1
0
mirror of https://github.com/moparisthebest/wget synced 2024-07-03 16:38:41 -04:00

[svn] Mention that the server's certificate is now verified by default.

This commit is contained in:
hniksic 2005-05-11 01:31:28 -07:00
parent 4054865a00
commit 646a9e10dc

15
NEWS
View File

@ -21,6 +21,21 @@ tested on Windows.
versions of Wget erroneously sent GET requests for SSL URLs. Wget versions of Wget erroneously sent GET requests for SSL URLs. Wget
1.10 utilizes the CONNECT method designed for this purpose. 1.10 utilizes the CONNECT method designed for this purpose.
** SSL/TLS downloads now attempt to verify the server's certificate
against the recognized certificate authorities. The CA certificates
are searched for at the default locations compiled into the OpenSSL
library, and can be overridden with the `--ca-certificate' and
`--ca-directory' options. Wget now also checks that the common name
presented by the certificate corresponds to the host name in the URL.
Although verifying the certificates provides more secure downloads, it
*will* break interoperability with some sites that worked with
previous versions, particularly those using self-signed, expired, or
otherwise invalid certificates. If you see errors involving
"certificate verify failed" or "common name doesn't match requested
host name" and are still convinced of the site's authenticity, you
need to use `--no-check-certificate' to bypass the verification.
** Microsoft's proprietary "NTLM" method of HTTP authentication is now ** Microsoft's proprietary "NTLM" method of HTTP authentication is now
supported. This authentication method is undocumented and only used supported. This authentication method is undocumented and only used
by IIS. Note that *proxy* authentication is not supported in this by IIS. Note that *proxy* authentication is not supported in this