Next: , Previous: HTTP Options, Up: Invoking   [Contents][Index]


2.8 HTTPS (SSL/TLS) ¥ª¥×¥·¥ç¥ó

°Å¹æ²½¤µ¤ì¤¿HTTP (HTTPS)¤Î¥À¥¦¥ó¥í¡¼¥É¤ò¥µ¥Ý¡¼¥È¤¹¤ë¤¿¤á¤Ë¡¤³°Éô¤ÎSSL¥é ¥¤¥Ö¥é¥ê¡¤¸½ºß¤ÏOpenSSL¤ò»ÈÍѤ·¤ÆWget¤ò¥³¥ó¥Ñ¥¤¥ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡¥ Wget¤¬SSL¥µ¥Ý¡¼¥È̵¤·¤Ç¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¤°Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤Ï¤¹¤Ù ¤ÆÍøÍѤǤ­¤Þ¤»¤ó¡¥

--secure-protocol=protocol

¥»¥­¥å¥¢¥×¥í¥È¥³¥ë¤Î»ÈÍѤòÁªÂò¤·¤Þ¤¹¡¥ÀµÅö¤ÊÃͤϡ¤‘auto’¡¤ ‘SSLv2’¡¤‘SSLv3’¡¤¤½¤·¤Æ‘TLSv1’¤Ç¤¹¡¥‘auto’¤¬»ÈÍѤµ ¤ì¤Æ¤¤¤ë¾ì¹ç¡¤SSL¥é¥¤¥Ö¥é¥ê¤Ï¡¤Å¬Àڤʥץí¥È¥³¥ë¤ò¼«Æ°Åª¤Ë¼«Í³¤ËÁªÂò¤Ç¤­¡¤ SSLv2¤Î¤¢¤¤¤µ¤Ä¤òÁ÷¤Ã¤Æ¡¤SSLv3¤ÈTLSv1¤Î¥µ¥Ý¡¼¥È¤ò¸øÉ½¤¹¤ë¤³¤È¤ÇãÀ®¤·¤Þ ¤¹¡¥¤³¤ì¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤¹¡¥

SSLv2’¡¤‘SSLv3’¡¤¤Þ¤¿¤Ï‘TLSv1’¤ò»ÈÍѤ·¤¿¾ì¹ç¡¤Âбþ¤¹¤ë ¥×¥í¥È¥³¥ë¤ò¶¯À©Åª¤Ë»ÈÍѤ·¤Þ¤¹¡¥¤³¤ì¤Ï¡¤¸Å¤«¤Ã¤¿¤ê¥Ð¥°¤¬¤¢¤Ã¤¿¤ê¤¹¤ë SSL¥µ¡¼¥Ð¤Î¼ÂÁõ¤ÈÄÌ¿®¤¹¤ë¤È¤­¡¤OpenSSL¤¬Àµ¤·¤¤¥×¥í¥È¥³¥ë¤Î¥Ð¡¼¥¸¥ç¥ó¤ò ³Î¼Â¤ËÁªÂò¤¹¤ë¤Î¤ÇÌò¤ËΩ¤Á¤Þ¤¹¡¥¹¬¤¤¤Ë¤â¡¤¤½¤Î¤è¤¦¤Ê¥µ¡¼¥Ð¤ÏÌÇ¿¤Ë¤¢¤ê ¤Þ¤»¤ó¡¥

--no-check-certificate

ÍøÍѲÄǽ¤Êǧ¾Ú¶É¤ËÂФ¹¤ë¾ÚÌÀ½ñ¥µ¡¼¥Ð¤òÄ´ºº¤·¤Þ¤»¤ó¡¥¤Þ¤¿¡¤¾ÚÌÀ½ñ¤Ëµ­ºÜ ¤µ¤ì¤Æ¤¤¤ë¶¦Ä̤Î̾Á°¤Ë¥Þ¥Ã¥Á¤¹¤ë¥Û¥¹¥È̾¤ÎURL¤òÍ׵ᤷ¤Þ¤»¤ó¡¥

