Ah, that's what it is.  Firefox is pulling Comodo off their CA list, and that's 
who signs Cipherdyne's cert.  I'm sure Michael will get this sorted on the 
server end as soon as he can.

On 04/11/2018 02:19 PM, Mattia Oss wrote:
> On Wed, Apr 11, 2018 at 12:48:38PM -0500, Jonathan Bennett wrote:
>> Is it only the cipherdyne site that gives that error, or all https sites?  
>> It's probably a sign that your CA file isn't in place as wget expects.  Is 
>> this from within a Cygwin instance on Windows, per chance?  The following is 
>> a link describing what
>> I suspect to be happening.
>> https://stackoverflow.com/questions/9224298/how-do-i-fix-certificate-errors-when-running-wget-on-an-https-url-in-cygwin
> 
> You're right, I have this problem with all https sites. I'm using Debian
> Unstable.
> 
> I found a temporary workaround:
> $ LANG=C /usr/bin/wget -U Fwknop/2.6.9 --secure-protocol=auto -O - 
> https://www.cipherdyne.org/cgi-bin/myip --no-check-certificate
> --2018-04-11 21:13:56--  https://www.cipherdyne.org/cgi-bin/myip
> Resolving www.cipherdyne.org (www.cipherdyne.org)... 67.20.100.192
> Connecting to www.cipherdyne.org (www.cipherdyne.org)|67.20.100.192|:443... 
> connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 14 [text/html]
> Saving to: 'STDOUT'
> 
> -                                                                      0%[    
>                                                                               
>                                                                               
>     ]       0  --.-KB/s               87.2.241.181
> -                                                                    
> 100%[===================================================================================================================================================================>]
>       14  --.-KB/s    in 0s
> 
> 2018-04-11 21:13:57 (30,1 MB/s) - written to stdout [14/14]
> 
> Is it possible to pass the option '--no-check-certificate' to wget?
> 
> This is the changelog of the package ca-certificates:
> ca-certificates (20180409) unstable; urgency=medium
> 
>   [ Michael Shuler ]
>   * mozilla/{certdata.txt,nssckbi.h}:
>     Update Mozilla certificate authority bundle to version 2.22.
>     The following certificate authorities were added (+):
>     + "GDCA TrustAUTH R5 ROOT"
>     + "SSL.com EV Root Certification Authority ECC"
>     + "SSL.com EV Root Certification Authority RSA R2"
>     + "SSL.com Root Certification Authority ECC"
>     + "SSL.com Root Certification Authority RSA"
>     + "TrustCor ECA-1"
>     + "TrustCor RootCert CA-1"
>     + "TrustCor RootCert CA-2"
>     The following certificate authorities were removed (-):
>     - "ACEDICOM Root"
>     - "AddTrust Low-Value Services Root"
>     - "AddTrust Public Services Root"
>     - "AddTrust Qualified Certificates Root"
>     - "CA Disig Root R1"
>     - "CNNIC ROOT"
>     - "Camerfirma Chambers of Commerce Root"
>     - "Camerfirma Global Chambersign Root"
>     - "Certinomis - Autorité Racine"
>     - "Certum Root CA"
>     - "China Internet Network Information Center EV Certificates Root"
>     - "Comodo Secure Services root"
>     - "Comodo Trusted Services root"
>     - "DST ACES CA X6"
>     - "GeoTrust Global CA 2"
>     - "PSCProcert"
>     - "Security Communication EV RootCA1"
>     - "Swisscom Root CA 1"
>     - "Swisscom Root CA 2"
>     - "Swisscom Root EV CA 2"
>     - "TURKTRUST Certificate Services Provider Root 2007"
>     - "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3"
>     - "UTN USERFirst Hardware Root CA"
>   * mozilla/blacklist.txt
>     Update blacklist to remove certificates no longer in certdata.txt and
>     explicitly ignore distrusted certificates.
>   * debian/copyright:
>     Fix lintian insecure-copyright-format-uri with https URL.
>   * debian/changelog:
>     Fix lintian file-contains-trailing-whitespace.
>   * debian/{compat,control}:
>     Set to debhelper compat 11.
>   * Update openssl dependency to >= 1.1.0 to support `openssl rehash` and drop
>     usage of `c_rehash` script. Closes: #895075
> 
>   [ Thijs Kinkhorst ]
>   * Remove Christian Perrier from uploaders at his request (closes: #894070).
>   * Checked for policy 4.1.4, no changes.
> 
>  -- Michael Shuler <mich...@pbandjelly.org>  Mon, 09 Apr 2018 18:43:49 -0500
> 
> Maybe the last update broke something?
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Fwknop-discuss mailing list
> Fwknop-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
> 


Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss

Reply via email to