mirror of https://github.com/moparisthebest/wget
Added OpenSSL support for --crl-file
This commit is contained in:
Tim Rühsen
parent
176c2b17fc
commit
cf4991d602
|
|
@ -1,3 +1,7 @@
|
|||
2014-11-11 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||
|
||||
* openssl.c (ssl_init): Load CRL file given by --crl-file
|
||||
|
||||
2014-11-11 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||
|
||||
* http.c (gethttp): Always add Accept-Encoding: identity
|
||||
|
|
|
|||
|
|
@ -254,6 +254,22 @@ ssl_init (void)
|
|||
SSL_CTX_set_default_verify_paths (ssl_ctx);
|
||||
SSL_CTX_load_verify_locations (ssl_ctx, opt.ca_cert, opt.ca_directory);
|
||||
|
||||
if (opt.crl_file)
|
||||
{
|
||||
X509_STORE *store = SSL_CTX_get_cert_store (ssl_ctx);
|
||||
X509_LOOKUP *lookup;
|
||||
int rc;
|
||||
|
||||
if (!(lookup = X509_STORE_add_lookup (store, X509_LOOKUP_file ()))
|
||||
|| (!(rc = X509_load_crl_file (lookup, opt.crl_file, X509_FILETYPE_PEM))))
|
||||
{
|
||||
logprintf (LOG_NOTQUIET, _("ERROR: Failed to load CRL file '%s': (%d)\n"), opt.crl_file, rc);
|
||||
return false;
|
||||
}
|
||||
|
||||
X509_STORE_set_flags (store, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
|
||||
}
|
||||
|
||||
/* SSL_VERIFY_NONE instructs OpenSSL not to abort SSL_connect if the
|
||||
certificate is invalid. We verify the certificate separately in
|
||||
ssl_check_certificate, which provides much better diagnostics
|
||||
|
|
|
|||
|
|
@ -1,3 +1,7 @@
|
|||
2014-11-11 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||
|
||||
* recreated the certs and the CRL file, also amended certs/README
|
||||
|
||||
2014-11-10 Tim Ruehsen <tim.ruehsen@gmx.de>
|
||||
|
||||
* removed certs/wget-cert.pem
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
To create the server RSA private key:
|
||||
$ certtool --generate-privkey --outfile server-key.pem --rsa
|
||||
|
||||
|
||||
To create a self signed CA certificate:
|
||||
$ certtool --generate-privkey --outfile ca-key.pem
|
||||
$ certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca-cert.pem
|
||||
|
|
@ -14,7 +15,7 @@ Country name (2 chars):
|
|||
Enter the subject's domain component (DC):
|
||||
This field should not be used in new certificates.
|
||||
E-mail:
|
||||
Enter the certificate's serial number in decimal (default: 6079996172146959675):
|
||||
Enter the certificate's serial number in decimal (default: 6080487640893163573):
|
||||
|
||||
Activation/Expiration time.
|
||||
The certificate will expire in (days): -1
|
||||
|
|
@ -24,13 +25,11 @@ Does the certificate belong to an authority? (y/N): y
|
|||
Path length constraint (decimal, -1 for no constraint):
|
||||
Is this a TLS web client certificate? (y/N):
|
||||
Will the certificate be used for IPsec IKE operations? (y/N):
|
||||
Is this a TLS web server certificate? (y/N): y
|
||||
Enter a dnsName of the subject of the certificate: 127.0.0.1
|
||||
Is this a TLS web server certificate? (y/N):
|
||||
Enter a dnsName of the subject of the certificate:
|
||||
Enter a URI of the subject of the certificate:
|
||||
Enter the IP address of the subject of the certificate:
|
||||
Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n):
|
||||
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n):
|
||||
Enter the e-mail of the subject of the certificate:
|
||||
Will the certificate be used to sign other certificates? (y/N): y
|
||||
Will the certificate be used to sign CRLs? (y/N): y
|
||||
Will the certificate be used to sign code? (y/N):
|
||||
|
|
@ -51,24 +50,23 @@ Country name (2 chars):
|
|||
Enter the subject's domain component (DC):
|
||||
This field should not be used in new certificates.
|
||||
E-mail:
|
||||
Enter the certificate's serial number in decimal (default: 6079998890988883856):
|
||||
Enter the certificate's serial number in decimal (default: 6080488276853553635):
|
||||
|
||||
Activation/Expiration time.
