wget, compiled with gnutls behaves as you expect. This is true for current Debian sid:
$ wget --version GNU Wget 1.13.4 built on linux-gnu. +digest +https +ipv6 +iri +large-file +nls -ntlm +opie +ssl/gnutls ... Example: $ wget --ca-certificate=/dev/null --ca-directory=/tmp/emptydir https://www.google.de --2012-05-18 17:25:34-- https://www.google.de/ ERROR: Cannot open directory /tmp/emptydir. Resolving www.google.de (www.google.de)... 173.194.69.94 Connecting to www.google.de (www.google.de)|173.194.69.94|:443... connected. ERROR: The certificate of `www.google.de' is not trusted. ERROR: The certificate of `www.google.de' hasn't got a known issuer. So far ,this bug can be closed. FYI, current wget compiled with openssl still has this bug. Regards, Tim -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org