Wget 1.10¤Ç¤Ï¡¤¥Ç¥Õ¥©¥ë¥È¤Ï¥µ¡¼¥Ð¤Îǧ¾Ú¶É¤ò¾È¹ç¤·¡¤Ç§¾Ú¶É¤òǧ¼±¤·¡¤SSL ¤Î¥Ï¥ó¥É¥·¥§¡¼¥¯¤òÇË´þ¤·¡¤¾È¹ç¤Ë¼ºÇÔ¤·¤¿¾ì¹ç¤Ï¥À¥¦¥ó¥í¡¼¥É¤òÃæ»ß¤·¤Þ¤¹¡¥ ¤³¤ì¤Ç¤è¤ê°ÂÁ´¤Ê¥À¥¦¥ó¥í¡¼¥É¤òÄ󶡤·¤Þ¤¹¤¬¡¤°ÊÁ°¤ÎWget¤Î¥Ð¡¼¥¸¥ç¥ó¤Çư ºî¤µ¤·¤Æ¤¤¤¿¥µ¥¤¥È¤Ç¤Î¸ß´¹À­¤¬²õ¤ì¡¤ÆÃ¤Ë¼«¸Ê½ð̾¡¤´ü¸ÂÀڤ졤¤Þ¤¿¤Ï¡¤¤½ ¤Î¾¤Î̵¸ú¤Ê¾ÚÌÀ½ñ¤ò»ÈÍѤ·¤Æ¤¤¤ë¤â¤Î¤Ç¤¹¡¥¤³¤Î¥ª¥×¥·¥ç¥ó¤Ç¡¤“ÉÔ°ÂÁ´” ¤Ê½èÍý¥â¡¼¥É¤ò¶¯À©¤·¡¤¾ÚÌÀ½ñ¤Î¾È¹ç¥¨¥é¡¼¤ò·Ù¹ð¤ËÊÑ´¹¤·¡¤½èÍý¤Î³¹Ô¤ò²Ä ǽ¤È¤·¤Þ¤¹¡¥

“certificate verification”¥¨¥é¡¼¤Ë¤Ê¤Ã¤¿¤ê¡¤“common name doesn’t match requested host name”¤È¸À¤ï¤ì¤ë¾ì¹ç¡¤¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤Æ¾È¹ç ¤ò¤È¤Ð¤·¤Æ¡¤¥À¥¦¥ó¥í¡¼¥É¤ò³¹Ô¤¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡¥Ê̤ÎÊýË¡¤Ç¥µ¥¤ ¥È¤Îǧ¾Ú¤ò³Î¿®¤·¤Æ¤¤¤ë¾ì¹ç¤ä¡¤Ç§¾Ú¤Î¾È¹ç¤òËÜÅö¤Ëµ¤¤Ë¤·¤Ê¤¤¾ì¹ç¤À¤±¡¤¤³ ¤Î¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤Æ¤¯¤À¤µ¤¤¡¥ÈëÌ©¤ä½ÅÍפʥǡ¼¥¿¤òÁ÷¿®¤¹¤ë¤È¤­¡¤Ç§¾Ú Ä´ºº¤ò¹Ô¤ï¤Ê¤¤¤Î¤Ï¡¤¤Û¤È¤ó¤É¤¤¤Ä¤â°­¤¤È¯ÁۤǤ¹¡¥

--certificate=file

file¤Ë¤¢¤ë¥¯¥é¥¤¥¢¥ó¥È¤Î¾ÚÌÀ½ñ¤ò»ÈÍѤ·¤Þ¤¹¡¥¤³¤ì¤Ï¡¤¥µ¡¼¥Ð¤ËÀܳ ¤·¤è¤¦¤È¤·¤Æ¤¤¤ë¥¯¥é¥¤¥¢¥ó¥È¤«¤é¾ÚÌÀ½ñ¤òÍ׵᤹¤ë¤è¤¦¤Ë¹½À®¤µ¤ì¤Æ¤¤¤ë¥µ¡¼ ¥Ð¤ÇɬÍפǤ¹¡¥Ä̾¾ÚÌÀ½ñ¤ÏÍ׵ᤵ¤ì¤Ê¤¤¤Î¤Ç¤³¤Î¥¹¥¤¥Ã¥Á¤Ï¥ª¥×¥·¥ç¥ó¤Ç ¤¹¡¥

--certificate-type=type

¥¯¥é¥¤¥¢¥ó¥È¤Î¾ÚÌÀ½ñ¤Î·Á¼°¤ò»ØÄꤷ¤Þ¤¹¡¥ÀµÅö¤ÊÃͤϑPEM’ (¥Ç¥Õ¥©¥ë ¥È¤ÇÁÛÄꤵ¤ì¤Þ¤¹)¤È‘DER’¤Ç¡¤¤½¤ì¤Ï‘ASN1’¤È¤·¤Æ¤âÃΤé¤ì¤Æ¤¤¤Þ ¤¹¡¥

--private-key=file

ÈëÌ©¸°¤òfile¤«¤éÆÉ¤ß¹þ¤ß¤Þ¤¹¡¥¤³¤ì¤Ç¾ÚÌÀ½ñ¤«¤é¼è¤ê½Ð¤·¤¿¥Õ¥¡¥¤¥ë ¤Ë¤¢¤ëÈëÌ©¸°¤òÄ󶡤¹¤ë¤³¤È¤¬²Äǽ¤Ë¤Ê¤ê¤Þ¤¹¡¥

