[Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling

2015-08-19 Thread Vincent Lefèvre
Follow-up Comment #9, bug #43799 (project wget): I tested only wget 1.16.3 (the Debian/unstable package) for the moment. The error comes from OCSP stapling. If I do the same tests with port 4433 (where I have a temporary test server with openssl s_server -CAfile old.crt -key old.key -cert old.crt

[Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling

2015-08-19 Thread Tim Ruehsen
Follow-up Comment #10, bug #43799 (project wget): Wget does not have 'normal' OCSP built in. Well, OCSP stapling works transparently within GnuTLS and is turned on by default. When GnuTLS comes back with GNUTLS_CERT_REVOKED and all we can do is to say The certificate of %s has been revoked.

Re: [Bug-wget] bad filenames (again)

2015-08-19 Thread Eli Zaretskii
Date: Wed, 19 Aug 2015 02:52:57 +0200 From: Andries E. Brouwer andries.brou...@cwi.nl Cc: bug-wget@gnu.org Look at the remote filename. Assign a character set as follows: - if the user specified a from-charset, use that - if the name is printable ASCII (in 0x20-0x7f), take ASCII - if

Re: [Bug-wget] bad filenames (again)

2015-08-19 Thread Eli Zaretskii
Date: Tue, 18 Aug 2015 22:28:21 +0200 From: Andries E. Brouwer andries.brou...@cwi.nl Cc: Andries E. Brouwer andries.brou...@cwi.nl, tim.rueh...@gmx.de, bug-wget@gnu.org What is needed to have a full Unicode support in wget on Windows is to provide replacements for all the

[Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling

2015-08-19 Thread Vincent Lefèvre
Follow-up Comment #11, bug #43799 (project wget): Concerning the OCSP responder, I suppose that the response has some sort of signature, in which case there would be no insecurity. ___ Reply to this item at:

Re: [Bug-wget] bad filenames (again)

2015-08-19 Thread Eli Zaretskii
Date: Wed, 19 Aug 2015 01:43:51 +0200 From: Ángel González keis...@gmail.com +int +wc_utime (unsigned char *filename, struct _utimbuf *times) +{ + wchar_t *w_filename; + int buffer_size; + + buffer_size = sizeof (wchar_t) * MultiByteToWideChar(65001, 0,

Re: [Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling

2015-08-19 Thread Petr Pisar
On Wed, Aug 19, 2015 at 03:37:06PM +, Tim Ruehsen wrote: Regarding MITM and other attacks... did you notice that OCSP responder URLs are HTTP (plain text) will all the insecurity ? I never saw a HTTPS URL, did you ? There is no need for HTTPS. The OCSP response is signed by the CA's OCSP

Re: [Bug-wget] bad filenames (again)

2015-08-19 Thread Eli Zaretskii
Date: Wed, 19 Aug 2015 20:33:37 +0200 From: Andries E. Brouwer andries.brou...@cwi.nl Cc: Andries E. Brouwer andries.brou...@cwi.nl, keis...@gmail.com, bug-wget@gnu.org On Wed, Aug 19, 2015 at 05:38:39PM +0300, Eli Zaretskii wrote: Assign a character set as follows: - if the

Re: [Bug-wget] bad filenames (again)

2015-08-19 Thread Eli Zaretskii
Date: Wed, 19 Aug 2015 20:50:55 +0200 From: Andries E. Brouwer andries.brou...@cwi.nl Cc: Andries E. Brouwer andries.brou...@cwi.nl, keis...@gmail.com, bug-wget@gnu.org On Wed, Aug 19, 2015 at 09:46:04PM +0300, Eli Zaretskii wrote: OK, but how is this different from what we'd

[Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling

2015-08-19 Thread Tim Ruehsen
Follow-up Comment #8, bug #43799 (project wget): Vincent, or is the revocation due to OCSP stapling ? I guess it is... so the OCSP responder has been asked by the server and the answer has been included in the TLS handshake. That's why we get The certificate has been revoked.. Should we amend

[Bug-wget] [bug #43799] wget should implement OCSP + OCSP stapling

2015-08-19 Thread Tim Ruehsen
Follow-up Comment #7, bug #43799 (project wget): Thanks for testing wget2 (to correct myself: it is branch 'tim/wget2'). Some part of your cert chain has been revoked. GnuTLS determines that even before asking any OSCP responder. So, the message from GnuTLS is somewhat wrong, maybe a GnuTLS bug

Re: [Bug-wget] URL rewriting when resource name is in a variable

2015-08-19 Thread Tim Ruehsen
Ok, that is a parser bug. The parser should not parse (and thus not translate) anything between script and /script Could you please open an new issue on the bug tracker with the description below ? https://savannah.gnu.org/projects/wget/ Thank you. Tim On Tuesday 18 August 2015 09:50:10