Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified

2014-10-17 Thread Christoph Anton Mitterer
On Fri, 2014-10-17 at 21:40 +0200, Tim Rühsen wrote: > Looking at the thread 'SSL Poodle attack'. > So far everybody seem to agree to disable SSLv3 in the default settings. > I already posted a patch for OpenSSL and GnuTLS. > > Because 'Poodle' itself does not affect Wget (e.g. you need a Javascr

[Bug-wget] "Transparent proxy URL" ariation on "-E -k" options ?

2014-10-17 Thread Gabriel Somlo
Hi, I'm working on a "Web-in-a-sandbox" project, trying to host shallow (-l 2) copies of several web sites on a server running in a private Internet "replica". So far, httrack's "-K5" option (which they call "transparent proxy URL") appears to do what I need (see http://www.httrack.com/html/htt

Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified

2014-10-17 Thread Tim Rühsen
Am Freitag, 17. Oktober 2014, 18:02:39 schrieb Christoph Anton Mitterer: > On Thu, 2014-10-16 at 21:34 +0200, Ángel González wrote: > > First of all, note that wget doesn't react to a disconnect with a > > downgraded retry thus > > it is mainly not vulnerable to poodle (you could only use CVE-2014-

Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified

2014-10-17 Thread Christoph Anton Mitterer
On Thu, 2014-10-16 at 21:34 +0200, Ángel González wrote: > First of all, note that wget doesn't react to a disconnect with a > downgraded retry thus > it is mainly not vulnerable to poodle (you could only use CVE-2014-3566 > against servers > not supporting TLS). > > Then, even in that case, as

Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified

2014-10-17 Thread Christoph Anton Mitterer
Hey. On Thu, 2014-10-16 at 19:01 +0200, Tim Rühsen wrote: > Thanks for your input. > > We are just discussing that issue (and of course anybody is invited to take > part here on the list). Sorry, I've only saw that one afterwards :) > While we (developers) could change the code in a few minut

Re: [Bug-wget] [PATCH] Small fix for limited number of strings (and potential garbage value) in arguments to concat_strings

2014-10-17 Thread Tim Rühsen
Am Donnerstag, 16. Oktober 2014, 21:50:50 schrieb Pär Karlsson: > Hi, I fould a potential gotcha when playing with clang's code analysis tool. > > The concat_strings function silently stopped counting string lengths when > given more than 5 arguments. clang warned about potential garbage values in

Re: [Bug-wget] please remove SSLv3 from being used until explicitly specified

2014-10-17 Thread Tim Rühsen
Am Donnerstag, 16. Oktober 2014, 22:01:35 schrieb Ángel González: > Ángel González wrote: > > First of all, note that wget doesn't react to a disconnect with a > > downgraded retry thus > > it is mainly not vulnerable to poodle (you could only use > > CVE-2014-3566 against servers > > not supportin