diff --git a/lib/lib.h b/lib/lib.h
index ef5b597..c8f1c0d 100644
--- a/lib/lib.h
+++ b/lib/lib.h
@@ -110,7 +110,7 @@ void xputs(char *s);
 void xputc(char c);
 void xflush(void);
 void xexec(char **argv);
-pid_t xpopen_both(char **argv, int *pipes);
+pid_t xpopen_both(char **argv, int *pipes, int);
 int xwaitpid(pid_t pid);
 int xpclose_both(pid_t pid, int *pipes);
 pid_t xpopen(char **argv, int *pipe, int stdout);
diff --git a/lib/xwrap.c b/lib/xwrap.c
index 0b1ab8e..551815b 100644
--- a/lib/xwrap.c
+++ b/lib/xwrap.c
@@ -191,7 +191,7 @@ void xexec(char **argv)
 // pipes[2]: stdin, stdout of new process, only allocated if zero on way in,
 //           pass NULL to skip pipe allocation entirely.
 // return: pid of child process
-pid_t xpopen_both(char **argv, int *pipes)
+pid_t xpopen_both(char **argv, int *pipes, int stderr)
 {
   int cestnepasun[4], pid;
 
@@ -221,7 +221,7 @@ pid_t xpopen_both(char **argv, int *pipes)
       }
       if (pipes[1] != -1) {
         dup2(cestnepasun[3], 1);
-        dup2(cestnepasun[3], 2);
+        if (stderr) dup2(cestnepasun[3], 2);
         if (cestnepasun[3] > 2 || !cestnepasun[3]) close(cestnepasun[3]);
       }
     }
@@ -285,7 +285,7 @@ pid_t xpopen(char **argv, int *pipe, int stdout)
 
   pipes[!stdout] = -1;
   pipes[!!stdout] = 0;
-  pid = xpopen_both(argv, pipes);
+  pid = xpopen_both(argv, pipes, 1);
   *pipe = pid ? pipes[!!stdout] : -1;
 
   return pid;
@@ -301,7 +301,7 @@ int xpclose(pid_t pid, int pipe)
 // Call xpopen and wait for it to finish, keeping existing stdin/stdout.
 int xrun(char **argv)
 {
-  return xpclose_both(xpopen_both(argv, 0), 0);
+  return xpclose_both(xpopen_both(argv, 0, 1), 0);
 }
 
 void xaccess(char *path, int flags)
diff --git a/toys/pending/wget.c b/toys/pending/wget.c
index 4283fe4..b0de9c8 100644
--- a/toys/pending/wget.c
+++ b/toys/pending/wget.c
@@ -3,19 +3,20 @@
  * Copyright 2016 Lipi C.H. Lee <lipisoft@gmail.com>
  *
 
-USE_WGET(NEWTOY(wget, "f:", TOYFLAG_USR|TOYFLAG_BIN))
+USE_WGET(NEWTOY(wget, "o:", TOYFLAG_USR|TOYFLAG_BIN))
 
 config WGET
   bool "wget"
   default n
   help
-    usage: wget -f filename URL
-    -f filename: specify the filename to be saved
-    URL: HTTP uniform resource location and only HTTP, not HTTPS
+    usage: wget -o filename URL
+
+    -o filename: specify the filename to be saved
+    URL: HTTP uniform resource location and only HTTP(S)
 
     examples:
-      wget -f index.html http://www.example.com
-      wget -f sample.jpg http://www.example.com:8080/sample.jpg
+      wget -o index.html http://www.example.com
+      wget -o sample.jpg http://www.example.com:8080/sample.jpg
 */
 
 #define FOR_wget
@@ -25,6 +26,8 @@ GLOBALS(
   char *filename;
 )
 
+enum { HTTP, HTTPS };
+
 // extract hostname from url
 static unsigned get_hn(const char *url, char *hostname) {
   unsigned i;
@@ -39,32 +42,43 @@ static unsigned get_hn(const char *url, char *hostname) {
 }
 
 // extract port number
-static unsigned get_port(const char *url, char *port, unsigned url_i) {
+static unsigned get_port(const char *url, char *port) {
   unsigned i;
 
