Reco wrote: > Bob Proulx wrote: > > That use of socat was clever. I didn't like the pkill socat though. > > Wouldn't be good if there were another one running at the same time. > > Yes, there's a room for an improvement. Presumably socat can write own > pid to a user-specified pidfile, but I was lazy to check a manpage. I don't think socat does. But one can use start-stop-daemon to manage things for you. The /etc/init.d/rsync file contains an example of doing such using --make-pidfile and so forth. > > Some time ago Reco and I were discussing this and Reco noted that curl > > uses openssl while wget uses gnutls. That was Reco's reason for > > prefering curl over wget at that time. > > > > https://lists.debian.org/20150409082351.GA24040@x101h > > And as the current discussion shows - those reasons are still valid. Yes. I was just keeping neutral in the debate. I note the problem, and agree it is a problem, and hope that gnutls improves. My own problem with gnutls is that it seems it requires *all* of the certificate chains to verify valid instead of *any* of them. Meaning that some sites that only include a valid certificate chain for one path but have at least one path not fully valid will fail the wget gnutls test but will work with a web browser and (apparently) libnss. That isn't nice either. > > Which might be different behavior from web > > browsers as most web browsers use openssl. > > A minor nitpick here. > > Iceweasel/Firefox use libnss, not openssl. > Chrome/Chromium use libnss. > Anything based on webkit-gtk actually uses gnutls. > I'm unsure about webkit-qt, though. > > About the only browser that actually uses openssl I can remember is w3m. Good update. I hadn't internalized that the web browsers used libnss instead of openssl. Thanks! Bob
Attachment:
signature.asc
Description: Digital signature