There is the situation where --no-check-cert is implicitly set (.wgetrc,
/etc/wgetrc, alias) and the user isn't aware of it. Just downloading without a
warning opens a huge security hole because you can't verify where you
downloaded it from (DNS attacks, MITM).
I leave it to your imagination
On 30/11/15 22:33, Tim Rühsen wrote:
There is the situation where --no-check-cert is implicitly set (.wgetrc,
/etc/wgetrc, alias) and the user isn't aware of it. Just downloading without a
warning opens a huge security hole because you can't verify where you
downloaded it from (DNS attacks,
I understand, though don't completely agree with, Tim's pessimistic
scenario. In any case, my wish is that there be a way to get rid of the
warning message (other than being completely silent). Whether it is
done via changing --no-check-cert or via some new/other option doesn't
matter to me.
I
Hi Karl,
Karl Berry writes:
> With wget 1.17 (at least),
>
> $ wget -nv --no-check-cert https://www.gnu.org -O /dev/null
> WARNING: cannot verify www.gnu.org's certificate, issued by 'CN=Gandi
> Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR':
> Unable to locally