Re: wget2 | information leak with ocsp validation (#664)

[Romain Geissler (@Romain-Geissler-1A)]

Romain Geissler commented: 
https://gitlab.com/gnuwget/wget2/-/issues/664#note_1911755746


Ok with a backport of all the recent commits about OCSP in fedora 40, I end up 
with this release (using --no-tcp-fastopen since on our network fastopen is not 
working fine):

```
[root@9da25669cb1b 10.fc40]# wget --ocsp --no-tcp-fastopen 
https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-1.7.1.tar.gz
WARNING: OCSP stapling is not supported by 'github.com', but OCSP validation 
has been requested.
WARNING: This implies a privacy leak: the client sends the certificate serial 
ID over HTTP to the CA.
WARNING: OCSP stapling is not supported by 'objects.githubusercontent.com', but 
OCSP validation has been requested.
WARNING: This implies a privacy leak: the client sends the certificate serial 
ID over HTTP to the CA.
jq-1.7.1.tar.gz.5    100% 
[===================================================================================================================================================================>]
    1.85M   38.90MB/s
                          [Files: 1  Bytes: 1.85M [939.31KB/s] Redirects: 1  
Todo: 0  Errors: 0                                                              
                                  ]
[root@9da25669cb1b 10.fc40]# wget 
https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-1.7.1.tar.gz
jq-1.7.1.tar.gz.6    100% 
[===================================================================================================================================================================>]
    1.85M   18.79MB/s
                          [Files: 1  Bytes: 1.85M [2.58MB/s] Redirects: 1  
Todo: 0  Errors: 0
```

-- 
Reply to this email directly or view it on GitLab: 
https://gitlab.com/gnuwget/wget2/-/issues/664#note_1911755746
You're receiving this email because of your account on gitlab.com.