Re: [Bug-wget] OpenSSL 1.1.0

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] OpenSSL 1.1.0

From:	Ángel González
Subject:	Re: [Bug-wget] OpenSSL 1.1.0
Date:	Wed, 29 Jun 2016 00:10:34 +0200
User-agent:	Thunderbird

On 28/06/16 22:16, Tim Rühsen wrote:

Patching src/openssl.c for 1.1.0 (see below) let it compile.
But the HTTPS tests fail due to

ERROR: cannot verify localhost's certificate, issued by 'O=GNU,OU=Wget,CN=GNU
Wget':
   unsupported certificate purpose

Any idea ?


server-cert.pem has the following extensions:
Key Usage
Usages:    Revocation list signature
Critical:    Yes

Extended Key Usage
Allowed Purposes:    Server Authentication
Critical:    No

Looks like the second extension isn't supported by OpenSSL 1.1.0, andServer Authentication not being in Key Usage, it is rejected.

Recreate this certificate with no Key Usage at all would probably fixit. I'm not sure about the required steps, though.


Regards

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] OpenSSL 1.1.0, Tim Rühsen, 2016/06/28
- Re: [Bug-wget] OpenSSL 1.1.0, Ángel González <=
  - Re: [Bug-wget] OpenSSL 1.1.0, Tim Ruehsen, 2016/06/29
  - Re: [Bug-wget] OpenSSL 1.1.0, Tim Ruehsen, 2016/06/29
    - Re: [Bug-wget] OpenSSL 1.1.0, Tim Ruehsen, 2016/06/29

Prev by Date: [Bug-wget] OpenSSL 1.1.0
Next by Date: Re: [Bug-wget] OpenSSL 1.1.0
Previous by thread: [Bug-wget] OpenSSL 1.1.0
Next by thread: Re: [Bug-wget] OpenSSL 1.1.0
Index(es):
- Date
- Thread