Bug 674186 - wget fails to verify proper certificate
Summary: wget fails to verify proper certificate
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: wget
Version: 14
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Karsten Hopp
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 667825 (view as bug list)
Depends On:
Blocks: 903756
TreeView+ depends on / blocked
 
Reported: 2011-01-31 22:07 UTC by Till Maas
Modified: 2018-11-14 11:40 UTC (History)
7 users (show)

Fixed In Version: wget-1.12-4.fc14
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 903756 (view as bug list)
Environment:
Last Closed: 2011-08-12 10:52:39 UTC


Attachments (Terms of Use)

Description Till Maas 2011-01-31 22:07:17 UTC
Description of problem:
When I try to download the recent youtube-dl release from github with spectool/wget, it fails:

LANG=C wget https://github.com/rg3/youtube-dl/raw/2011.01.30/youtube-dl
--2011-01-31 22:59:03--  https://github.com/rg3/youtube-dl/raw/2011.01.30/youtube-dl
Resolving github.com... 207.97.227.239
Connecting to github.com|207.97.227.239|:443... connected.
ERROR: certificate common name `*.github.com' doesn't match requested host name `github.com'.
To connect to github.com insecurely, use `--no-check-certificate'.

Looking at the certificate shows me:
openssl s_client -connect github.com:443 | openssl x509 -text
[...]
            X509v3 Subject Alternative Name: 
                DNS:*.github.com, DNS:github.com

Afaik this should mean that the certificate is valid for github.com

Version-Release number of selected component (if applicable):
wget-1.12-2.fc13

How reproducible:
always

Steps to Reproduce:
1. wget https://github.com/rg3/youtube-dl/raw/2011.01.30/youtube-dl
  
Actual results:
fails with certificate error

Expected results:
it should download the file

Comment 1 Ian Collier 2011-02-22 12:24:41 UTC
There's also a Debian bug regarding this issue (namely, failure to correctly check Subject Alternative Names for certificates):

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409938

Comments on that bug say that it has been fixed upstream but there has been no new release with the fix, despite it being well over a year since the fix was committed.

Would it be possible to extract the patch and add it to the current Fedora version?

Comment 2 Volker Fröhlich 2011-06-23 09:37:25 UTC
http://www.geofrogger.net/review/wget-1.12-3.1.fc15.src.rpm

I applied upstream's patch, but can only test by tomorrow. The Github example doesn't seem to cause problems on the original wget version anymore.

Comment 3 Volker Fröhlich 2011-06-23 21:14:25 UTC
http://koji.fedoraproject.org/koji/taskinfo?taskID=3156329

I just tried it and it doesn't complain any more, where the original version did. I assume it's working.

Comment 4 Volker Fröhlich 2011-07-07 13:01:38 UTC
Please respond to this ticket!

Comment 5 Ian Collier 2011-07-07 13:23:17 UTC
> I just tried it and it doesn't complain any more, where the original version
> did. I assume it's working.

As far as I can tell, same is true here.

Comment 6 Werner Gold 2011-07-07 20:41:21 UTC
Hi Karsten,

same problem with the most recent version of wget in RHEL5 and www.paypal.com. Just raised a support ticket as well.

Comment 7 Volker Fröhlich 2011-07-16 14:27:48 UTC
Any news so far?

Comment 8 Fedora Update System 2011-08-03 09:21:20 UTC
wget-1.12-4.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/wget-1.12-4.fc16

Comment 9 Fedora Update System 2011-08-03 09:22:24 UTC
wget-1.12-4.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/wget-1.12-4.fc15

Comment 10 Fedora Update System 2011-08-03 09:23:05 UTC
wget-1.12-4.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/wget-1.12-4.fc14

Comment 11 Fedora Update System 2011-08-03 22:53:50 UTC
Package wget-1.12-4.fc14:
* should fix your issue,
* was pushed to the Fedora 14 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing wget-1.12-4.fc14'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/wget-1.12-4.fc14
then log in and leave karma (feedback).

Comment 12 Matt McCutchen 2011-08-06 02:17:52 UTC
*** Bug 667825 has been marked as a duplicate of this bug. ***

Comment 13 Fedora Update System 2011-08-12 10:52:27 UTC
wget-1.12-4.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2011-08-12 18:22:02 UTC
wget-1.12-4.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2011-08-12 18:26:39 UTC
wget-1.12-4.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2011-08-22 15:24:18 UTC
wget-1.12-4.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.