-  for (i = 0; url[i] != '\0' && url[i] != '/'; i++, url_i++) {
+  for (i = 0; url[i] != '\0' && url[i] != '/'; i++) {
     if('0' <= url[i] && url[i] <= '9') port[i] = url[i];
-    else error_exit("wrong decimal port number");
+    else error_exit("wrong port number");
   }
   if(i <= 6) port[i] = '\0';
   else error_exit("too long port number");
 
-  return url_i;
+  return i;
 }
 
 // get http infos in URL
-static void get_info(const char *url, char* hostname, char *port, char *path) {
-  unsigned i = 7, len;
+static unsigned get_info(const char *url, char* hostname, char *port,
+                         char *path) {
+  unsigned i, proto;
 
-  if (strncmp(url, "http://", i)) error_exit("only HTTP support");
-  len = get_hn(url+i, hostname);
-  i += len;
+  if (!strncmp(url, "http://", 7)) {
+    i = 7;
+    proto = HTTP;
+  } else if (!strncmp(url, "https://", 8)) {
+    i = 8;
+    proto = HTTPS;
+  } else error_exit("only HTTP(S) support");
+
+  i += get_hn(url+i, hostname);
 
   // get port if exists
   if (url[i] == ':') {
     i++;
-    i = get_port(url+i, port, i);
-  } else strcpy(port, "80");
+    i += get_port(url+i, port);
+  } else {
+    if (proto == HTTP) strcpy(port, "80");
+    else if(proto == HTTPS) strcpy(port, "443");
+    else perror_exit("unstable system");
+  }
 
   // get uri in URL
   if (url[i] == '\0') strcpy(path, "/");
@@ -72,38 +86,8 @@ static void get_info(const char *url, char* hostname, char *port, char *path) {
     if (strlen(url+i) < 1024) strcpy(path, url+i);
     else error_exit("too long path in URL");
   } else error_exit("wrong URL");
-}
-
-// connect to any IPv4 or IPv6 server
-static int conn_svr(const char *hostname, const char *port) {
-  struct addrinfo hints, *result, *rp;
-  int sock;
-
-  memset(&hints, 0, sizeof(struct addrinfo));
-  hints.ai_family = AF_UNSPEC;
-  hints.ai_socktype = SOCK_STREAM;
-  hints.ai_flags = 0;
-  hints.ai_protocol = 0;
-
-  if ((errno = getaddrinfo(hostname, port, &hints, &result)))
-    error_exit("getaddrinfo: %s", gai_strerror(errno));
-
-  // try all address list(IPv4 or IPv6) until success
-  for (rp = result; rp; rp = rp->ai_next) {
-    if ((sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol))
-        == -1) {
-      perror_msg("socket error");
-      continue;
-    }
-    if (connect(sock, rp->ai_addr, rp->ai_addrlen) != -1)
-      break; // succeed in connecting to any server IP 
-    else perror_msg("connect error");
-    close(sock);
-  }
-  freeaddrinfo(result);
-  if(!rp) error_exit("can't connect");
 
-  return sock;
+  return proto;
 }
 
 // make HTTP request header field
@@ -118,7 +102,7 @@ static void mk_fld(char *name, char *value) {
 static char *get_body(ssize_t len, ssize_t *body_len) {
   int i;
 
-  for (i = 0; i < len-4; i++)
+  for (i = 0; i < len - 4; i++)
     if (!strncmp(toybuf+i, "\r\n\r\n", 4)) break;
 
   *body_len = len - i - 4;
@@ -127,52 +111,70 @@ static char *get_body(ssize_t len, ssize_t *body_len) {
 
 void wget_main(void)
 {
-  int sock;
+  unsigned proto;
+  int sock, pipes[2] = {0, 0};
   FILE *fp;
+  pid_t pid = 0;
   ssize_t len, body_len;
   char *body, *result, *rc, *r_str;
   char ua[18] = "toybox wget/", ver[6], hostname[1024], port[6], path[1024];
+  char *argv[] = {"openssl", "s_client", "-quiet", "-connect", NULL, NULL};
 