|
||||
The certificate will expire in (days): -1
|
||||
|
||||
Extensions.
|
||||
Does the certificate belong to an authority? (y/N):
|
||||
Is this a TLS web client certificate? (y/N): y
|
||||
Is this a TLS web client certificate? (y/N):
|
||||
Will the certificate be used for IPsec IKE operations? (y/N):
|
||||
Is this a TLS web server certificate? (y/N):
|
||||
Enter a dnsName of the subject of the certificate: localhost
|
||||
Is this a TLS web server certificate? (y/N): y
|
||||
Enter a dnsName of the subject of the certificate: 127.0.0.1
|
||||
Enter a dnsName of the subject of the certificate: localhost
|
||||
Enter a dnsName of the subject of the certificate:
|
||||
Enter a URI of the subject of the certificate:
|
||||
Enter the IP address of the subject of the certificate:
|
||||
Enter the e-mail of the subject of the certificate:
|
||||
Will the certificate be used for signing (required for TLS)? (Y/n):
|
||||
Will the certificate be used for encryption (not required for TLS)? (Y/n):
|
||||
Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n):
|
||||
Will the certificate be used for encryption (RSA ciphersuites)? (Y/n):
|
||||
|
||||
|
||||
To create a CRL for the server certificate:
|
||||
|
|
@ -78,4 +76,3 @@ Update times.
|
|||
The certificate will expire in (days): -1
|
||||
CRL Number (default: 6080006793650397145):
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,21 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDXjCCAkagAwIBAgIIVGB8TiyN5TswDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE
|
||||
MIIDPjCCAiagAwIBAgIIVGI7SyiXCDUwDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE
|
||||
AxMIR05VIFdnZXQxDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTAiGA8yMDE0
|
||||
MTExMDA4NTAyNFoYDzk5OTkxMjMxMjM1OTU5WjAwMREwDwYDVQQDEwhHTlUgV2dl
|
||||
MTExMTE2MzczM1oYDzk5OTkxMjMxMjM1OTU5WjAwMREwDwYDVQQDEwhHTlUgV2dl
|
||||
dDENMAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VMIIBIjANBgkqhkiG9w0BAQEF
|
||||
AAOCAQ8AMIIBCgKCAQEAv2IR1/gsaJsn+egtVFbMMMbivK+eVzPY8wEXb2flpe9a
|
||||
Kkwz824nSSrWfRigQmf/ODkNlK2x91kppfPmWkClUREQB3I4d/sHFnzqCkFKmNwt
|
||||
VT4DsL47VumgZF6ZjSqTYQD3MDH3VhFj1iKrRMM/aCZXwntD+67sKw6UPXfFbfUO
|
||||
Recpb7fCZPZFVFYStxgcF7cyH+DADLX5QCEjiLYH1es6FXrdw+ypgwBl+HuLkQ/4
|
||||
gE0JLQK5PAKSYeLy0JEBUPovkMXT+r9aPkQBF/9WD6uUPia0ERHbMIT0My84hBrG
|
||||
9d5u5gXPnH1ZxKIr8iJOYCydVjYndn21zs2IExwL6wIDAQABo3gwdjAPBgNVHRMB
|
||||
Af8EBTADAQH/MBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAdBgNVHSUEFjAUBggrBgEF
