bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] wget seems to be "out of touch" with security (fails on m


From: L Walsh
Subject: Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) https websites...(where browsers work)
Date: Fri, 20 Dec 2013 14:12:34 -0800
User-agent: Thunderbird



Daniel Kahn Gillmor wrote:

 openssl s_client -connect collaboration.opengroup.org:443
openssl s_client -connect collaboration.opengroup.org:443
CONNECTED(00000003)
depth=2 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/O=*.opengroup.org/OU=Domain Control Validated/CN=*.opengroup.org
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification 
Authority
 2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification 
Authority
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification 
Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIHB91EOjiUOjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY
BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTMwMQYDVQQLEypodHRwOi8vY2VydGlm
aWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkxMDAuBgNVBAMTJ0dvIERhZGR5
IFNlY3VyZSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTERMA8GA1UEBRMIMDc5Njky
ODcwHhcNMTIxMDAyMDg1NDU1WhcNMTcxMDAyMDg1NDU1WjBXMRgwFgYDVQQKDA8q
Lm9wZW5ncm91cC5vcmcxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRl
ZDEYMBYGA1UEAwwPKi5vcGVuZ3JvdXAub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAzUXFPU0nOq9uC9eewV3T8q6qt/N9jhuuSiZ7BTmvkV47VE3e
WBTWnRSxF5GOs/SV2oUo4qF9vYtZVURPjXeZ0FL2n0GeSYBtH4scChcMBa4IbOhF
2h0l4SL0dF0SSaJmElOFdg/pHFIHhU9cGN2AOKbHW71BnKVvVu80lLc01kvlUYZ3
P3r000FFL1Z2uH+fBpF4QxJfbPKcPDvdrwnGOGcnLJnSm8TuNuAn5uXw4AN6/jkd
UgYphp0IqpdMiAuQe9Pa+WjghWH+Ot7rhfWm2Cu+7mFd8ix67T58Re/Pdt9+v8+w
viVWUMKh+1V4ZMEgpM4Wt1cR7JUF7lf4Xcj9IwIDAQABo4IBvDCCAbgwDwYDVR0T
AQH/BAUwAwEBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0P
AQH/BAQDAgWgMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ29kYWRkeS5j
b20vZ2RzMS03Ny5jcmwwUwYDVR0gBEwwSjBIBgtghkgBhv1tAQcXATA5MDcGCCsG
AQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRv
cnkvMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdv
ZGFkZHkuY29tLzBKBggrBgEFBQcwAoY+aHR0cDovL2NlcnRpZmljYXRlcy5nb2Rh
ZGR5LmNvbS9yZXBvc2l0b3J5L2dkX2ludGVybWVkaWF0ZS5jcnQwHwYDVR0jBBgw
FoAU/axhMpNsRdbi7oVfmrrndplozOcwKQYDVR0RBCIwIIIPKi5vcGVuZ3JvdXAu
b3Jngg1vcGVuZ3JvdXAub3JnMB0GA1UdDgQWBBTwOK+cZzMoC8P0rbAuhXBio5Dt
xDANBgkqhkiG9w0BAQUFAAOCAQEAH05lag39y+BUPlOZa+fibAV7q2RWiMfe+3XG
9J6Cfbnd51FpX6HLfrC30/WHhkVkGuAlrtMaewoyJ/HveRaw1qO5UrtlELaQSu5e
s5pNRBcFQA8PyHn7n/Nxzohf69zuuPQZA3yiGfoFlucGSubq+z6+B/2Q16hSILBW
dIF1SAaSKT+CdHkzoX9CWpftst1hu30HmaRk4ELfR8mZszcTB33XNEXKhuA3rJHu
7A+FU6YInd3wUsjjqzxdNPvZo7f6XH3y7WduVpI1JuG+y9Oi+HVHzF32QSFOwX4S
qRtix+03WSyZ9QGATRTdyn7av5US4mxj18nkTiXJosiDV5zjLA==
-----END CERTIFICATE-----
subject=/O=*.opengroup.org/OU=Domain Control Validated/CN=*.opengroup.org
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287
---
No client certificate CA names sent
---
SSL handshake has read 4364 bytes and written 517 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 487454B12E7EAD451BF1B134B5D64ED9BD276942E1698972405B7C38370D9962
    Session-ID-ctx:
Master-Key: B71914B309EE9378995E72F6C43F177897BF98363C5774A0D5B9B04440153A942653FDBF5C8C9E1D3652666A3067ED2D
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1387577358
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
-----

I'm not well versed in reading certs, but is the problem that
godaddy's cert looks 'self-signed'?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]