Giuseppe Scrivano wrote:
Hi Ángel,
thanks for the suggestion, it looks fine to me. I already pushed the
patch, could you prepare a new one that adds this part?
Regards,
Giuseppe
Sure. This was actually a diff against the file in master, so if you are
ok with the contents,
it only needed a commit log.
Attached.
>From 01c307daeefa4736b7aa7c82c2d3eade05c3ba55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81ngel=20Gonz=C3=A1lez?= <[email protected]>
Date: Thu, 10 Dec 2015 23:02:14 +0100
Subject: [PATCH] doc/wget.texi: Hint that you can pin to a self-signed
certificate instead of using --no-check-certificate
---
doc/wget.texi | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/doc/wget.texi b/doc/wget.texi
index 64cb056..f3925ca 100644
--- a/doc/wget.texi
+++ b/doc/wget.texi
@@ -1725,9 +1725,12 @@ this option to bypass the verification and proceed with the download.
site's authenticity, or if you really don't care about the validity of
its certificate.} It is almost always a bad idea not to check the
certificates when transmitting confidential or important data.
-If you are really sure of what you are doing, you can specify
---check-certificate=quiet to tell wget to not print any warning about
-invalid certificates, in most cases this is the wrong thing to do.
+For self-signed/internal certificates, you should download the certificate
+and verify against that instead of forcing this insecure mode.
+If you are really sure of not desiring any certificate verification, you
+can specify --check-certificate=quiet to tell wget to not print any
+warning about invalid certificates, albeit in most cases this is the
+wrong thing to do.
@cindex SSL certificate
@item --certificate=@var{file}
--
2.6.2
