wget uses system CA certificates even when told not to
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wget (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
In the wget man page, the command line options --ca-certificate and --ca-directory have the sentence: "Without this option Wget looks for CA certificates at the system-specified locations, chosen at OpenSSL installation time." To me, that implies that *with* these options, the system-specified locations are *not* searched. (That would be useful if the sysadmin has installed certificates that the user doesn't trust.) However, it appears that even with these options, the system SSL directory /usr/lib/ssl/certs (symlink to /etc/ssl/certs) is still searched.
Running
wget --ca-certificat
succeeds. I would expect it to fail, having no trusted CA certificate. strace reveals that it reads a certificate from /usr/lib/ssl/certs.
Either the code should be fixed, or the man page should be clarified.
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: wget 1.17.1-1ubuntu1.1
ProcVersionSign
Uname: Linux 4.4.0-31-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
Date: Sat Jul 23 09:12:02 2016
SourcePackage: wget
UpgradeStatus: Upgraded to xenial on 2016-05-27 (57 days ago)