[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] wget seems to be "out of touch" with security (fails on m

From: L Walsh
Subject: Re: [Bug-wget] wget seems to be "out of touch" with security (fails on most (all?) http websites...(where browsers work)
Date: Fri, 20 Dec 2013 09:03:43 -0800
User-agent: Thunderbird

mancha wrote:
L Walsh <wget <at> tlinx.org> writes:

I recently started using 1.14 of wget included with my distro's updates:
GNU Wget 1.14 built on linux-gnu.
Trouble is, it gives security warnings on almost every https
site I access.

I can't think of 1 where I didn't have to override the security
warning (and this time, I just put it in my .wgetrc file).

So why does wget get all these errors when my browsers don't?

It appears your wget is built against the openssl library. For https
certificate verification to work in wget automagically as it does in
the major browsers, openssl needs a properly configured root
certificate store (default location: /etc/ssl/certs).
I have the latest ca-certificates for opensuse 13.1 installed:
rpm -ql ca-certificates
It shows files in /etc/ssl as well as other places.

But at the end of the update script, I notice a message:
if ($foundignored)
print STDERR "\n* = CA Certificates in /etc/ssl/certs are only seen by some legacy applications.
To install CA-Certificates globally move them to /etc/pki/trust/ancors 

Perhaps wget isn't using the new location?

Check your distrib's documentation/support forums/mailing lists
for how to set this up. It might be a package that you can easily
install (for example, Debian and derivatives call theirs

This is not a wget issue proper.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]