|
||||
BQcDAQYIKwYBBQUHAwkwDwYDVR0PAQH/BAUDAwemADAdBgNVHQ4EFgQU8z5OOIRK
|
||||
qb7Bb8dho1DabimL61QwDQYJKoZIhvcNAQELBQADggEBAEyG0E8RrSNfv9ZtqidB
|
||||
9j660p8CynFDsX+hjfR1Sy4v5aUxxaA1spj/L5ioQXgjFKfht3zyPQBwLDSWNb41
|
||||
1yaGrPjwDfal/CWY1lJHGZGiEuxtZ32mMYNSUNBQk0t2P33NssdjdtJ8Tm9BZwqH
|
||||
/NxHTi00MTQlG4L01KSAf7wJtapA1Ad6u6WAU+316EuTQ0eh7owOugaSIpCFgwQA
|
||||
hq3SkUW8P2hL9ZYX0lGzaqE9oKm9dIvpfVPrWhbhnGMPR2X/7B8IgK84r3Eb1CF2
|
||||
3nysbcWH8BSxpN0d8oYPhUFi3jyV9InqFvEPxyMQ9MmtjDb4JpA6tkL6UwP77br6
|
||||
Th0=
|
||||
9d5u5gXPnH1ZxKIr8iJOYCydVjYndn21zs2IExwL6wIDAQABo1gwVjAPBgNVHRMB
|
||||
Af8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMJMA8GA1UdDwEB/wQFAwMHBgAw
|
||||
HQYDVR0OBBYEFPM+TjiESqm+wW/HYaNQ2m4pi+tUMA0GCSqGSIb3DQEBCwUAA4IB
|
||||
AQCWKV1Txo3xytRSO1PwWK9ce5FhvQW9mubuuWmbEnQt9JaOhO1Og6ZmdPDlAQeo
|
||||
m0CJZZ0VNeodoBXPGopy3VyzF4ZzUR9leGk3sb1qTSoDCvJd/zLrfukHKugtwuK0
|
||||
b1fPnEjBjQ6gQI21coc1tmyX8Qsm7of5n+Ji601WG+FiVmmdEsCjmA/eAvwSbu1E
|
||||
cAVH476KUt4CrpVPQQVqzFPDz8i4iw/P+Jo+iNmL5S72OG2GfkSJq3XkUYa509W6
|
||||
N+8c3p4y0q/PcQ92s1OIHyEPZFRFhm4xw0sHkhD2KVoHseHZjCoYn4/lIzMPnJ6v
|
||||
EfZUJQXndeJnffbthaUp8Ea2
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDgDCCAmigAwIBAgIIVGB+xzQpT5AwDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE
|
||||
MIIDgDCCAmigAwIBAgIIVGI73zrIeeMwDQYJKoZIhvcNAQELBQAwMDERMA8GA1UE
|
||||
AxMIR05VIFdnZXQxDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTAiGA8yMDE0
|
||||
MTExMDA5MDA1OVoYDzk5OTkxMjMxMjM1OTU5WjAxMRIwEAYDVQQDEwkxMjcuMC4w
|
||||
MTExMTE2NDAwMFoYDzk5OTkxMjMxMjM1OTU5WjAxMRIwEAYDVQQDEwkxMjcuMC4w
|
||||
LjExDTALBgNVBAsTBFdnZXQxDDAKBgNVBAoTA0dOVTCCASIwDQYJKoZIhvcNAQEB
|
||||
BQADggEPADCCAQoCggEBAMjC3Gt55EfStl6mE371+pD3/cpR5MLxkdbBss5MlIP2
|
||||
TDhiPOItLXml8oxs4BjUm3wfn3GV9iJLmbzbIWL+0kbRkQ2LCPKUf+Cln3z2ZE+r
|
||||
|
|
@ -9,13 +9,13 @@ XwdWlT8gVfv51Opfkp2lLDVUqLfNKRGQgivjSCmLqY2LqeB0SaVNvuaD3EpqZyIH
|
|||
0E5SZgjqBHgRRtvGkcy0rOmp5SI2NASLugUioXa9OLWjpYDwodsd3ERlL0DJ1aJW
|
||||
8TC8Tqix4i0osWzar+LXBIin0Qvar9/uRHN0p1kq3p0XgNHKqWpiTT54+WYx7Pem
|
||||
v4qRXz11swiJzUL+Pw1DurQ9smbzDgAsz7V2FJnUeCcCAwEAAaOBmDCBlTAMBgNV
|
||||
HRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMB8GA1UdEQQYMBaCCWxvY2Fs
|
||||
aG9zdIIJMTI3LjAuMC4xMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJfm323L
|
||||
HRMBAf8EAjAAMB8GA1UdEQQYMBaCCTEyNy4wLjAuMYIJbG9jYWxob3N0MBMGA1Ud
|
||||
JQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFJfm323L
|
||||
