Re: wget2 | OpenSSL: OCSP stapling support (!473)

wget-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wget2 | OpenSSL: OCSP stapling support (!473)

From:	Tim Rühsen
Subject:	Re: wget2 \| OpenSSL: OCSP stapling support (!473)
Date:	Sun, 02 Aug 2020 10:29:48 +0000



Tim Rühsen commented:


@juaristi Cool ! :-)

Added a small commit with some nits fixed.

Can you check why wget2 -d https://amazon.de fails with
```
02.122053.928 trying 176.32.108.185:443...
Sending 'status_request' extension in handshake
02.122053.928 ALPN offering h2
02.122053.928 ALPN offering http/1.1                                            
                                               
02.122053.928 No cached TLS session available. Will run a full handshake.       
                                               
02.122053.997 No HPKP pinning found for host 'amazon.de'                        
                                               
OCSP URI not given and not found in certificate. Skipping OCSP check for cert 0.
OCSP URI not given and not found in certificate. Skipping OCSP check for cert 1.
02.122053.997 No HPKP pinning found for host 'amazon.de'
02.122053.997 No HPKP pinning found for host 'amazon.de'                        
                                               
02.122053.997 *** OCSP response status:                                         
                                               
02.122053.997 successful                                                        
                                               
Could not verify OCSP certificate chain
Could not verify stapled OCSP response. Aborting.                               
                                               
Could not complete TLS handshake: invalid status response                       
                                               
02.122053.997 closing connection
Failed to connect: Handshake error
```

Before we can merge the branch to master, I would ask you to
- merge some of the minor commits into one (where it makes sense, e.g. the 
`test-ocsp-stap:` commits)
- fix the commit message to GNU style (never experienced any advantage of that, 
but let's keep it that way as long as we didn't decide/discuss against - GHM 
next year would be a good place :-))

-- 
Reply to this email directly or view it on GitLab: 
https://gitlab.com/gnuwget/wget2/-/merge_requests/473#note_389431504
You're receiving this email because of your account on gitlab.com.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: wget2 | OpenSSL: OCSP stapling support (!473), Tim Rühsen <=
- Re: wget2 | OpenSSL: OCSP stapling support (!473), Ander Juaristi, 2020/08/02
- Re: wget2 | OpenSSL: OCSP stapling support (!473), Ander Juaristi, 2020/08/19
- Re: wget2 | OpenSSL: OCSP stapling support (!473), Tim Rühsen, 2020/08/26
- Re: wget2 | OpenSSL: OCSP stapling support (!473), Ander Juaristi, 2020/08/31
- Re: wget2 | OpenSSL: OCSP stapling support (!473), Tim Rühsen, 2020/08/31
- Re: wget2 | OpenSSL: OCSP stapling support (!473), Tim Rühsen, 2020/08/31

Next by Date: Re: wget2 | Further Enhancement of --download-attr (#529)
Next by thread: Re: wget2 | OpenSSL: OCSP stapling support (!473)
Index(es):
- Date
- Thread