[wget-notify] [bug #22767] private key is no longer read from the certificate file

NoèlKöthe INVALID.NOREPLY at gnu.org
Fri Mar 28 12:13:59 PDT 2008 

URL:
  <http://savannah.gnu.org/bugs/?22767>

                 Summary: private key is no longer read from the certificate
file
                 Project: GNU Wget
            Submitted by: nok
            Submitted on: Freitag 28.03.2008 um 20:13
                Category: Program Logic
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 1.11
        Operating System: None
         Reproducibility: None
           Fixed Release: None
         Planned Release: None
              Regression: None
           Work Required: None
          Patch Included: Yes

    _______________________________________________________

Details:

Hello,

sorry for forwarding this patch with a long delay:
http://bugs.debian.org/425768

--8<--
In wget versions prior to 1.10, specifying a SSL client certificate file that
contained both the public and private key was sufficient:
  wget --certificate=foo.pem https://server/

With 1.10, it now needs the private key specified separately, even if it's in
the same file:
  wget --certificate=foo.pem --private-key=foo.pem https://server/

>From the man page wget(1), it seems that the --private-key option is still
intended to be required only when the private key is in a different file:

       --private-key=file
           Read the private key from file.  This allows you to provide
           the private key in a file separate from the certificate.

It looks like the behavior changed at the same time the SSL stuff was moved
into openssl.c, so I suspect it was unintentional.  The below patch restores
the previous behavior.

-jim

diff -purN wget-1.10.2+1.11.beta1.orig/src/openssl.c
wget-1.10.2+1.11.beta1/src/openssl.c
--- wget-1.10.2+1.11.beta1.orig/src/openssl.c	2006-07-14 09:25:50.000000000
-0400
+++ wget-1.10.2+1.11.beta1/src/openssl.c	2007-05-23 16:23:56.000000000 -0400
@@ -210,6 +210,12 @@ ssl_init ()
      than examining the error stack after a failed SSL_connect.  */
   SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_NONE, NULL);
 
+  /* Use the private key from the cert file unless specified otherwise. */
+  if (opt.cert_file && !opt.private_key) {
+    opt.private_key = opt.cert_file;
+    opt.private_key_type = opt.cert_type;
+  }
+
   if (opt.cert_file)
     if (SSL_CTX_use_certificate_file (ssl_ctx, opt.cert_file,
 				      key_type_to_ssl_type (opt.cert_type))

--8<--




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?22767>

_______________________________________________
  Nachricht geschickt von/durch Savannah
  http://savannah.gnu.org/

More information about the wget-notify mailing list