mirror of
https://github.com/moparisthebest/wget
synced 2024-07-03 16:38:41 -04:00
[svn] Mention that the server's certificate is now verified by default.
This commit is contained in:
parent
4054865a00
commit
646a9e10dc
15
NEWS
15
NEWS
@ -21,6 +21,21 @@ tested on Windows.
|
||||
versions of Wget erroneously sent GET requests for SSL URLs. Wget
|
||||
1.10 utilizes the CONNECT method designed for this purpose.
|
||||
|
||||
** SSL/TLS downloads now attempt to verify the server's certificate
|
||||
against the recognized certificate authorities. The CA certificates
|
||||
are searched for at the default locations compiled into the OpenSSL
|
||||
library, and can be overridden with the `--ca-certificate' and
|
||||
`--ca-directory' options. Wget now also checks that the common name
|
||||
presented by the certificate corresponds to the host name in the URL.
|
||||
|
||||
Although verifying the certificates provides more secure downloads, it
|
||||
*will* break interoperability with some sites that worked with
|
||||
previous versions, particularly those using self-signed, expired, or
|
||||
otherwise invalid certificates. If you see errors involving
|
||||
"certificate verify failed" or "common name doesn't match requested
|
||||
host name" and are still convinced of the site's authenticity, you
|
||||
need to use `--no-check-certificate' to bypass the verification.
|
||||
|
||||
** Microsoft's proprietary "NTLM" method of HTTP authentication is now
|
||||
supported. This authentication method is undocumented and only used
|
||||
by IIS. Note that *proxy* authentication is not supported in this
|
||||
|
Loading…
Reference in New Issue
Block a user