   // TODO extract filename to be saved from URL
-  if (!(toys.optflags & FLAG_f)) help_exit("no filename");
+  if (!(toys.optflags & FLAG_o)) help_exit("no filename");
   if (fopen(TT.filename, "r")) perror_exit("file already exists");
 
   if(!toys.optargs[0]) help_exit("no URL");
-  get_info(toys.optargs[0], hostname, port, path);
-
-  sock = conn_svr(hostname, port);
+  proto = get_info(toys.optargs[0], hostname, port, path);
+
+  if (HTTP == proto)
+    sock = xconnect(hostname, port, AF_UNSPEC, SOCK_STREAM, 0, 0);
+  else if (HTTPS == proto) {
+    if (sprintf(toybuf, "%s:%s", hostname, port) < 0) error_exit("sprintf");
+    argv[4] = toybuf;
+    pid = xpopen_both(argv, pipes, 0);
+    // TODO Can we suppress openssl's stderr before reading its stdout
+    sock = pipes[0];
+  } else perror_exit("unstable system");
 
   // compose HTTP request
-  sprintf(toybuf, "GET %s HTTP/1.1\r\n", path);
+  if (sprintf(toybuf, "GET %s HTTP/1.1\r\n", path) < 0) error_exit("sprintf");
   mk_fld("Host", hostname);
-  strncpy(ver, TOYBOX_VERSION, 5);
-  strcat(ua, ver);
+  if (strncpy(ver, TOYBOX_VERSION, 5) != ver) error_exit("strncpy");
+  if (strcat(ua, ver) != ua) error_exit("strcat");
   mk_fld("User-Agent", ua); 
   mk_fld("Connection", "close");
-  strcat(toybuf, "\r\n");
+  if (strcat(toybuf, "\r\n") != toybuf) error_exit("strcat");
 
   // send the HTTP request
   len = strlen(toybuf);
-  if (write(sock, toybuf, len) != len) perror_exit("write error");
+  if (write(sock, toybuf, len) == -1) perror_exit("write");
 
   // read HTTP response
-  if ((len = read(sock, toybuf, 4096)) == -1) perror_exit("read error");
+  if (HTTPS == proto) sock = pipes[1];
+  if ((len = read(sock, toybuf, sizeof toybuf)) == -1) perror_exit("read");
   if (!strstr(toybuf, "\r\n\r\n")) error_exit("too long HTTP response");
   body = get_body(len, &body_len);
-  result = strtok(toybuf, "\r");
-  strtok(result, " ");
-  rc = strtok(NULL, " ");
-  r_str = strtok(NULL, " ");
-
-  // HTTP res code check
-  // TODO handle HTTP 302 Found(Redirection)
-  if (strcmp(rc, "200")) error_exit("res: %s(%s)", rc, r_str);
-
-  if (!(fp = fopen(TT.filename, "w"))) perror_exit("fopen error");
-  if (fwrite(body, 1, body_len, fp) != body_len)
-    error_exit("fwrite error");
-  while ((len = read(sock, toybuf, 4096)) > 0)
-    if (fwrite(toybuf, 1, len, fp) != len)
-      error_exit("fwrite error");
-  if (fclose(fp) == EOF) perror_exit("fclose error");
+  if (!(result = strtok(toybuf, "\r"))) error_exit("no header");
+  if (!(rc = strtok(result, " "))) error_exit("no HTTP version");
+  if (!(rc = strtok(NULL, " "))) error_exit("no response code");
+  if (!(r_str = strtok(NULL, " "))) error_exit("no response phrase");
+
+  // check HTTP res code. keep going in case of 200 and 302
+  // TODO handle HTTP 302 Found(Redirection) to retry GET
+  if (strcmp(rc, "200") && strcmp(rc, "302"))
+    error_exit("res: %s(%s)", rc, r_str);
+
+  if (!(fp = fopen(TT.filename, "w"))) perror_exit("fopen");
+  if (fwrite(body, 1, body_len, fp) != body_len) error_exit("fwrite");
+
+  while ((len = read(sock, toybuf, sizeof toybuf)) > 0)
+    if (fwrite(toybuf, 1, len, fp) != len) error_exit("fwrite");
+
+  if (fclose(fp) == EOF) perror_exit("fclose");
+  if (HTTP == proto) {
+    if (close(sock) == -1) perror_exit("close");
+  } else if(HTTPS == proto)
+    xprintf("exit(%d)\n", xpclose_both(pid, pipes));
+  else perror_exit("unstable system");
 }