[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wget2 | New option --dane (!522)
|
From: |
@rockdaboot |
|
Subject: |
Re: wget2 | New option --dane (!522) |
|
Date: |
Sun, 16 Apr 2023 18:16:58 +0000 |
Tim Rühsen commented:
Thanks for testing =)
So, if no CA certs are loaded, we should verify the server certs only via DANE.
If no DANE records are found, we FAIL the connection. If DANE verification
fails we also FAIL the connection.
If we have CA certs loaded, should we do two verification steps (CA and DANE) ?
And FAIL if either one of the two verification methods fails ?
For now I implemented "if either CA or DANE verification succeeds -> OK". But
we can change this.
--
Reply to this email directly or view it on GitLab:
https://gitlab.com/gnuwget/wget2/-/merge_requests/522#note_1354373991
You're receiving this email because of your account on gitlab.com.
Re: wget2 | New option --dane (!522), @rockdaboot, 2023/04/23
Re: wget2 | New option --dane (!522), @rockdaboot, 2023/04/23
Re: wget2 | New option --dane (!522), @rockdaboot, 2023/04/23
Re: wget2 | New option --dane (!522), @rockdaboot, 2023/04/23
Re: wget2 | New option --dane (!522), Viktor Dukhovni (@dviktor), 2023/04/24