Hi all, we're having trouble forcing wget to reject https servers that do not present themselves with valid certificate in the context of custom CA. It seems that wget has some default set of trusted certificates (that is verisign, blah blah) that can't be disabled.
For example, I want this to fail wget -O- --ca-certificate=myservercert.pem https://www.google.com assuming myservercert.pem has nothing to do with Google's certificate or its trust chain, but it does not fail. With curl, I'm having no trouble. According to replies at http://unix.stackexchange.com/questions/199372/wget-force-no-default-certificates this seems to be a bug (or configuration error?) on some wget versions, but not others. Any thoughts?
