On 13 October 2014 10:25, Joe Hoyle joeho...@gmail.com wrote:
Hi All,
I’m having issues using --convert-links” in conjunction with
--content-on-error”. Though --content-on-error” is forcing wget to download
the pages, the links to that “errored” page is not update in other pages that
Hi.
Could you please consider to remove SSLv3 (and if not done yet SSLv2 as
well) from being automatically used, while still leaving users the
choice to manually enable it (e.g. via --secure-protocol=SSLv2/3).
I think it would be a bad idea to expect that these insecure versions
are dropped from
Am Donnerstag, 16. Oktober 2014, 14:03:43 schrieb Christoph Anton Mitterer:
Hi.
Could you please consider to remove SSLv3 (and if not done yet SSLv2 as
well) from being automatically used, while still leaving users the
choice to manually enable it (e.g. via --secure-protocol=SSLv2/3).
I
Am Mittwoch, 15. Oktober 2014, 17:26:49 schrieb Daniel Kahn Gillmor:
On 10/15/2014 03:10 PM, Tim Rühsen wrote:
I tried to make clear that Wget *explicitely* asks for SSLv2 and SSLv3 in
the default configuration when compiled with OpenSSL. Whatever the
OpenSSL library vendor is doing... it
On 16/10/14 19:01, Tim Rühsen wrote:
Am Donnerstag, 16. Oktober 2014, 14:03:43 schrieb Christoph Anton Mitterer:
Also, it wget seems to have this --secure-protocol=PFS, which seems a
bit strange to me, since PFS is not a property of TLS/SSL itself but
rather the algorithms used.
Especially,
Ángel González wrote:
First of all, note that wget doesn't react to a disconnect with a
downgraded retry thus
it is mainly not vulnerable to poodle (you could only use
CVE-2014-3566 against servers
not supporting TLS).
Note I tested both openssl and gnutls builds. Then I rebuilt 1.15¹ with
Ángel González wrote:
First of all, note that wget doesn't react to a disconnect with a
downgraded retry thus
it is mainly not vulnerable to poodle (you could only use
CVE-2014-3566 against servers
not supporting TLS).
And curl is equally not affected (tested 7.38.0).
patch V2
- removed SSLv3 from --secure-protocol=auto|pfs (GnuTLS code)
- removed SSLv3 from --secure-protocol=auto (OpenSSL code)
- amended the docs
I am not an OpenSSL expert... please feel free to suggest improvements.
Tim
Am Donnerstag, 16. Oktober 2014, 20:50:32
Hi, I fould a potential gotcha when playing with clang's code analysis tool.
The concat_strings function silently stopped counting string lengths when
given more than 5 arguments. clang warned about potential garbage values in
the saved_lengths array, so I redid it with this approach.
All tests
