Thanks Jochen for your response. BTW, a little questions -
Currently Does wget new version support or verify SAN/UCC SSL certificate? If yes, but I tried to install wget 1.13.x, but there still was issue as below. (gnutls-2.12.14 without p11-kit-1), Please advie. [root@xx-linux wget-1.13.4]# wget -v -O xx https://www.verisign.net --2011-11-23 19:07:54-- https://www.verisign.net/ Resolving www.verisign.net (www.verisign.net)... 69.58.181.89 Connecting to www.verisign.net (www.verisign.net)|69.58.181.89|:443... connected. ERROR: The certificate of `www.verisign.net' is not trusted. ERROR: The certificate of `www.verisign.net' hasn't got a known issuer. [root@xx-linux wget-1.13.4]# [root@xx-linux wget-1.13.4]# wget -V GNU Wget 1.13.4 built on linux-gnu. +digest +https +ipv6 +iri +large-file +nls -ntlm +opie +ssl/gnutls Wgetrc: /usr/local/etc/wgetrc (system) Locale: /usr/local/share/locale Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/local/etc/wgetrc" -DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib -O2 -Wall Link: gcc -O2 -Wall /usr/local/lib/libgnutls.so /usr/local/lib/libnettle.a -lgmp /usr/local/lib/libhogweed.a -lz -lpthread -Wl,-rpath -Wl,/usr/local/lib -lz -lidn -lrt ftp-opie.o gnutls.o ../lib/libgnu.a Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://www.gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Originally written by Hrvoje Niksic <[email protected]>. Please send bug reports and questions to <[email protected]>. [root@xx-linux wget-1.13.4]# uname -a Linux xx-linux.corp.walmart.com 2.6.9-89.ELsmp #1 SMP Mon Apr 20 10:34:33 EDT 2009 i686 i686 i386 GNU/Linux Thanks for your time. Best Regards Wallance hou Bleum Incorporated Wallance Hou Network Engineer Email: [email protected] Cloud-9 Mansion 19F Tel: 86-21-62821122 1118 West Yan'an Road. Shanghai, P.R.C. 200052 This email may contain confidential information and/or copyright material. This email and any attachments are solely for the intended recipient. If you are not the intended recipient, disclosure, copying, use or distribution of the information included in this message may be unlawful. please advise the sender immediately by using the reply facility in your email software, and immediately and permanently delete. Thank you for your cooperation. -----Original Message----- From: Jochen Roderburg [mailto:[email protected]] Sent: Wednesday, November 23, 2011 9:36 PM To: Wallance Hou Cc: [email protected] Subject: Re: [Bug-wget] wget feature request: support for SAN/UCC SSL Certs RFC 3280 part 4.2.1.7 Zitat von Wallance Hou <[email protected]>: > Could you give me a favor about the below issue for wget? But other > linux installing wget 1.8.2-15.rpm is ok. Now I want to degrade > version 1.8.2-15, can you help me how to install it? Because that > exists many dependent relationship. > > [root@xx-linux ~]# wget https://www.verisign.net > --2011-11-22 23:30:37-- https://www.verisign.net/ > Resolving www.verisign.net (www.verisign.net)... 69.58.181.89 > Connecting to www.verisign.net > (www.verisign.net)|69.58.181.89|:443... connected. > ERROR: certificate common name “www.verisign.com†doesn’t > match requested host name “www.verisign.netâ€. > To connect to www.verisign.net insecurely, use ‘--no-check-certificate’. > [root@xx-linux ~]# wget -version > wget: Invalid --execute command “rsion†> [root@xx-linux ~]# wget --version > GNU Wget 1.12 built on linux-gnu. wget 1.8.2 (a very old version from 2002) works, because it does not check certificates at all. wget 1.12 does not work, because it checks certificates by default, but does not handle certificates with multiple hostnames. The error message tells you that you can inhibit this checking with the parameter --no-check-certificate (then you have the same behaviour as in the older versions). Recent 1.13.x versions have no problem with this situation. Choose your weapon at will. ;-) Regards, J.Roderburg
