I remembered why I never documented the SSL options. Because they are
badly named, accept weird values, and I wanted to fix them. I felt
(and still feel) that documenting them would make them "official" and
force us to keep supporting them forever.
Here is the list, extracted from `wget --help':
--sslcertfile=FILE optional client certificate.
--sslcertkey=KEYFILE optional keyfile for this certificate.
--sslcadir=DIR dir where hash list of CA's are stored.
--sslcafile=FILE file with bundle of CA's
--sslcerttype=0/1 Client-Cert type 0=PEM (default) / 1=ASN1 (DER)
--sslcheckcert=0/1 Check the server cert agenst given CA
--sslprotocol=0-3 choose SSL protocol; 0=automatic,
1=SSLv2 2=SSLv3 3=TLSv1
--egd-file=FILE file name of the EGD socket.
The names are unreadable because they don't include the usual
separator between words. They also contain weird acronyms and
abbreviations, such as "CA" or "cert", making them even harder to
read.
Finally, the values they force upon the user are unbelievably cryptic.
How hard would it have been to support something like
--sslprotocol=sslv2 or --sslcerttype=pem... but no, it was easier to
call atoi.
The question is what should we do for 1.10? Document the unreadable
names and cryptic values, and have to support them until eternity?
Leave them undocumented and fix (and document) them for the next
release? Fix them for this release (and break the freeze), and
document them?
Does anyone ever use them anyway?
