bug-wget
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] SSL client certificate problem

From: Estanislao Gonzalez
Subject: Re: [Bug-wget] SSL client certificate problem
Date: Wed, 18 Aug 2010 13:44:34 +0200
User-agent: Thunderbird 2.0.0.23 (X11/20090812) 
Hi,

this was fast :-)
I kind of answered my own problem, but this looks like a bug to me as it's not following the specification: 

This does not work:
# wget --ca-certificate=tomcat.pem --certificate=/root/.globus/certificate-file -O /tmp/page.html -d 'https://www.dkrz.de/orp/home.htm?redirect=http%3A%2F%2Fwww.dkrz.de%2Fdevelopment%2Fjavadocs%2F' 

This do:
# wget --ca-certificate=tomcat.pem --certificate=/root/.globus/certificate-file -O /tmp/page.html -d 'https://www.dkrz.de/orp/home.htm?redirect=http%3A%2F%2Fwww.dkrz.de%2Fdevelopment%2Fjavadocs%2F' --private-key=/root/.globus/certificate-file As you notice the only difference is that I explicitly mentioned the private-key is in the same file as the certificate. 

The help says nothing regarding this, but the man page reads:
--private-key=file
Read the private key from file. This allows you to provide the private key in a file separate from the certificate.
I understand that if I provide no --private-key parameter, the private key is understood to be in the same file as the certificate. Or is it just my English? (might be, I'm no native speaker..) 

Thanks!
Estani


Estanislao Gonzalez wrote:

Hi,
I'm having a problem while trying to access a server which requires client SSL authentication. 

I'm using this command and getting this trace:
# wget --ca-certificate=tomcat.pem --certificate=/root/.globus/certificate-file -O /tmp/page.html -d 'https://www.dkrz.de/orp/home.htm?redirect=http%3A%2F%2Fwww.dkrz.de%2Fdevelopment%2Fjavadocs%2F' 

DEBUG output created by Wget 1.11.4 Red Hat modified on linux-gnu.
--2010-08-18 13:29:36-- https://www.dkrz.de/orp/home.htm?redirect=http%3A%2F%2Fwww.dkrz.de%2Fdevelopment%2Fjavadocs%2F 
Resolving www.dkrz.de... 136.172.11.3
Caching www.dkrz.de => 136.172.11.3
Connecting to www.dkrz.de|136.172.11.3|:443... connected.
Created socket 4.
Releasing 0x000000001c327d90 (new refcount 1).
Initiating SSL handshake.
SSL handshake failed.
OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate 
Closed fd 4
Unable to establish SSL connection.

If I use cURL I have no problem:
curl 'https://www.dkrz.de/orp/home.htm?redirect=http%3A%2F%2Fwww.dkrz.de%2Fdevelopment%2Fjavadocs%2F' -E /root/.globus/certificate-file --cacert tomcat.pem --location-trusted --max-redirs 4 -c curl_cookie 

(neither if I manually connect with openssl)
Am I missing something? Wget doesn't seem to be sending the certificate, both other tools are... 

Thanks!
Estani





--
Estanislao Gonzalez

Max-Planck-Institut für Meteorologie (MPI-M)
Deutsches Klimarechenzentrum (DKRZ) - German Climate Computing Centre
Room 108 - Bundesstrasse 45a, D-20146 Hamburg, Germany

Phone:   +49 (40) 46 00 94-126
E-Mail:  address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]