Description of problem: As per https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/VP6URPLIMH5XARDTBBJKBOUVNIS5OLCH/ thread, when system crypto-policy is set to FUTURE, wget fails to connect to github and fedoraproject.org: $ update-crypto-policies --set FUTURE Setting system policy to FUTURE $ wget github.org --2016-12-19 11:00:22-- http://github.org/ Resolving github.org (github.org)... 188.166.203.69 Connecting to github.org (github.org)|188.166.203.69|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://github.com [following] --2016-12-19 11:00:22-- https://github.com/ Resolving github.com (github.com)... 192.30.253.112, 192.30.253.113 Connecting to github.com (github.com)|192.30.253.112|:443... connected. ERROR: The certificate of 'github.com' is not trusted. ERROR: The certificate of 'github.com' was signed using an insecure algorithm. $ wget https://fedoraproject.org --2016-12-19 11:00:32-- https://fedoraproject.org/ Resolving fedoraproject.org (fedoraproject.org)... 2604:1580:fe00:0:dead:beef:cafe:fed1, 2605:bc80:3010:600:dead:beef:cafe:fed9, 2610:28:3090:3001:dead:beef:cafe:fed3, ... Connecting to fedoraproject.org (fedoraproject.org)|2604:1580:fe00:0:dead:beef:cafe:fed1|:443... connected. ERROR: The certificate of 'fedoraproject.org' is not trusted. ERROR: The certificate of 'fedoraproject.org' was signed using an insecure algorithm. Version-Release number of selected component (if applicable): crypto-policies-20160921-2.git75b9b04.fc25.noarch wget-1.18-2.fc25.x86_64 gnutls-3.5.7-3.fc25.x86_64 How reproducible: Always Steps to Reproduce: 1. update-crypto-policies --set FUTURE 2. wget github.org 3. Actual results: See above. Expected results: Secure connection should be established. Additional info:
Although the underlying issue is the fact that wget overwrites the system policies with its own which are more lax, the functionality issue (connection problem #1405956) can be fixed in gnutls [0]. I will include it to the next rebase of the component. [0]. https://gitlab.com/gnutls/gnutls/merge_requests/195
gnutls-3.5.8-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-88f1664dd4
gnutls-3.5.8-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-88f1664dd4
gnutls-3.5.8-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.