Re: wget & certificates
On Thu, 02 Jun 2011 16:58:23 +0200, Kamil Jońca wrote:
> Camaleón <noelamac@gmail.com> writes:
(...)
>> Just for testing purposes, what happens when you run this?
>>
>> wget --no-check-certificate
>> https://www.centrum24.pl/bzwbkonline/eSmart.html?typ=90&lang=pl
>
> Works.
>
>
>> (note that should still getting through the encrypted channel)
>>
>> Moreover, are you getting the same error with another "https://"; site?
>>
>> I.e.: wget https://www.google.com
>
> Works.
Hum... so it fails with one site but not all. Curious. Let me make some
tests in my wheezy box:
test@debian:~$ wget https://www.centrum24.pl/bzwbkonline/eSmart.html?
typ=90&lang=pl
[1] 4632
test@debian:~$ --2011-06-03 15:04:20-- https://www.centrum24.pl/
bzwbkonline/eSmart.html?typ=90
Resolving www.centrum24.pl... 195.20.110.130
Connecting to www.centrum24.pl|195.20.110.130|:443... connected.
ERROR: cannot verify www.centrum24.pl's certificate, issued by `/C=US/
O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://
www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC
CA':
Unable to locally verify the issuer's authority.
To connect to www.centrum24.pl insecurely, use `--no-check-certificate'.
Wow, here it fails! In lenny it worked perfectly :-O
Okay, let's see what "curl" says:
test@debian:~$ curl https://www.centrum24.pl/bzwbkonline/eSmart.html?
typ=90&lang=pl
[1] 4634
test@debian:~$ curl: (60) SSL certificate problem, verify that the CA
cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
It also fails here, but the message can be of help because Google returns
a bunch of results pointing to some sort of bug here (openssl?).
What to do? Dunno, but in the meantime you can safely connect to the site
using "wget --no-check-certificate" because the cert is valid (you
already know that because firefox told you so) and traffic is still being
sent through SSL.
Greetings,
--
Camaleón
Reply to: