|
| From: | Romain Geissler (@Romain-Geissler-1A) |
| Subject: | Re: wget2 | information leak with ocsp validation (#664) |
| Date: | Sat, 18 May 2024 23:44:00 +0000 |
Romain Geissler commented:
https://gitlab.com/gnuwget/wget2/-/issues/664#note_1911576148
@rockdaboot What is the behavior you have with the latest wget2 commit ?
Because when I tried to backport commit
35986bd093676df0b2acd6110620534d41d0ec4d to the latest release (2.1.10) then I
get this warning message when downloading a simple file from github:
```
[root@11951d844474 10.fc40]# wget
https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-1.7.1.tar.gz
WARNING: The certificate's (stapled) OCSP status has not been sent
WARNING: The certificate's (stapled) OCSP status has not been sent
jq-1.7.1.tar.gz.4 100%
[===================================================================================================================================================================>]
1.85M 13.22MB/s
[Files: 1 Bytes: 1.85M [3.59MB/s] Redirects: 1
Todo: 0 Errors: 0
]
```
And this warning is the one you changed in this commit
https://gitlab.com/gnuwget/wget2/-/commit/0895f9230859207385393a148d6b0a6ec24521b9
Is it expected that now by default users will see a warning ? Shouldn't the
warning be printed only if the user asks explicitly for OCSP *AND* stapling is
not enabled on the server side ?
Or maybe it already works without any warning in the latest branch because
somehow I need to backport more commits, sorry I didn't try to build from git
for now.
--
Reply to this email directly or view it on GitLab:
https://gitlab.com/gnuwget/wget2/-/issues/664#note_1911576148
You're receiving this email because of your account on gitlab.com.
| [Prev in Thread] | Current Thread | [Next in Thread] |