--private-key-type=type

ÈëÌ©¸°¤Î·Á¼°¤ò»ØÄꤷ¤Þ¤¹¡¥¼õ¤±Æþ¤ì¤é¤ì¤ëÃͤϑPEM’ (¥Ç¥Õ¥©¥ë¥È)¤È ‘DER’¤Ç¤¹¡¥

--ca-certificate=file

file¤ò¡¤¾È¹ç¤ÎÂФȤʤëǧ¾Ú¶É(“CA”)¤Ë¥Ð¥ó¥É¥ë¤µ¤ì¤Æ¤¤¤ë¥Õ¥¡¥¤¥ë ¤È¤·¤Æ»ÈÍѤ·¤Þ¤¹¡¥¾ÚÌÀ½ñ¤ÏPEM½ñ¼°¤Ë¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡¥

¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤Ê¤¤¤È¡¤Wget¤ÏCA¾ÚÌÀ½ñ¤ò¥·¥¹¥Æ¥à»ØÄê¤Î¾ì½ê¤Çõ¤·¡¤ ¤½¤ì¤ÏOpenSSL¤Î¥¤¥ó¥¹¥È¡¼¥ë»þ¤ËÁªÂò¤µ¤ì¤¿¾ì½ê¤Ç¤¹¡¥

--ca-directory=directory

PEM½ñ¼°¤ÎCA¾ÚÌÀ½ñ¤¬´Þ¤Þ¤ì¤ë¥Ç¥£¥ì¥¯¥È¥ê¤ò»ØÄꤷ¤Þ¤¹¡¥¤½¤ì¤¾¤ì¤Î¥Õ¥¡¥¤¥ë ¤Ë¤Ï°ì¤Ä¤ÎCA¾ÚÌÀ½ñ¤¬´Þ¤Þ¤ì¤Æ¤¤¤Æ¡¤¥Õ¥¡¥¤¥ë̾¤Ï¾ÚÌÀ½ñ¤«¤éÆÀ¤é¤ì¤ë¥Ï¥Ã¥·¥å Ãͤ¬´ð¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡¥¤³¤ì¤Ï¡¤¾ÚÌÀ½ñ¥Ç¥£¥ì¥¯¥È¥ê¤ò¡¤OpenSSL¤ÇÄ󶡤µ¤ì¤ë c_rehash¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç½èÍý¤¹¤ë¤³¤È¤Ç¼Â»Ü¤µ¤ì¤Þ¤¹¡¥¤¿¤¯¤µ¤ó¤Î¾Ú ÌÀ½ñ¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¤È¤­¡¤Wget¤ÏÍ×µá¤Ë±þ¤¸¤Æ¾ÚÌÀ½ñ¤ò¼è¤Ã¤Æ¤¯¤ë ¤Î¤Ç¡¤‘--ca-certificate’¤è¤ê‘--ca-directory’¤Î»ÈÍѤ¬¤è¤ê¸ú²Ì Ū¤Ç¤¹¡¥

¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»ÈÍѤ·¤Ê¤¤¤È¡¤Wget¤ÏCA¾ÚÌÀ½ñ¤ò¥·¥¹¥Æ¥à»ØÄê¤Î¾ì½ê¤Çõ¤·¡¤ ¤½¤ì¤ÏOpenSSL¤Î¥¤¥ó¥¹¥È¡¼¥ë»þ¤ËÁªÂò¤µ¤ì¤¿¾ì½ê¤Ç¤¹¡¥

--random-file=file

/dev/random¤¬Ìµ¤¤¥·¥¹¥Æ¥à¤Ç¡¤µ¿»÷Íð¿ô¤òÀ¸À®¤¹¤ë¼ï¤È¤Ê¤ëÍð¿ô¥Ç¡¼ ¥¿¤Î¥½¡¼¥¹¤È¤·¤Æfile¤ò»ÈÍѤ·¤Þ¤¹¡¥

