\f
* Changes in Wget 1.10.
-** Downloading files greater than 2GB, also known as "large files",
-now works on systems that support them. This includes most modern
-Unix variants, as well as Windows.
+** Downloading files larger than 2GB, sometimes referred to as "large
+files", now works on systems that support them. This includes the
+majority of modern Unixes, as well as MS Windows.
** IPv6 is now supported by Wget. Unlike the experimental code in
-1.9, this version has no problems with dual-family systems. The new
-flags `--inet4' and `--inet6' (or `-4' and `-6' for short) force the
-use of IPv4 and IPv6 respectively. Unfortunately the IPv6 support
-still does not work on Windows.
+1.9, this version supports dual-family systems. The new flags
+`--inet4' and `--inet6' (or `-4' and `-6' for short) force the use of
+IPv4 and IPv6 respectively. Note that IPv6 support has not yet been
+tested on Windows.
** Talking to SSL servers over proxies now actually works. Previous
versions of Wget erroneously sent GET requests for SSL URLs. Wget
1.10 utilizes the CONNECT method designed for this purpose.
+** SSL/TLS downloads now attempt to verify the server's certificate
+against the recognized certificate authorities. The CA certificates
+are searched for at the default locations compiled into the OpenSSL
+library, and can be overridden with the `--ca-certificate' and
+`--ca-directory' options. Wget now also checks that the common name
+presented by the certificate corresponds to the host name in the URL.
+
+Although verifying the certificates provides more secure downloads, it
+*will* break interoperability with some sites that worked with
+previous versions, particularly those using self-signed, expired, or
+otherwise invalid certificates. If you see errors involving
+"certificate verify failed" or "common name doesn't match requested
+host name" and are still convinced of the site's authenticity, you
+need to use `--no-check-certificate' to bypass the verification.
+
** Microsoft's proprietary "NTLM" method of HTTP authentication is now
supported. This authentication method is undocumented and only used
by IIS. Note that *proxy* authentication is not supported in this
cookies. With this option multiple Wget runs are treated as a single
browser session.
+** SSL/TLS-related options have been redesigned and documented. Refer
+to the manual for details. The old, undocumented, options are no
+longer supported.
+
** Wget now supports the --ftp-user and --ftp-password command
switches to set username and password for FTP, and the --user and
--password command switches to set username and password for both FTP