Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-22 Thread Nikos Mavrogiannopoulos
On Wed, 2014-07-09 at 03:36 -0400, Tomas Hozza wrote: I'm afraid this is not suitable for us. We need to be able to define the policy somewhere in /etc, where the user is not able to change it (only the system administrator). Also the main intention to have a single place to set the

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-21 Thread Tomas Hozza
- Original Message - I'm not sure, but looking at the patch, it /does/ seem like it tries to override the user settings, which IMO should not happen. If that is indeed the case, I do not support this patch either. Please describe why do you think it seems like it tries to override the

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-19 Thread Darshit Shah
I'm not sure, but looking at the patch, it /does/ seem like it tries to override the user settings, which IMO should not happen. If that is indeed the case, I do not support this patch either. @Giuseppe: About the failing test, that particular test seems to have some weird timing problems. I'm

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-18 Thread Ángel González
On 17/07/14 13:49, Tomas Hozza wrote: I agree. The patch didn't take any configuration possibility from the user. The users would be able to configure whatever in the same way they were before. Please really see some of those patches I sent. The discussion was little bit confusing at some

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-17 Thread Tomas Hozza
- Original Message - Tomas Hozza tho...@redhat.com writes: - Original Message - On Thursday 10 July 2014 08:37:23 Tomas Hozza wrote: - Original Message - On Tuesday 08 July 2014 16:14:42 Petr Pisar wrote: On Tue, Jul 08, 2014 at 10:00:24AM -0400, Tomas

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-17 Thread Giuseppe Scrivano
Tomas Hozza tho...@redhat.com writes: I agree. The patch didn't take any configuration possibility from the user. The users would be able to configure whatever in the same way they were before. Please really see some of those patches I sent. The discussion was little bit confusing at some

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-15 Thread Giuseppe Scrivano
Tomas Hozza tho...@redhat.com writes: - Original Message - On Thursday 10 July 2014 08:37:23 Tomas Hozza wrote: - Original Message - On Tuesday 08 July 2014 16:14:42 Petr Pisar wrote: On Tue, Jul 08, 2014 at 10:00:24AM -0400, Tomas Hozza wrote: I'm afraid this is

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-12 Thread Ángel González
On 11/07/14 10:30, Tomas Hozza wrote: I think you misunderstood me. My intention was NOT to handle PFS or any other method specially. The intention is to replace ALL occurrences of hard-coded ciphers priority list strings with value defined when running ./configure. That's why I don't want to

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-11 Thread Tomas Hozza
- Original Message - On Thursday 10 July 2014 08:37:23 Tomas Hozza wrote: - Original Message - On Tuesday 08 July 2014 16:14:42 Petr Pisar wrote: On Tue, Jul 08, 2014 at 10:00:24AM -0400, Tomas Hozza wrote: I'm afraid this is not suitable for us. We need to be able

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-11 Thread Tim Ruehsen
On Friday 11 July 2014 04:30:04 Tomas Hozza wrote: - Original Message - On Thursday 10 July 2014 08:37:23 Tomas Hozza wrote: - Original Message - On Tuesday 08 July 2014 16:14:42 Petr Pisar wrote: On Tue, Jul 08, 2014 at 10:00:24AM -0400, Tomas Hozza wrote:

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-11 Thread Tomas Hozza
- Original Message - On Friday 11 July 2014 04:30:04 Tomas Hozza wrote: - Original Message - On Thursday 10 July 2014 08:37:23 Tomas Hozza wrote: - Original Message - On Tuesday 08 July 2014 16:14:42 Petr Pisar wrote: On Tue, Jul 08, 2014 at

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-10 Thread Tim Ruehsen
On Tuesday 08 July 2014 16:14:42 Petr Pisar wrote: On Tue, Jul 08, 2014 at 10:00:24AM -0400, Tomas Hozza wrote: I'm afraid this is not suitable for us. We need to be able to define the policy somewhere in /etc, where the user is not able to change it (only the system administrator). I

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-10 Thread Tomas Hozza
- Original Message - On Tuesday 08 July 2014 16:14:42 Petr Pisar wrote: On Tue, Jul 08, 2014 at 10:00:24AM -0400, Tomas Hozza wrote: I'm afraid this is not suitable for us. We need to be able to define the policy somewhere in /etc, where the user is not able to change it (only

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-10 Thread Tim Rühsen
Am Dienstag, 8. Juli 2014, 16:57:35 schrieb Giuseppe Scrivano: Tomas Hozza thoz...@gnu.org writes: What do you think about extending --secure-protocol and having a runtime option instead of a compile time option ? Users could set the system wide default value in /etc/wgetrc and people are

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-10 Thread Tim Ruehsen
On Thursday 10 July 2014 08:37:23 Tomas Hozza wrote: - Original Message - On Tuesday 08 July 2014 16:14:42 Petr Pisar wrote: On Tue, Jul 08, 2014 at 10:00:24AM -0400, Tomas Hozza wrote: I'm afraid this is not suitable for us. We need to be able to define the policy

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-10 Thread Tomas Hozza
- Original Message - Tomas Hozza thoz...@gnu.org writes: What do you think about extending --secure-protocol and having a runtime option instead of a compile time option ? Users could set the system wide default value in /etc/wgetrc and people are able to override it through

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-09 Thread Petr Pisar
On Tue, Jul 08, 2014 at 10:00:24AM -0400, Tomas Hozza wrote: I'm afraid this is not suitable for us. We need to be able to define the policy somewhere in /etc, where the user is not able to change it (only the system administrator). I hope can also prevent the user from running his own wget

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-08 Thread Tomas Hozza
- Original Message - On 07/07/14 21:46, Tomas Hozza wrote: Hi. In Fedora we are moving to a system-wide policy of used ciphers. [1] Therefore we need wget to be compiled with other than hard-coded set of ciphers when using OpenSSL. I'm attaching patch adding new configure

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-08 Thread Tim Ruehsen
On Tuesday 08 July 2014 04:43:20 Tomas Hozza wrote: - Original Message - On 07/07/14 21:46, Tomas Hozza wrote: Hi. In Fedora we are moving to a system-wide policy of used ciphers. [1] Therefore we need wget to be compiled with other than hard-coded set of ciphers when

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-08 Thread Tomas Hozza
- Original Message - On Tuesday 08 July 2014 04:43:20 Tomas Hozza wrote: - Original Message - On 07/07/14 21:46, Tomas Hozza wrote: Hi. In Fedora we are moving to a system-wide policy of used ciphers. [1] Therefore we need wget to be compiled with other

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-08 Thread Giuseppe Scrivano
Tomas Hozza thoz...@gnu.org writes: What do you think about extending --secure-protocol and having a runtime option instead of a compile time option ? Users could set the system wide default value in /etc/wgetrc and people are able to override it through ~/.wgetrc or --secure-protocol. Hi

[Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-07 Thread Tomas Hozza
Hi. In Fedora we are moving to a system-wide policy of used ciphers. [1] Therefore we need wget to be compiled with other than hard-coded set of ciphers when using OpenSSL. I'm attaching patch adding new configure option --with-openssl-ciphers-list=LIST, which can be used to redefine the ciphers

Re: [Bug-wget] [PATCH] Allow to redefine ciphers list for OpenSSL

2014-07-07 Thread Ángel González
On 07/07/14 21:46, Tomas Hozza wrote: Hi. In Fedora we are moving to a system-wide policy of used ciphers. [1] Therefore we need wget to be compiled with other than hard-coded set of ciphers when using OpenSSL. I'm attaching patch adding new configure option --with-openssl-ciphers-list=LIST,