Mauro Tortonesi <[EMAIL PROTECTED]> writes: > i agree with you, hrvoje. we should fix the ssl options before the > 1.10 release or we will have much bigger problems later.
OK. Thanks for your support. The SSL options have been submitted by an external contributor, and I consider it my fault that I have not reviewed them more carefully. I will try to rectify that oversight. > i would change: > > --sslcerttype=0/1 to --sslcerttype=PEM/ASN1 > --sslcheckcert=1/0 to --no-sslcheckcert/--sslcheckcert > --sslprotocol=0-3 to --no-ssl/--ssl=SSLv2/SSLv3/TLSv1 The name could (and IMHO should) be made even more readable, e.g. --ssl-cert-type or even --ssl-certificate-type. It might make sense to drop the "ssl" prefix altogether because those options also apply to TLS. The option would then be --certificate-type, which is shorter and nicer. I believe curl has done that. Since --sslprotocol can specify TLS protocol, it might be more accurate to name it --secure-protocol (--protocol is too general), with the accepted values "auto" (default), "sslv2", "sslv3", and "tlsv1", all case-insensitive. (Note that the current --sslprotocol=0 does *not* correspond to --no-ssl; it means choose automatically. The fact that it confused you is further proof of the brokenness of current option names!) > the other options seem fine to me, although i prefer names like > --ssl_cert_file than --sslcertfile. Sure, except it should be --ssl-cert-file; Wget (and GNU software in general) doesn't use underscores in option names.
