[Bug-wget] I am seeing problems with wget-1.14.96-38327 doing gnutls secure sessions.

[SciFi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hi,

(I am still here, still running OSX 10.6.8
 with all security updates etc.)

I've compiled the 1.14.96-38327 tarball here.

With it, I'm suddenly getting retries when I need to
fetch something with https
(while regular http seems ok)
no matter what server I need to pull from.

I also updated gnutls to 3.2.6
and nettle to 2.7
just in case
but no help in this regard.

For example, here's a wget of
the nightly Enigmail build
in debug mode:

> $ wget -d  https://www.enigmail.net/download/nightly/enigmail-nightly-all.xpi
> DEBUG output created by Wget 1.14.96-38327 on darwin10.8.0.
> 
> URI encoding = ‘UTF-8’
> --2013-11-04 10:06:45--  
> https://www.enigmail.net/download/nightly/enigmail-nightly-all.xpi
> Certificates loaded: -1250
> Resolving www.enigmail.net (www.enigmail.net)... 217.26.54.154
> Caching www.enigmail.net => 217.26.54.154
> Connecting to www.enigmail.net (www.enigmail.net)|217.26.54.154|:443... 
> connected.
> Created socket 4.
> Releasing 0x01091670 (new refcount 1).
> WARNING: No certificate presented by www.enigmail.net.
> 
> ---request begin---
> GET /download/nightly/enigmail-nightly-all.xpi HTTP/1.1
> User-Agent: Wget/1.14.96-38327 (darwin10.8.0)
> Accept: */*
> Host: www.enigmail.net
> Connection: Keep-Alive
> 
> ---request end---
> HTTP request sent, awaiting response... Read error (Success.) in headers.
> Retrying.
> 
> --2013-11-04 10:06:47--  (try: 2)  
> https://www.enigmail.net/download/nightly/enigmail-nightly-all.xpi
> Found www.enigmail.net in host_name_addresses_map (0x1091670)
> Connecting to www.enigmail.net (www.enigmail.net)|217.26.54.154|:443... 
> connected.
> Created socket 4.
> Releasing 0x01091670 (new refcount 1).
> WARNING: No certificate presented by www.enigmail.net.
> 
> ---request begin---
> GET /download/nightly/enigmail-nightly-all.xpi HTTP/1.1
> User-Agent: Wget/1.14.96-38327 (darwin10.8.0)
> Accept: */*
> Host: www.enigmail.net
> Connection: Keep-Alive
> 
> ---request end---
> HTTP request sent, awaiting response... Read error (Success.) in headers.
> Retrying.
> 
> --2013-11-04 10:06:49--  (try: 3)  
> https://www.enigmail.net/download/nightly/enigmail-nightly-all.xpi
> Found www.enigmail.net in host_name_addresses_map (0x1091670)
> Connecting to www.enigmail.net (www.enigmail.net)|217.26.54.154|:443... 
> connected.
> Created socket 4.
> Releasing 0x01091670 (new refcount 1).
> WARNING: No certificate presented by www.enigmail.net.
> 
> ---request begin---
> GET /download/nightly/enigmail-nightly-all.xpi HTTP/1.1
> User-Agent: Wget/1.14.96-38327 (darwin10.8.0)
> Accept: */*
> Host: www.enigmail.net
> Connection: Keep-Alive
> 
> ---request end---
> HTTP request sent, awaiting response... Read error (Success.) in headers.
> Retrying.
> 
> ^C


I can fetch this file ok
with 1.14.96-38327
if I use plain http.  ;)


I saved the current stable 1.14 build of wget
and it fetches from https ok.
So this might be a regression of some sort.


My ~/.wgetrc (for all wget versions/sessions shown here):

> $ cat ~/.wgetrc
> tries = 0
> continue = on
> timestamping = on
> timeout = 20
> waitretry = 5
> random_wait = on
> #inet4_only = on
> #prefer_family = IPv4
> retry_connrefused = on
> check-certificate = off
> trust-server-names = on
> #content-on-error = on
> auth-no-challenge = on
> ca-certificate = /usr/local/share/wget/cacert.pem
> robots = off
> #load-cookies = /Users/scifi/Library/Application Support/Camino/cookies.txt


My compile parms:

> $ wget --version
> GNU Wget 1.14.96-38327 built on darwin10.8.0.
> 
> +digest +https +ipv6 +iri +large-file +nls +ntlm +opie +ssl/gnutls 
> 
> Wgetrc: 
>     /Users/scifi/.wgetrc (user)
>     /usr/local/etc/wgetrc (system)
> Locale: 
>     /usr/local/share/locale 
> Compile: 
>     gcc-4.2 -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/local/etc/wgetrc" 
>     -DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib 
>     -I/usr/local/ssl/include -I/usr/X11/include -I/usr/local/include 
>     -I/WhichXcode/Headers/FlatCarbon -I/usr/include 
>     -I/usr/local/include -Os -mtune=core2 -march=core2 
>     -force_cpusubtype_ALL -arch i386 
> Link: 
>     gcc-4.2 -Os -mtune=core2 -march=core2 -force_cpusubtype_ALL -arch 
>     i386 -Os -mtune=core2 -march=core2 -force_cpusubtype_ALL -arch i386 
>     -L/usr/local/lib -L/usr/local/lib -liconv -L/usr/local/lib -lintl 
>     -Wl,-framework -Wl,CoreFoundation -lnettle -L/usr/local/lib 
>     -lgnutls -L/usr/local/ssl/lib -L/usr/local/lib/libquicktime 
>     -L/usr/X11/lib -lnettle -lhogweed -lgmp /usr/lib/libz.dylib 
>     -lp11-kit -lintl /usr/lib/libpthread.dylib -lz -L/usr/local/ssl/lib 
>     -L/usr/local/lib/libquicktime -L/usr/local/lib -L/usr/X11/lib 
>     -L/usr/lib -lidn -lpcre ftp-opie.o gnutls.o http-ntlm.o 
>     ../lib/libgnu.a 
> 
> Copyright (C) 2011 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://www.gnu.org/licenses/gpl.html>.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> 
> Originally written by Hrvoje Niksic <address@hidden>.
> Please send bug reports and questions to <address@hidden>.


Of course I would much-rather use Secure mode
rather than open-clear mode
if for no other reason than to
tell TPTB to stop spying on everyone.
If ya git my gist.
;)


FWIW, thanks for keeping this project alive.





-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJSd8ktAAoJEKkeWNKet7+KcScIAJPrr2pz0vqK2Sb6hQJmYxrT
nx8Q/IbNqfgYSHQY8fft6dF4cpPPvFPzQGWUjTsLhTBgpwJ0GhSgoNJzW5Ma4X0T
tAh2FJVWhAynRMvQIF/joJeynykhToAvBBSHcIq08baS6RvtTPgFWBNG8mDBG6Uw
OV71+0Vg6Jp2wQU/Oa4gro5VTeJbqSwnomb5+4tsLNgGRW7LIL6HcrS9GIkg5oz2
QBe5PxY/n0AhiwuWcvoMn4zKK7uOsj+92Tlz/crRqGJCEma6clFdM6Xr5u8NFw6P
4oUodTh92YQiT9yL9z+cgBUm7+ph0p+B60jwSyaJRqqpfrA64igzVDbXR1D9qFM=
=BMBC
-----END PGP SIGNATURE-----