¤½¤Î¤è¤¦¤Ê¥·¥¹¥Æ¥à¤Ç¤Ï¡¤SSL¥é¥¤¥Ö¥é¥ê¤¬³°Éô¤ÎÍð¿ô½é´ü²½¥½¡¼¥¹¤òɬÍפ·¤Þ ¤¹¡¥¥é¥ó¥À¥à¤µ¤ÏEGD (¸å½Ò¤Î‘--egd-file’¤ò»²¾È)¤ÇÄ󶡤µ¤ì¤¿¤ê¡¤¥æ¡¼ ¥¶¤¬»ØÄꤷ¤¿³°Éô¥½¡¼¥¹¤«¤éÆÉ¤ß¹þ¤ó¤Ç¤â¤«¤Þ¤¤¤Þ¤»¤ó¡¥¤³¤Î¥ª¥×¥·¥ç¥ó¤¬»Ø Äꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¡¤¥é¥ó¥À¥à¥Ç¡¼¥¿¤ò$RANDFILE¤Çõ¤·¡¤¤½¤ì¤âÀßÄê ¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¡¤$HOME/.rnd¤Çõ¤·¤Þ¤¹¡¥¤³¤ì¤éÁ´¤Æ¤¬ÍøÍÑÉÔ²Äǽ¤Ê ¾ì¹ç¡¤SSL¤Î°Å¹æ²½¤Ï¡¤¤Þ¤º»ÈÍѤǤ­¤Ê¤¤¤Ç¤·¤ç¤¦¡¥

“Could not seed OpenSSL PRNG; disabling SSL.”¤È¤¤¤¦¥¨¥é¡¼¤Ë¤Ê¤Ã¤¿¾ì¹ç¡¤ ¾åµ­¤Î¼êË¡¤Ê¤É¤òÍøÍѤ·¤ÆÍð¿ô¥Ç¡¼¥¿¤òÄ󶡤¹¤Ù¤­¤Ç¤¹¡¥

--egd-file=file

EGD¥½¥±¥Ã¥È¤È¤·¤Æfile¤ò»ÈÍѤ·¤Þ¤¹¡¥EGD¤ÏEntropy Gathering Daemon¤ò°ÕÌ£¤·¡¤ÍÍ¡¹¤ÊͽÁÛÉÔ²Äǽ¤Ê¥·¥¹¥Æ¥à¥½¡¼¥¹¤«¤é¥Ç¡¼¥¿¤ò¼ý½¸¤·¡¤¤½ ¤ì¤òɬÍפȤ¹¤ë³°Éô¥×¥í¥°¥é¥à¤ÇÍøÍѲÄǽ¤Ë¤¹¤ë¥æ¡¼¥¶¶õ´Ö¤Î¥×¥í¥°¥é¥à¤Ç¤¹¡¥ SSL¥é¥¤¥Ö¥é¥ê¤Î¤è¤¦¤Ê°Å¹æ²½¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¤°Å¹æÅª¤Ë¶¯¤¤¸°¤òÀ¸À®¤¹¤ë¤¿¤á ¤Ë»ÈÍѤ¹¤ëÍð¿ôÀ¸À®´ï¤Î¼ï¤È¤·¤Æ¡¤·«¤êÊÖ¤·¤Î̵¤¤¥é¥ó¥À¥à¤µ¤ò¤â¤Ä¥½¡¼¥¹¤¬ ɬÍפǤ¹¡¥

OpenSSL¤Ç¡¤RAND_FILE´Ä¶­ÊÑ¿ô¤ò»ÈÍѤ·¤¿¥¨¥ó¥È¥í¥Ô¡¼¤ÎÆÈ¼«¥½¡¼¥¹¤ò »ØÄꤹ¤ë¤³¤È¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡¥¤³¤ÎÊÑ¿ô¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤ä¡¤»ØÄꤵ ¤ì¤¿¥Õ¥¡¥¤¥ë¤Ç¤Ï½½Ê¬¤Ê¥é¥ó¥À¥à¤µ¤¬ÆÀ¤é¤ì¤Ê¤¤¾ì¹ç¤Ï¡¤OpenSSL¤ÏÍð¿ô¥Ç¡¼¥¿ ¤ò¤³¤Î¥ª¥×¥·¥ç¥ó¤Ç»ØÄꤵ¤ì¤Æ¤¤¤ëEGD¥½¥±¥Ã¥È¤«¤éÆÉ¤ß¹þ¤ß¤Þ¤¹¡¥

¤³¤Î¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤(¤½¤·¤Æ¡¤Åù²Á¤Ê¥¹¥¿¡¼¥È¥¢¥Ã¥×¥³¥Þ¥ó¥É¤¬ »ÈÍѤµ¤ì¤Æ¤¤¤Ê¤¤)¾ì¹ç¡¤EGD¤ò»ÈÍѤ·¤Þ¤»¤ó¡¥EGD¤Ï¡¤/dev/random¤ò¥µ ¥Ý¡¼¥È¤¹¤ëºÇ¶á¤ÎUnix¤Ç¤ÏÉÔÍѤǤ¹¡¥