On Wed, Apr 11, 2018 at 12:48:38PM -0500, Jonathan Bennett wrote: > Is it only the cipherdyne site that gives that error, or all https sites? > It's probably a sign that your CA file isn't in place as wget expects. Is > this from within a Cygwin instance on Windows, per chance? The following is > a link describing what > I suspect to be happening. > https://stackoverflow.com/questions/9224298/how-do-i-fix-certificate-errors-when-running-wget-on-an-https-url-in-cygwin
You're right, I have this problem with all https sites. I'm using Debian Unstable. I found a temporary workaround: $ LANG=C /usr/bin/wget -U Fwknop/2.6.9 --secure-protocol=auto -O - https://www.cipherdyne.org/cgi-bin/myip --no-check-certificate --2018-04-11 21:13:56-- https://www.cipherdyne.org/cgi-bin/myip Resolving www.cipherdyne.org (www.cipherdyne.org)... 67.20.100.192 Connecting to www.cipherdyne.org (www.cipherdyne.org)|67.20.100.192|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 14 [text/html] Saving to: 'STDOUT' - 0%[ ] 0 --.-KB/s 87.2.241.181 - 100%[===================================================================================================================================================================>] 14 --.-KB/s in 0s 2018-04-11 21:13:57 (30,1 MB/s) - written to stdout [14/14] Is it possible to pass the option '--no-check-certificate' to wget? This is the changelog of the package ca-certificates: ca-certificates (20180409) unstable; urgency=medium [ Michael Shuler ] * mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority bundle to version 2.22. The following certificate authorities were added (+): + "GDCA TrustAUTH R5 ROOT" + "SSL.com EV Root Certification Authority ECC" + "SSL.com EV Root Certification Authority RSA R2" + "SSL.com Root Certification Authority ECC" + "SSL.com Root Certification Authority RSA" + "TrustCor ECA-1" + "TrustCor RootCert CA-1" + "TrustCor RootCert CA-2" The following certificate authorities were removed (-): - "ACEDICOM Root" - "AddTrust Low-Value Services Root" - "AddTrust Public Services Root" - "AddTrust Qualified Certificates Root" - "CA Disig Root R1" - "CNNIC ROOT" - "Camerfirma Chambers of Commerce Root" - "Camerfirma Global Chambersign Root" - "Certinomis - Autorité Racine" - "Certum Root CA" - "China Internet Network Information Center EV Certificates Root" - "Comodo Secure Services root" - "Comodo Trusted Services root" - "DST ACES CA X6" - "GeoTrust Global CA 2" - "PSCProcert" - "Security Communication EV RootCA1" - "Swisscom Root CA 1" - "Swisscom Root CA 2" - "Swisscom Root EV CA 2" - "TURKTRUST Certificate Services Provider Root 2007" - "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3" - "UTN USERFirst Hardware Root CA" * mozilla/blacklist.txt Update blacklist to remove certificates no longer in certdata.txt and explicitly ignore distrusted certificates. * debian/copyright: Fix lintian insecure-copyright-format-uri with https URL. * debian/changelog: Fix lintian file-contains-trailing-whitespace. * debian/{compat,control}: Set to debhelper compat 11. * Update openssl dependency to >= 1.1.0 to support `openssl rehash` and drop usage of `c_rehash` script. Closes: #895075 [ Thijs Kinkhorst ] * Remove Christian Perrier from uploaders at his request (closes: #894070). * Checked for policy 4.1.4, no changes. -- Michael Shuler <mich...@pbandjelly.org> Mon, 09 Apr 2018 18:43:49 -0500 Maybe the last update broke something? ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
