\f
* Changes in Wget 1.10.
-** Downloading files greater than 2GB, also known as "large files",
-now works on systems that support them. This includes most modern
-Unix variants, as well as Windows.
+** Downloading files larger than 2GB, sometimes referred to as "large
+files", now works on systems that support them. This includes the
+majority of modern Unixes, as well as MS Windows.
** IPv6 is now supported by Wget. Unlike the experimental code in
-1.9, this version has no problems with dual-family systems. The new
-flags `--inet4' and `--inet6' (or `-4' and `-6' for short) force the
-use of IPv4 and IPv6 respectively. Unfortunately the IPv6 support
-still does not work on Windows.
+1.9, this version supports dual-family systems. The new flags
+`--inet4' and `--inet6' (or `-4' and `-6' for short) force the use of
+IPv4 and IPv6 respectively. Note that IPv6 support has not yet been
+tested on Windows.
** Talking to SSL servers over proxies now actually works. Previous
versions of Wget erroneously sent GET requests for SSL URLs. Wget
1.10 utilizes the CONNECT method designed for this purpose.
+** SSL/TLS downloads now attempt to verify the server's certificate
+against the recognized certificate authorities. The CA certificates
+are searched for at the default locations compiled into the OpenSSL
+library, and can be overridden with the `--ca-certificate' and
+`--ca-directory' options. Wget now also checks that the common name
+presented by the certificate corresponds to the host name in the URL.
+
+Although verifying the certificates provides more secure downloads, it
+*will* break interoperability with some sites that worked with
+previous versions, particularly those using self-signed, expired, or
+otherwise invalid certificates. If you see errors involving
+"certificate verify failed" or "common name doesn't match requested
+host name" and are still convinced of the site's authenticity, you
+need to use `--no-check-certificate' to bypass the verification.
+
** Microsoft's proprietary "NTLM" method of HTTP authentication is now
supported. This authentication method is undocumented and only used
by IIS. Note that *proxy* authentication is not supported in this
** The new option `--keep-session-cookies' causes `--save-cookies' to
save session cookies (normally only kept in memory) along with the
-permanent ones. Many sites track important information, such as
-whether the user has authenticated, using session cookies. Using this
-option option allows multiple Wget runs to be treated as a single
+permanent ones. This is useful because many sites track important
+information, such as whether the user has authenticated, in session
+cookies. With this option multiple Wget runs are treated as a single
browser session.
-** Wget now supports the --ftp-user and --ftp-password command switches to set
-username and password for FTP, and the --user and --password command switches
-to set username and password for both FTP and HTTP. The --http-passwd and
---proxy-passwd command switches have been renamed to --http-password and
---proxy-password respectively, and the related http_passwd and proxy_passwd
-.wgetrc commands to http_password and proxy_password respectively. The
-login and passwd .wgetrc commands have been deprecated.
+** SSL/TLS-related options have been redesigned and documented. Refer
+to the manual for details. The old, undocumented, options are no
+longer supported.
+
+** Wget now supports the --ftp-user and --ftp-password command
+switches to set username and password for FTP, and the --user and
+--password command switches to set username and password for both FTP
+and HTTP. The --http-passwd and --proxy-passwd command switches have
+been renamed to --http-password and --proxy-password respectively, and
+the related http_passwd and proxy_passwd .wgetrc commands to
+http_password and proxy_password respectively. The login and passwd
+.wgetrc commands have been deprecated.
* `wget -b' now works correctly under Windows.
\f
even in the face of refused connections, which are otherwise
considered a fatal error.
-** The new option `--dns-cache=off' may be used to prevent Wget from
+** The new option `--no-dns-cache' may be used to prevent Wget from
caching DNS lookups.
** Wget no longer escapes characters in local file names based on