Re: [Bug-wget] --no-check-cert does not avoid cert warning

There is the situation where --no-check-cert is implicitly set (.wgetrc, /etc/wgetrc, alias) and the user isn't aware of it. Just downloading without a warning opens a huge security hole because you can't verify where you downloaded it from (DNS attacks, MITM). I leave it to your imagination

Re: [Bug-wget] --no-check-cert does not avoid cert warning

On 30/11/15 22:33, Tim Rühsen wrote: There is the situation where --no-check-cert is implicitly set (.wgetrc, /etc/wgetrc, alias) and the user isn't aware of it. Just downloading without a warning opens a huge security hole because you can't verify where you downloaded it from (DNS attacks,

Re: [Bug-wget] --no-check-cert does not avoid cert warning

I understand, though don't completely agree with, Tim's pessimistic scenario. In any case, my wish is that there be a way to get rid of the warning message (other than being completely silent). Whether it is done via changing --no-check-cert or via some new/other option doesn't matter to me. I

Re: [Bug-wget] --no-check-cert does not avoid cert warning

Hi Karl, Karl Berry writes: > With wget 1.17 (at least), > > $ wget -nv --no-check-cert https://www.gnu.org -O /dev/null > WARNING: cannot verify www.gnu.org's certificate, issued by 'CN=Gandi > Standard SSL CA 2,O=Gandi,L=Paris,ST=Paris,C=FR': > Unable to locally