[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] trouble with self signed certificates --ca-directory=director
From: |
drayon |
Subject: |
[Bug-wget] trouble with self signed certificates --ca-directory=directory |
Date: |
Thu, 29 Mar 2012 12:15:28 +0930 |
Having the most head wrenching time with wget:
Version/compile details running on Mac OS X 10.6.8
==================================================
GNU Wget 1.13.4 built on darwin11.3.0.
+digest +https +ipv6 -iri +large-file -nls +ntlm +opie +ssl/openssl
Wgetrc:
/usr/local/etc/wgetrc (system)
Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/local/etc/wgetrc"
-DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib -O2
-Wall
Link: gcc -O2 -Wall -liconv -lssl -lcrypto -lz -ldl -lz ftp-opie.o openssl.o
http-ntlm.o ../lib/libgnu.a
==================================================
Command issued in terminal:
==================================================
wget https://forums.mvgroup.org/
--2012-03-29 10:20:39-- https://forums.mvgroup.org/
Resolving forums.mvgroup.org... 87.241.99.41
Connecting to forums.mvgroup.org|87.241.99.41|:443... connected.
ERROR: cannot verify forums.mvgroup.org's certificate, issued by
`/O=MVGroup/CN=forums.mvgroup.org':
Self-signed certificate encountered.
==================================================
I exported the Certificate "forums.mvgroup.org.pem" to
/System/Library/OpenSSL/certs/forums.mvgroup.org.pem
If I open the text file the following data is inside
-----BEGIN CERTIFICATE-----
MIIB1TCCAT4CCQDWXiQIRDVVdDANBgkqhkiG9w0BAQUFADAvMRAwDgYDVQQKEwdN
Vkdyb3VwMRswGQYDVQQDExJmb3J1bXMubXZncm91cC5vcmcwHhcNMTIwMzI4MTgz
NDQzWhcNMTMwMzI4MTgzNDQzWjAvMRAwDgYDVQQKEwdNVkdyb3VwMRswGQYDVQQD
ExJmb3J1bXMubXZncm91cC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
ALizUiY+TJ0JWqhwD8q0q75Fg15tV2W2FHFp9ysMw+4seMSiLI2R/h/aBc2XaAqG
sMb47wKYpqqtJWBkgFuOTZhpaIcr+nPQsLUGAT1hxVz+/fzytZP5XfzXlNq5CKcP
FQ3HwDqx61UXTngWDTBZIe8y/IuAvvvQJOICEL2QXPU5AgMBAAEwDQYJKoZIhvcN
AQEFBQADgYEAn3A7/1weG631+zO5fYiN9pl7tw1p6SC/fBuYr6yA/QmfiwYykv8V
rCqnQvlUNzY8PRIByRBYkezB3QEuaK0hpTCtp/ueBr9z/qVZhmcyXTm78HLDKopc
ft7z6DFRXtOYGhqy73Jax0cERNgA3LqzGE9RXNC31Hl3jVunGJAyfyc=
-----END CERTIFICATE-----
I then issued the following command: (--certificate=file)
====================================
wget --certificate=forums.mvgroup.org.pem
https://forums.mvgroup.org/index.php?showtopic=2827
--2012-03-29 10:56:08-- https://forums.mvgroup.org/index.php?showtopic=2827
OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line
OpenSSL: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib
Disabling SSL due to encountered errors.
=======================================
I assume "--certificate=forums.mvgroup.org.pem" looks for this "file" in the
current terminal directory? or do we include the full path? ie
wget --certificate=/System/Library/OpenSSL/certs/forums.mvgroup.org.pem
=======================================
Ok so in Terminal I change directory to '/System/Library/OpenSSL/certs'
then issue:
sudo wget --ca-certificate=forums.mvgroup.org.pem
https://forums.mvgroup.org/index.php?showtopic=2827
Success (note sudo since this is a system directory).
wget manual says "Without this option Wget looks for CA certificates at the
system-specified locations, chosen at OpenSSL installation time". So why on OS
X does SSL NOT look in '/System/Library/OpenSSL/certs'? I can't find a config
file or correct command to set to this directory as the default to look for
certificates.
Also I use ‘--ca-directory=directory’ as
wget --ca-directory=/System/Library/OpenSSL/certs/
https://forums.mvgroup.org/index.php?showtopic=2827
terminal reports
======================
Resolving forums.mvgroup.org... 87.241.99.41
Connecting to forums.mvgroup.org|87.241.99.41|:443... connected.
ERROR: cannot verify forums.mvgroup.org's certificate, issued by
`/O=MVGroup/CN=forums.mvgroup.org':
Self-signed certificate encountered.
To connect to forums.mvgroup.org insecurely, use `--no-check-certificate'.
======================
I think this must be a bug or wrong usage because logically this command tells
wget to tell openssl to look in '/System/Library/OpenSSL/certs/' for a
certificate but it keeps failing unless we specifically tell wget the exact
file based on the current directory else it fails if current directory doesnt
contain a cert.
Please clarify and perhaps manual should show working examples for options like
‘--ca-directory=directory’
Regards
- [Bug-wget] trouble with self signed certificates --ca-directory=directory,
drayon <=