On 02/12/15 14:33, Giuseppe Scrivano wrote:
Tim agreed so I've changed the patch to add --check-certificate=quiet.
How does the new version look?
Thanks,
Giuseppe
diff --git a/doc/wget.texi b/doc/wget.texi
index c647e33..9cc2bb2 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -1725,6 +1725,9 @@ this option to bypass the verification and proceed with
the download.
site's authenticity, or if you really don't care about the validity of
its certificate.} It is almost always a bad idea not to check the
certificates when transmitting confidential or important data.
+If you are really sure of what you are doing, you can specify
+--check-certificate=quiet to ask wget to not print any warning about
+invalid certificates, in most cases this is the wrong thing to do.
What about adding a hint about providing the self-signed as trusted?
Something like:
diff --git a/doc/wget.texi b/doc/wget.texi
index 64cb056..f3925ca 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -1725,9 +1725,12 @@ this option to bypass the verification and
proceed with the download.
site's authenticity, or if you really don't care about the validity of
its certificate.} It is almost always a bad idea not to check the
certificates when transmitting confidential or important data.
-If you are really sure of what you are doing, you can specify
---check-certificate=quiet to tell wget to not print any warning about
-invalid certificates, in most cases this is the wrong thing to do.
+For self-signed/internal certificates, you should download the
certificate
+and verify against that instead of forcing this insecure mode.
+If you are really sure of not desiring any certificate verification, you
+can specify --check-certificate=quiet to tell wget to not print any
+warning about invalid certificates, albeit in most cases this is the
+wrong thing to do.
@cindex SSL certificate
@item --certificate=@var{file}
Regards