JbKTM/tMKSt0qlUqewbnMB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tU
|
||||
MA0GCSqGSIb3DQEBCwUAA4IBAQBeRV2kMWuksna/E6hqcQ5C76UFq9RDcvxIoJQ/
|
||||
2ANywD+EcQYyBNSSL+yyv6/Pp9gXlqjciYdb3OgdPb++3y/UC6IxkeFv1uNDwJfS
|
||||
HVX9avm12CXfZt4zMrq1GQX4gjJ9jkItMCY4atdyAQROGnzDWzNuwSWaasL3oUPT
|
||||
qDUMHZR2kH2cIr9S07YT/8RslMdlMgeI4Y9JCGuRspgxwnDtM5L3vZEnGsud7DSa
|
||||
1/8LGiYydNIpCikwd2Pzdwp9G8mm7AExU3AsXPCyYxDWWjfyhBjTY+5aR57igNeB
|
||||
CaP+xoDNilbJ/RM+0Ygv/ue7gY49f8nESQP+0HQVborwl3h2
|
||||
MA0GCSqGSIb3DQEBCwUAA4IBAQCDmuSD4IGmn0UQ5jhGQquh92Iu59j64Rrg7EIM
|
||||
zoppciyYR8gDUutOI9CEisxJz6umvAdOo5L981gcFaBv6hHWaE/krAZccR+ZXZP6
|
||||
fI9btO8My8O63fYcd2KkLEFqvKDF43i01S2LrqXdPo3uELbFZwxCmUKsexFGsoW1
|
||||
CbXbRjnS7w/f72myRmvBeDiNMuGfe1lb4IflybH3DMlKC7i0AN1JKglp+IKn5XAE
|
||||
neWR03i3UaYJsibIxj0DkTS+hVPu5MXQ9RlF5CkRdFKjGinLE/u70XyAyx0/IeAN
|
||||
e7c2MJvpdfRmTXm2ew4sNyK9RXo7Bv0Yqkl65iMscF8LNnxL
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -1,12 +1,12 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIIB1DCBvQIBATANBgkqhkiG9w0BAQsFADAwMREwDwYDVQQDEwhHTlUgV2dldDEN
|
||||
MAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VGA8yMDE0MTExMDA5MzUyMVoYDzk5
|
||||
OTkxMjMxMjM1OTU5WjAdMBsCCFRgfsc0KU+QGA8yMDE0MTExMDA5MzUyMVqgNjA0
|
||||
MB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tUMBEGA1UdFAQKAghUYIba
|
||||
N/WqiDANBgkqhkiG9w0BAQsFAAOCAQEALV862K6ErgDdHKVag2mibcyguI83mPUm
|
||||
AhkbZ0vUFIjf39kDwXfBdGjQPPRilAM+2nraN7UTZs6y+2UDTbavaOpn5YFEoP5f
|
||||
Z6AN+PMEVi8QfkpQHIRJPVg1noJMBU+KgqGvzg7pCpzD8WyrH/4AAmuQoD18YndP
|
||||
SQGmTvsap3nCQPtCcGnONbdvqlHF47toy9nYz+4auS+RpEPiUa9YT5zNOwQwlQg5
|
||||
cgdbkheEqN3SLeTAxvDSVaHbVEr2U7rsR8ckMNXE0xgNuDmvIiTiqps+e2oE88Ii
|
||||
421c+VGZE4LE5NeETIk8V4drxbdYZpwRB2/BzmDwKhMAB8WBIH2sFA==
|
||||
MAsGA1UECxMEV2dldDEMMAoGA1UEChMDR05VGA8yMDE0MTExMTE2NDU1NFoYDzk5
|
||||
OTkxMjMxMjM1OTU5WjAdMBsCCFRiO986yHnjGA8yMDE0MTExMTE2NDU1NFqgNjA0
|
||||
MB8GA1UdIwQYMBaAFPM+TjiESqm+wW/HYaNQ2m4pi+tUMBEGA1UdFAQKAghUYj1E
|
||||
KHs9ijANBgkqhkiG9w0BAQsFAAOCAQEAZgwqs1VOFG39dFHHMXvBr4eJfhwiG4bC
|
||||
cL6IvLhvl9ikcyQMHrpOBtNjkCtgclSbJjjTDdera1+zuCWE0WBOJ4mojYdAIOhR
|
||||
QvSwp4NwAtibu2F/fjeXoo+LEpcRKtLvAotB30eCZ1OPrijsa/HxFILOLlayjns8
|
||||
wM4RmQC4o43y1G/1jqM8hGDg4Wz0j1URVuyP+pU55JpubV5LlExy3gIRwevD2lam
|
||||
q3hiighenJYFO3HGZkYT2SIoSpXZnQqKPJ4HwRBSg/cjOpc1y1lIIvKhmk+Cut6M
|
||||
+S5HL4pIk8vGYg57nTfOOkj1goqFkfU0DBqvVAZj02ay/VIDu61T1g==
|
||||
-----END X509 CRL-----
|
||||
|
|
|
|||
Loading…
Reference in New Issue