|
From: | Romain Geissler (@Romain-Geissler-1A) |
Subject: | Re: wget2 | information leak with ocsp validation (#664) |
Date: | Sat, 18 May 2024 23:44:00 +0000 |
Romain Geissler commented: https://gitlab.com/gnuwget/wget2/-/issues/664#note_1911576148 @rockdaboot What is the behavior you have with the latest wget2 commit ? Because when I tried to backport commit 35986bd093676df0b2acd6110620534d41d0ec4d to the latest release (2.1.10) then I get this warning message when downloading a simple file from github: ``` [root@11951d844474 10.fc40]# wget https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-1.7.1.tar.gz WARNING: The certificate's (stapled) OCSP status has not been sent WARNING: The certificate's (stapled) OCSP status has not been sent jq-1.7.1.tar.gz.4 100% [===================================================================================================================================================================>] 1.85M 13.22MB/s [Files: 1 Bytes: 1.85M [3.59MB/s] Redirects: 1 Todo: 0 Errors: 0 ] ``` And this warning is the one you changed in this commit https://gitlab.com/gnuwget/wget2/-/commit/0895f9230859207385393a148d6b0a6ec24521b9 Is it expected that now by default users will see a warning ? Shouldn't the warning be printed only if the user asks explicitly for OCSP *AND* stapling is not enabled on the server side ? Or maybe it already works without any warning in the latest branch because somehow I need to backport more commits, sorry I didn't try to build from git for now. -- Reply to this email directly or view it on GitLab: https://gitlab.com/gnuwget/wget2/-/issues/664#note_1911576148 You're receiving this email because of your account on gitlab.com.
[Prev in Thread] | Current Thread | [Next in Thread] |