Description of problem:
As per https://firstname.lastname@example.org/thread/VP6URPLIMH5XARDTBBJKBOUVNIS5OLCH/ thread, when system crypto-policy is set to FUTURE, wget fails to connect to github and fedoraproject.org:
$ update-crypto-policies --set FUTURE
Setting system policy to FUTURE
$ wget github.org
--2016-12-19 11:00:22-- http://github.org/
Resolving github.org (github.org)... 126.96.36.199
Connecting to github.org (github.org)|188.8.131.52|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://github.com [following]
--2016-12-19 11:00:22-- https://github.com/
Resolving github.com (github.com)... 184.108.40.206, 220.127.116.11
Connecting to github.com (github.com)|18.104.22.168|:443... connected.
ERROR: The certificate of 'github.com' is not trusted.
ERROR: The certificate of 'github.com' was signed using an insecure algorithm.
$ wget https://fedoraproject.org
--2016-12-19 11:00:32-- https://fedoraproject.org/
Resolving fedoraproject.org (fedoraproject.org)... 2604:1580:fe00:0:dead:beef:cafe:fed1, 2605:bc80:3010:600:dead:beef:cafe:fed9, 2610:28:3090:3001:dead:beef:cafe:fed3, ...
Connecting to fedoraproject.org (fedoraproject.org)|2604:1580:fe00:0:dead:beef:cafe:fed1|:443... connected.
ERROR: The certificate of 'fedoraproject.org' is not trusted.
ERROR: The certificate of 'fedoraproject.org' was signed using an insecure algorithm.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. update-crypto-policies --set FUTURE
2. wget github.org
Secure connection should be established.
Although the underlying issue is the fact that wget overwrites the system policies with its own which are more lax, the functionality issue (connection problem #1405956) can be fixed in gnutls . I will include it to the next rebase of the component.
gnutls-3.5.8-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-88f1664dd4
gnutls-3.5.8-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-88f1664dd4
gnutls-3.5.8-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.