It looks like nothing got done about this :-(. Is there any (GPL-compatible) TLS HTTP client library or tool in jessie which allows me to specify explicitly the expected End Entity certificate ?
At the moment I'm using curl and wget. I was using --cacert=blah --capath=/dev/null and it did DTRT some time ago but now doesn't. In the meantime I'm going to have to make the whole thing rely on ca-certificates. The result is that our internal infrastructure (dgit in this case) is going to be (entirely needlessly) vulnerable to security failures in the X.509 CA cabal. Ian. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/21901.57092.251321.252...@chiark.greenend.org.uk
