sent, awaiting response... 200 OK
[...]

There should be a way to fallback to the system installed certificates
directory. For instance, --ca-directory could contain a list of
directories (like $PATH-like environment variables), and if the
path ends with a ":", the default directories are appended.
--8<--




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?38004>

_______________________________________________
  Nachricht gesendet von/durch Savannah
  http://savannah.gnu.org/


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to