On Sat, Dec 29, 2018 at 11:43 AM Tim Rühsen <tim.rueh...@gmx.de> wrote: > > On 29.12.18 05:00, Jeffrey Walton wrote: > > On Fri, Dec 28, 2018 at 10:07 PM Jeffrey Walton <noloa...@gmail.com> wrote: > >> > >> The sample wgetrc is missing info on ca_directory . Also see > >> https://www.gnu.org/software/wget/manual/html_node/Sample-Wgetrc.html. > >> > >> I also cannot figure out how to tell Wget to use cacert.pem. I've > >> tried ca_cert, ca_certs and ca_certfile but it produces: > >> > >> wget: Unknown command ‘ca_file’ in /opt/bootstrap/etc/wgetrc at line > >> 141 > >> Parsing system wgetrc file failed. > > > > My bad... I found it. openssl.c used "opt.ca_cert", so I was trying to > > use the same in rc file. The correct name is ca_certificate. > > There are some inconsistencies with the naming in rc files and on the > command line. We do not have this any more with wget2. > > > Tim, you may want this when Wget is built against OpenSSL. It makes > > Wget/OpenSSL behave like Wget/GnuTLS: > > https://github.com/noloader/Build-Scripts/blob/master/bootstrap/wget.patch > > Thanks for the pointer. > > On L20 the second param to SSL_CTX_load_verify_locations can be NULL. > > I personally don't care much for OpenSSL - I put Ander on CC.
Yeah, understood. The problem I'm facing is I need a working Wget quickly. Trying to build GnuTLS from sources is too heavy weight at this point in the process. I can do it later, but I need the lightweight version immediately. The patch tested OK on Linux back to Fedora 1 with GCC 3. I've still got AIX, OS X, Solaris and some other testing to do. Jeff