DANE support for Wget2

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DANE support for Wget2

From:	Tim Rühsen
Subject:	DANE support for Wget2
Date:	Sun, 23 Apr 2023 20:12:25 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.2

For the interested people, DANE support has been merged today (withGnuTLS build only).

DANE allows to verify the server certificates for HTTPS connections viaDNS. This allows to connect to servers without having a CA certificatepool installed - well, *if* the the site admin prepared the DNS entryfor DANE (with so called TLSA records).


WARNING: Without DNSSEC, MITM attacks can't be detected when using DANE.

DANE is still an experimental feature and needs to be enabled via
the `--dane` CLI option.

Have fun playing with it.
Any feedback is highly appreciated.

See also
https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities
https://gitlab.com/gnuwget/wget2/-/issues/627
https://gitlab.com/gnuwget/wget2/-/merge_requests/522

Regards, Tim

OpenPGP_signature
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

DANE support for Wget2, Tim Rühsen <=

Prev by Date: Re: Recursive downloading of pages through the "action" attributes of the following "form" tags
Next by Date: only the final 206 partial content response included in WARC file
Previous by thread: [bug #64082] wget unescapes URLs used as CSS url() parameters, leading to spaces and thus invalid CSS
Next by thread: only the final 206 partial content response included in WARC file
Index(es):
- Date
- Thread