Re: [Bug-wget] wget seems to be "out of touch" with security (fails on m

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] wget seems to be "out of touch" with security (fails on m

From:	L Walsh
Subject:	Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work)
Date:	Fri, 20 Dec 2013 09:03:43 -0800
User-agent:	Thunderbird



mancha wrote:

L Walsh <wget <at> tlinx.org> writes:

I recently started using 1.14 of wget included with my distro's updates:
GNU Wget 1.14 built on linux-gnu.

Trouble is, it gives security warnings on almost every https

site I access.

I can't think of 1 where I didn't have to override the security
warning (and this time, I just put it in my .wgetrc file).

So why does wget get all these errors when my browsers don't?


It appears your wget is built against the openssl library. For https
certificate verification to work in wget automagically as it does in
the major browsers, openssl needs a properly configured root
certificate store (default location: /etc/ssl/certs).

----
I have the latest ca-certificates for opensuse 13.1 installed:

rpm -ql ca-certificates

/etc/ca-certificates
/etc/ca-certificates/update.d
/etc/pki
/etc/pki/trust
/etc/pki/trust/anchors
/etc/pki/trust/blacklist
/etc/ssl/ca-bundle.pem
/etc/ssl/certs
/usr/lib/ca-certificates
/usr/lib/ca-certificates/update.d
/usr/lib/ca-certificates/update.d/certbundle.run
/usr/lib/ca-certificates/update.d/etc_ssl.run
/usr/lib/ca-certificates/update.d/java.run
/usr/lib/ca-certificates/update.d/openssl.run
/usr/sbin/update-ca-certificates
/usr/share/doc/packages/ca-certificates
/usr/share/doc/packages/ca-certificates/COPYING
/usr/share/doc/packages/ca-certificates/README
/usr/share/man/man8/update-ca-certificates.8.gz
/usr/share/pki
/usr/share/pki/trust
/usr/share/pki/trust/anchors
/usr/share/pki/trust/blacklist
/var/lib/ca-certificates
/var/lib/ca-certificates/ca-bundle.pem
/var/lib/ca-certificates/java-cacerts
/var/lib/ca-certificates/openssl
/var/lib/ca-certificates/pem
------------------
It shows files in /etc/ssl as well as other places.

But at the end of the update script, I notice a message:
if ($foundignored)
{

print STDERR "\n* = CA Certificates in /etc/ssl/certs are only seen by somelegacy applications.

To install CA-Certificates globally move them to /etc/pki/trust/ancors 
instead!\n";
}

Perhaps wget isn't using the new location?


Check your distrib's documentation/support forums/mailing lists
for how to set this up. It might be a package that you can easily
install (for example, Debian and derivatives call theirs
"ca-certificates").

This is not a wget issue proper.

--mancha

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work), L Walsh, 2013/12/19
- Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) https websites...(where browsers work), Daniel Kahn Gillmor, 2013/12/20
  - Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) https websites...(where browsers work), L Walsh, 2013/12/20
    - Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) https websites...(where browsers work), Daniel Kahn Gillmor, 2013/12/20
    - Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) https websites...(where browsers work), L Walsh, 2013/12/20
- Re: [Bug-wget] wget seems to be "out of touch" with sec urity (fails on most (all?) http websites. ..(where browsers work), mancha, 2013/12/20
  - Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work), Daniel Stenberg, 2013/12/20
    - Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work), mancha, 2013/12/20
  - Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work), L Walsh <=
    - Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work), Tim Rühsen, 2013/12/20
    - Re: [Bug-wget] wget seems to be "out of touch" with sec urity (fails on most (all?) http websites...( where browsers work), Mike Frysinger, 2013/12/20
    - Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work), Tim Rühsen, 2013/12/20
  - Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work), L Walsh, 2013/12/21
    - Re: [Bug-wget] wget seems to be "out of touch" with sec urity (fails on most (all?) http websites...( where browsers work), Mike Frysinger, 2013/12/21

Prev by Date: Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work)
Next by Date: Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work)
Previous by thread: Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work)
Next by thread: Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work)
Index(es):
- Date
- Thread