On Wed, Apr 11, 2018 at 12:48:38PM -0500, Jonathan Bennett wrote:
> Is it only the cipherdyne site that gives that error, or all https sites?  
> It's probably a sign that your CA file isn't in place as wget expects.  Is 
> this from within a Cygwin instance on Windows, per chance?  The following is 
> a link describing what
> I suspect to be happening.
> https://stackoverflow.com/questions/9224298/how-do-i-fix-certificate-errors-when-running-wget-on-an-https-url-in-cygwin

You're right, I have this problem with all https sites. I'm using Debian
Unstable.

I found a temporary workaround:
$ LANG=C /usr/bin/wget -U Fwknop/2.6.9 --secure-protocol=auto -O - 
https://www.cipherdyne.org/cgi-bin/myip --no-check-certificate
--2018-04-11 21:13:56--  https://www.cipherdyne.org/cgi-bin/myip
Resolving www.cipherdyne.org (www.cipherdyne.org)... 67.20.100.192
Connecting to www.cipherdyne.org (www.cipherdyne.org)|67.20.100.192|:443... 
connected.
HTTP request sent, awaiting response... 200 OK
Length: 14 [text/html]
Saving to: 'STDOUT'

-                                                                      0%[      
                                                                                
                                                                              ] 
      0  --.-KB/s               87.2.241.181
-                                                                    
100%[===================================================================================================================================================================>]
      14  --.-KB/s    in 0s

2018-04-11 21:13:57 (30,1 MB/s) - written to stdout [14/14]

Is it possible to pass the option '--no-check-certificate' to wget?

This is the changelog of the package ca-certificates:
ca-certificates (20180409) unstable; urgency=medium

  [ Michael Shuler ]
  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.22.
    The following certificate authorities were added (+):
    + "GDCA TrustAUTH R5 ROOT"
    + "SSL.com EV Root Certification Authority ECC"
    + "SSL.com EV Root Certification Authority RSA R2"
    + "SSL.com Root Certification Authority ECC"
    + "SSL.com Root Certification Authority RSA"
    + "TrustCor ECA-1"
    + "TrustCor RootCert CA-1"
    + "TrustCor RootCert CA-2"
    The following certificate authorities were removed (-):
    - "ACEDICOM Root"
    - "AddTrust Low-Value Services Root"
    - "AddTrust Public Services Root"
    - "AddTrust Qualified Certificates Root"
    - "CA Disig Root R1"
    - "CNNIC ROOT"
    - "Camerfirma Chambers of Commerce Root"
    - "Camerfirma Global Chambersign Root"
    - "Certinomis - Autorité Racine"
    - "Certum Root CA"
    - "China Internet Network Information Center EV Certificates Root"
    - "Comodo Secure Services root"
    - "Comodo Trusted Services root"
    - "DST ACES CA X6"
    - "GeoTrust Global CA 2"
    - "PSCProcert"
    - "Security Communication EV RootCA1"
    - "Swisscom Root CA 1"
    - "Swisscom Root CA 2"
    - "Swisscom Root EV CA 2"
    - "TURKTRUST Certificate Services Provider Root 2007"
    - "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
    - "UTN USERFirst Hardware Root CA"
  * mozilla/blacklist.txt
    Update blacklist to remove certificates no longer in certdata.txt and
    explicitly ignore distrusted certificates.
  * debian/copyright:
    Fix lintian insecure-copyright-format-uri with https URL.
  * debian/changelog:
    Fix lintian file-contains-trailing-whitespace.
  * debian/{compat,control}:
    Set to debhelper compat 11.
  * Update openssl dependency to >= 1.1.0 to support `openssl rehash` and drop
    usage of `c_rehash` script. Closes: #895075

  [ Thijs Kinkhorst ]
  * Remove Christian Perrier from uploaders at his request (closes: #894070).
  * Checked for policy 4.1.4, no changes.

 -- Michael Shuler <mich...@pbandjelly.org>  Mon, 09 Apr 2018 18:43:49 -0500

Maybe the last update broke something?


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss

Reply via email to