On 28/06/16 22:16, Tim Rühsen wrote:
Patching src/openssl.c for 1.1.0 (see below) let it compile.
But the HTTPS tests fail due to
ERROR: cannot verify localhost's certificate, issued by 'O=GNU,OU=Wget,CN=GNU
Wget':
unsupported certificate purpose
Any idea ?
server-cert.pem has the following extensions:
Key Usage
Usages: Revocation list signature
Critical: Yes
Extended Key Usage
Allowed Purposes: Server Authentication
Critical: No
Looks like the second extension isn't supported by OpenSSL 1.1.0, and
Server Authentication not being in Key Usage, it is rejected.
Recreate this certificate with no Key Usage at all would probably fix
it. I'm not sure about the required steps, though.
Regards
