wget does not recognize PKI?
Andrey Repin
anrdaemon@yandex.ru
Mon Aug 6 10:05:00 GMT 2018
Greetings, Lee!
> On 8/5/18, Andrey Repin wrote:
>> Greetings, All!
> Greetings, Andrey Repin!
>> $ wget https://ca.rootdir.org/ca.crl
>> --2018-08-05 20:05:28-- https://ca.rootdir.org/ca.crl
>> Resolving ca.rootdir.org (ca.rootdir.org)... 192.168.1.6
>> Connecting to ca.rootdir.org (ca.rootdir.org)|192.168.1.6|:443...
>> connected.
>> ERROR: The certificate of ‘ca.rootdir.org’ is not trusted.
>> ERROR: The certificate of ‘ca.rootdir.org’ hasn't got a known issuer.
>>
>> $ "$( which wget )" --version
>> GNU Wget 1.19.1 built on cygwin.
>>
>> -cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls +ntlm
>> +opie +psl +ssl/gnutls
>>
>> The root CA certificate is correctly installed and hashed.
> Apparently not.
curl and openssl sees it.
Both Cygwin and native openssl.
> Does it work if you tell wget to use your root CA cert?
> ‘--ca-certificate=FILE’
It does, of course, but why doesn't it see the PKI by itself?
$ wget --ca-certificate=/etc/ssl/certs/dd07c56a.0 https://ca.rootdir.org/ca.crl
--2018-08-06 12:46:14-- https://ca.rootdir.org/ca.crl
Loaded CA certificate '/etc/ssl/certs/dd07c56a.0'
Resolving ca.rootdir.org (ca.rootdir.org)... 192.168.1.6
Connecting to ca.rootdir.org (ca.rootdir.org)|192.168.1.6|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 872 [application/octet-stream]
Saving to: ‘ca.crl’
ca.crl 100%[================================>] 872 --.-KB/s in 0s
2018-08-06 12:46:14 (18.0 MB/s) - ‘ca.crl’ saved [872/872]
> Use FILE as the file with the bundle of certificate authorities
> (“CAâ€) to verify the peers. The certificates must be in PEM
> format.
> Without this option Wget looks for CA certificates at the
> system-specified locations, chosen at OpenSSL installation time.
> & you probably have, but to be sure.. you looked at 'info
> update-ca-trust' - right?
No. Hashing /etc/ssl/certs has been enough for a long while.
I followed the directions, and it indeed fixed the issue, but I'm surprised by
the change in behavior.
--
With best regards,
Andrey Repin
Monday, August 6, 2018 12:44:13
Sorry for my terrible english...�B‹KCB”�›Ø›�[H�™\�Ü�Έ�����������‹ËØÞYÝÚ[‹˜ÛÛKÜ�›Ø›�[\Ëš��[�B‘TNˆ�����������������������‹ËØÞYÝÚ[‹˜ÛÛKÙ˜\KÃB‘�ØÝ[Y[�]�[ÛŽˆ�������������‹ËØÞYÝÚ[‹˜ÛÛKÙ�ØÜËš��[�B•[œÝXœØÜšX™H�[™›Îˆ����������‹ËØÞYÝÚ[‹˜ÛÛKÛ[�ÈÝ[œÝXœØÜšX™K\Ú[\��CBƒB
More information about the Cygwin
mailing list