[bug #58097] Wget doesn't download intermediate certificates when not supplied in the response

Wed, 01 Apr 2020 16:49:40 -0700 

URL:
  <https://savannah.gnu.org/bugs/?58097>

                 Summary: Wget doesn't download intermediate certificates when
not supplied in the response
                 Project: GNU Wget
            Submitted by: None
            Submitted on: Wed 01 Apr 2020 11:48:34 PM UTC
                Category: Feature Request
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: Michael Clark
        Originator Email: clark.michael.c+wgetb...@gmail.com
             Open/Closed: Open
                 Release: 1.20
         Discussion Lock: Any
        Operating System: GNU/Linux
         Reproducibility: Every Time
           Fixed Release: None
         Planned Release: None
              Regression: No
           Work Required: None
          Patch Included: No

    _______________________________________________________

Details:

When using `wget` to connect to an Apache server which I believe lacks the
`SSLCertificateChainFire` directive (www.xocolatl.com; I've contacted the
server administrator to request a fix, so might not work indefinitely) using a
Let's Encrypt certificate, `wget` reports (from running `wget
https://www.xocolatl.com/`):

> ERROR: The certificate of ‘www.xocolatl.com’ is not trusted.            
                                                                              
                   
> ERROR: The certificate of ‘www.xocolatl.com’ doesn't have a known
issuer.

The site works fine in Chrome on Linux, and other sites using Let's Encrypt
certificates work fine on my machine using `wget`.
https://www.ssllabs.com/ssltest/analyze.html?d=www.xocolatl.com&s=116.202.171.177
shows that the intermediate certificate requires an extra download, and
https://discussions.qualys.com/thread/12098 reports essentially the same
issue.

What I expected: `wget` would connect to the server and get the page as usual,
as works in my browser.

Can we make `wget` do the same as browsers, and fetch intermediate
certificates? How difficult would that be?



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Wed 01 Apr 2020 11:48:34 PM UTC  Name: wget-d-xocolatl.com.txt  Size:
776B   By: None
Debug output
<http://savannah.gnu.org/bugs/download.php?file_id=48730>

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?58097>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

Reply via email to