[wget-notify] [bug #20448] HTTPS testing needed
Micah Cowan
INVALID.NOREPLY at gnu.org
Wed Jul 11 13:21:40 PDT 2007
URL:
<http://savannah.gnu.org/bugs/?20448>
Summary: HTTPS testing needed
Project: GNU Wget
Submitted by: micahcowan
Submitted on: Wednesday 07/11/2007 at 13:21
Category: Testing
Severity: 4 - Important
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: None
Operating System: None
Reproducibility: None
Fixed Release: None
Planned Release: 1.12
Regression: None
Work Required: 2 - Weeks
Patch Included: None
_______________________________________________________
Details:
We need to have automated tests verifying some of the HTTPS-related security,
both with OpenSSL and with GNUTLS. These tests should verify:
- What happens when a domain fails to match its certificate (see RFC 2459)
- What happens when a certificate authority is not recognized
- What happens when an "incomplete closure" (see RFC 2818, §2.2) is
encountered.
- What happens when 40-bit encryption is used, or the connection is
downgraded to a lesser encryption.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?20448>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the wget-notify
mailing list