Your message dated Sat, 23 Jul 2011 11:33:46 +0200
with message-id <[email protected]>
and subject line Re: wget 1.12-4 fixed
has caused the Debian Bug report #425768,
regarding private key is no longer read from the certificate file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
425768: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425768
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wget
Version: 1.10.2+1.11.beta1-1
Severity: normal
Tags: patch
In wget versions prior to 1.10, specifying a SSL client certificate
file that contained both the public and private key was sufficient:
wget --certificate=foo.pem https://server/
With 1.10, it now needs the private key specified separately, even if
it's in the same file:
wget --certificate=foo.pem --private-key=foo.pem https://server/
>From the man page wget(1), it seems that the --private-key option is
still intended to be required only when the private key is in a
different file:
--private-key=file
Read the private key from file. This allows you to provide
the private key in a file separate from the certificate.
It looks like the behavior changed at the same time the SSL stuff was
moved into openssl.c, so I suspect it was unintentional. The below
patch restores the previous behavior.
-jim
diff -purN wget-1.10.2+1.11.beta1.orig/src/openssl.c
wget-1.10.2+1.11.beta1/src/openssl.c
--- wget-1.10.2+1.11.beta1.orig/src/openssl.c 2006-07-14 09:25:50.000000000
-0400
+++ wget-1.10.2+1.11.beta1/src/openssl.c 2007-05-23 16:23:56.000000000
-0400
@@ -210,6 +210,12 @@ ssl_init ()
than examining the error stack after a failed SSL_connect. */
SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_NONE, NULL);
+ /* Use the private key from the cert file unless specified otherwise. */
+ if (opt.cert_file && !opt.private_key) {
+ opt.private_key = opt.cert_file;
+ opt.private_key_type = opt.cert_type;
+ }
+
if (opt.cert_file)
if (SSL_CTX_use_certificate_file (ssl_ctx, opt.cert_file,
key_type_to_ssl_type (opt.cert_type))
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.4
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages wget depends on:
ii libc6 2.5-7 GNU C Library: Shared libraries
ii libssl0.9.8 0.9.8c-3 SSL shared libraries
wget recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Am Freitag, den 22.07.2011, 15:09 +0200 schrieb Noël Köthe:
> fixed 614373 1.12-4
> fixed 627468 1.12-4
> fixed 589993 1.12-4
> fixed 545091 1.12-4
> fixed 542145 1.12-4
> thanks
>
> wget (1.12-4) unstable; urgency=low
>
> * acknowledge NMUs. Thanks for your work Thorsten and Filippo
> closes: #622032 #614373
> * updated Standards-Version: to 3.9.2 without changes
> * fixed lintian warning:
> - debian-rules-missing-recommended-target
> * debian/control add Multi-Arch: foreign
> closes: #614203
> * removing wget-infopod_generated_manpage to get the old/upstream
> provided manpage and no the infopage as manpage. See 1.11.4-4
> where it were changed. This will return some errors (incomplete
> sentences, some missing parts) which are caused by texi2pod.
> closes: #633702 #627468 #589993 #545091
> * debian/control added libidn11-dev Build-Dep to get IDN support
> closes: #536692 #542145
> * debian/control changed FTP and HTTP to uppercase in the description
> closes: #596358
> * exit status is documented in the manpage. closes #179710
> * --follow-ftp example in manpage made more accurate. closes #512578
>
> -- Noèl Köthe <[email protected]> Fri, 22 Jul 2011 10:22:53 +0200
>
>
>
--
Noël Köthe <[email protected]>
Debian GNU/Linux, www.debian.org
signature.asc
Description: This is a digitally signed message part
--- End Message ---
