Bug#425768: private key is no longer read from the certificate file

Wed, 23 May 2007 13:38:37 -0700 

Package: wget
Version: 1.10.2+1.11.beta1-1
Severity: normal
Tags: patch

In wget versions prior to 1.10, specifying a SSL client certificate
file that contained both the public and private key was sufficient:
  wget --certificate=foo.pem https://server/

With 1.10, it now needs the private key specified separately, even if
it's in the same file:
  wget --certificate=foo.pem --private-key=foo.pem https://server/

>From the man page wget(1), it seems that the --private-key option is
still intended to be required only when the private key is in a
different file:

       --private-key=file
           Read the private key from file.  This allows you to provide
           the private key in a file separate from the certificate.

It looks like the behavior changed at the same time the SSL stuff was
moved into openssl.c, so I suspect it was unintentional.  The below
patch restores the previous behavior.

-jim

diff -purN wget-1.10.2+1.11.beta1.orig/src/openssl.c 
wget-1.10.2+1.11.beta1/src/openssl.c
--- wget-1.10.2+1.11.beta1.orig/src/openssl.c   2006-07-14 09:25:50.000000000 
-0400
+++ wget-1.10.2+1.11.beta1/src/openssl.c        2007-05-23 16:23:56.000000000 
-0400
@@ -210,6 +210,12 @@ ssl_init ()
      than examining the error stack after a failed SSL_connect.  */
   SSL_CTX_set_verify (ssl_ctx, SSL_VERIFY_NONE, NULL);
 
+  /* Use the private key from the cert file unless specified otherwise. */
+  if (opt.cert_file && !opt.private_key) {
+    opt.private_key = opt.cert_file;
+    opt.private_key_type = opt.cert_type;
+  }
+
   if (opt.cert_file)
     if (SSL_CTX_use_certificate_file (ssl_ctx, opt.cert_file,
                                      key_type_to_ssl_type (opt.cert_type))

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.4
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages wget depends on:
ii  libc6                         2.5-7      GNU C Library: Shared libraries
ii  libssl0.9.8                   0.9.8c-3   SSL shared libraries

wget recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to