[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] SSL client certificate problem
From: |
Estanislao Gonzalez |
Subject: |
Re: [Bug-wget] SSL client certificate problem |
Date: |
Wed, 18 Aug 2010 13:44:34 +0200 |
User-agent: |
Thunderbird 2.0.0.23 (X11/20090812) |
Hi,
this was fast :-)
I kind of answered my own problem, but this looks like a bug to me as
it's not following the specification:
This does not work:
# wget --ca-certificate=tomcat.pem
--certificate=/root/.globus/certificate-file -O /tmp/page.html -d
'https://www.dkrz.de/orp/home.htm?redirect=http%3A%2F%2Fwww.dkrz.de%2Fdevelopment%2Fjavadocs%2F'
This do:
# wget --ca-certificate=tomcat.pem
--certificate=/root/.globus/certificate-file -O /tmp/page.html -d
'https://www.dkrz.de/orp/home.htm?redirect=http%3A%2F%2Fwww.dkrz.de%2Fdevelopment%2Fjavadocs%2F'
--private-key=/root/.globus/certificate-file
As you notice the only difference is that I explicitly mentioned the
private-key is in the same file as the certificate.
The help says nothing regarding this, but the man page reads:
--private-key=file
Read the private key from file. This allows you to provide
the private key in a file separate from the certificate.
I understand that if I provide no --private-key parameter, the private
key is understood to be in the same file as the certificate. Or is it
just my English? (might be, I'm no native speaker..)
Thanks!
Estani
Estanislao Gonzalez wrote:
Hi,
I'm having a problem while trying to access a server which requires
client SSL authentication.
I'm using this command and getting this trace:
# wget --ca-certificate=tomcat.pem
--certificate=/root/.globus/certificate-file -O /tmp/page.html -d
'https://www.dkrz.de/orp/home.htm?redirect=http%3A%2F%2Fwww.dkrz.de%2Fdevelopment%2Fjavadocs%2F'
DEBUG output created by Wget 1.11.4 Red Hat modified on linux-gnu.
--2010-08-18 13:29:36--
https://www.dkrz.de/orp/home.htm?redirect=http%3A%2F%2Fwww.dkrz.de%2Fdevelopment%2Fjavadocs%2F
Resolving www.dkrz.de... 136.172.11.3
Caching www.dkrz.de => 136.172.11.3
Connecting to www.dkrz.de|136.172.11.3|:443... connected.
Created socket 4.
Releasing 0x000000001c327d90 (new refcount 1).
Initiating SSL handshake.
SSL handshake failed.
OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate
Closed fd 4
Unable to establish SSL connection.
If I use cURL I have no problem:
curl
'https://www.dkrz.de/orp/home.htm?redirect=http%3A%2F%2Fwww.dkrz.de%2Fdevelopment%2Fjavadocs%2F'
-E /root/.globus/certificate-file --cacert tomcat.pem
--location-trusted --max-redirs 4 -c curl_cookie
(neither if I manually connect with openssl)
Am I missing something? Wget doesn't seem to be sending the
certificate, both other tools are...
Thanks!
Estani
--
Estanislao Gonzalez
Max-Planck-Institut für Meteorologie (MPI-M)
Deutsches Klimarechenzentrum (DKRZ) - German Climate Computing Centre
Room 108 - Bundesstrasse 45a, D-20146 Hamburg, Germany
Phone: +49 (40) 46 00 94-126
E-Mail: address@hidden