Bug 443512 - wget fails with bogus certificate chain error
wget fails with bogus certificate chain error
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: wget (Show other bugs)
4.6
x86_64 Linux
low Severity medium
: rc
: ---
Assigned To: Karsten Hopp
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-21 18:08 EDT by Tom Swiss
Modified: 2010-09-07 09:39 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-09-07 09:39:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tom Swiss 2008-04-21 18:08:59 EDT
Description of problem:

The supplied version of wget fails on a site with a valid SSL certificate and
chain of trust.

Version-Release number of selected component (if applicable):

wget-1.10.2-0.40E

How reproducible:

Use wget to retrieve https://www.trocadero.com

Steps to Reproduce:
1. From a shell command line: wget https://www.trocadero.com

  
Actual results:

As run on our RHEL 4.6 box:

wget https://www.trocadero.com
--17:52:41--  https://www.trocadero.com/
           => `index.html'
Resolving www.trocadero.com... 216.132.102.18
Connecting to www.trocadero.com|216.132.102.18|:443... connected.
ERROR: Certificate verification error for www.trocadero.com: self signed
certificate in certificate chain
To connect to www.trocadero.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.



Expected results:

I would expect to see the same results I get on my Fedora Core 6 box at home
(using wget-1.10.2-8.fc6.1)

wget https://www.trocadero.com
--17:53:38--  https://www.trocadero.com/
Resolving www.trocadero.com... 216.132.102.18
Connecting to www.trocadero.com|216.132.102.18|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3699 (3.6K) [text/html]
Saving to: `index.html'

100%[=======================================>] 3,699       --.-K/s   in 0.05s  

17:53:40 (76.1 KB/s) - `index.html' saved [3699/3699]


Additional info:

Our certificate is our course not self-signed. This problem appeared when we
updated our Network Solutions SSL certificate, which now has a chain of trust
through UTN-UserFirst and AddTrust. 

No problems are encountered using this certificate with Firefox or IE, it works
with the wget on my Fedora Core box, and openssl reports our CA chain to be a-ok:

# openssl verify -CAfile /etc/httpd/conf/ssl.crt/netsol_CA_chain.txt
/etc/httpd/conf/ssl.crt/server.crt
/etc/httpd/conf/ssl.crt/server.crt: OK

We can of course work around this by using the --no-check-certificate, but that
defeats half the purpose of using SSL.
Comment 1 Phil Knirsch 2010-09-07 09:39:35 EDT
Verified that with the current rebased wget-1.11.4-2.el5_4.1 i'm not getting that problem anymore.

Closing as ERRATA.

Thanks & regards, Phil

Note You need to log in before you can comment on or make changes to this bug.