[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wget2 | information leak with ocsp validation (#664)
From: |
@rockdaboot |
Subject: |
Re: wget2 | information leak with ocsp validation (#664) |
Date: |
Mon, 20 May 2024 11:02:45 +0000 |
Tim Rühsen commented on a discussion:
https://gitlab.com/gnuwget/wget2/-/issues/664#note_1912429197
This is basically what we want :) Maybe we can fine-tune the verbosity in the
future (e.g. only print the privacy leak message only once per command
invocation or so. But that is low priority for me right now.
What is puzzling is the message "OCSP stapling is not supported by
'objects.githubusercontent.com'".
For me, this domain supports stapling and I reproducibly get this output:
```
$ wget2 --ocsp --no-tcp-fastopen
https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-1.7.1.tar.gz
WARNING: OCSP stapling is not supported by 'github.com', but OCSP validation
has been requested.
WARNING: This implies a privacy leak: the client sends the certificate serial
ID over HTTP to the CA.
jq-1.7.1.tar.gz.4 100%
[=============================================================================>]
1.85M --.-KB/s
[Files: 1 Bytes: 1.85M [3.30MB/s] Redirects: 1
Todo: 0 Errors: 0 ]
```
--
Reply to this email directly or view it on GitLab:
https://gitlab.com/gnuwget/wget2/-/issues/664#note_1912429197
You're receiving this email because of your account on gitlab.com.
- wget2 | information leak with ocsp validation (#664), frigo (@freedge1), 2024/05/11
- Re: wget2 | information leak with ocsp validation (#664), frigo (@freedge1), 2024/05/11
- Re: wget2 | information leak with ocsp validation (#664), @rockdaboot, 2024/05/12
- Re: wget2 | information leak with ocsp validation (#664), @rockdaboot, 2024/05/12
- Re: wget2 | information leak with ocsp validation (#664), frigo (@freedge1), 2024/05/12
- Re: wget2 | information leak with ocsp validation (#664), @rockdaboot, 2024/05/18
- Re: wget2 | information leak with ocsp validation (#664), @rockdaboot, 2024/05/18
- Re: wget2 | information leak with ocsp validation (#664), Romain Geissler (@Romain-Geissler-1A), 2024/05/18
- Re: wget2 | information leak with ocsp validation (#664), @rockdaboot, 2024/05/19
- Re: wget2 | information leak with ocsp validation (#664), Romain Geissler (@Romain-Geissler-1A), 2024/05/19
- Re: wget2 | information leak with ocsp validation (#664),
@rockdaboot <=
- Re: wget2 | information leak with ocsp validation (#664), @rockdaboot, 2024/05/20
- Re: wget2 | information leak with ocsp validation (#664), Romain Geissler (@Romain-Geissler-1A), 2024/05/20