On 04/11/2018 02:29 PM, Jonathan Bennett wrote: > Ah, that's what it is. Firefox is pulling Comodo off their CA list, and > that's who signs Cipherdyne's cert. I'm sure Michael will get this sorted on > the server end as soon as he can. I may have jumped the gun on this conclusion. The article I was reading was from several years back, so not as relevant as I thought. You could try downgrading the ca-certificates package to see if that restores functionality. > > On 04/11/2018 02:19 PM, Mattia Oss wrote: >> On Wed, Apr 11, 2018 at 12:48:38PM -0500, Jonathan Bennett wrote: >>> Is it only the cipherdyne site that gives that error, or all https sites? >>> It's probably a sign that your CA file isn't in place as wget expects. Is >>> this from within a Cygwin instance on Windows, per chance? The following >>> is a link describing what >>> I suspect to be happening. >>> https://stackoverflow.com/questions/9224298/how-do-i-fix-certificate-errors-when-running-wget-on-an-https-url-in-cygwin >> >> You're right, I have this problem with all https sites. I'm using Debian >> Unstable. >> >> I found a temporary workaround: >> $ LANG=C /usr/bin/wget -U Fwknop/2.6.9 --secure-protocol=auto -O - >> https://www.cipherdyne.org/cgi-bin/myip --no-check-certificate >> --2018-04-11 21:13:56-- https://www.cipherdyne.org/cgi-bin/myip >> Resolving www.cipherdyne.org (www.cipherdyne.org)... 67.20.100.192 >> Connecting to www.cipherdyne.org (www.cipherdyne.org)|67.20.100.192|:443... >> connected. >> HTTP request sent, awaiting response... 200 OK >> Length: 14 [text/html] >> Saving to: 'STDOUT' >> >> - 0%[ >> >> >> ] 0 --.-KB/s 87.2.241.181 >> - >> 100%[===================================================================================================================================================================>] >> 14 --.-KB/s in 0s >> >> 2018-04-11 21:13:57 (30,1 MB/s) - written to stdout [14/14] >> >> Is it possible to pass the option '--no-check-certificate' to wget? >> >> This is the changelog of the package ca-certificates: >> ca-certificates (20180409) unstable; urgency=medium >> >> [ Michael Shuler ] >> * mozilla/{certdata.txt,nssckbi.h}: >> Update Mozilla certificate authority bundle to version 2.22. >> The following certificate authorities were added (+): >> + "GDCA TrustAUTH R5 ROOT" >> + "SSL.com EV Root Certification Authority ECC" >> + "SSL.com EV Root Certification Authority RSA R2" >> + "SSL.com Root Certification Authority ECC" >> + "SSL.com Root Certification Authority RSA" >> + "TrustCor ECA-1" >> + "TrustCor RootCert CA-1" >> + "TrustCor RootCert CA-2" >> The following certificate authorities were removed (-): >> - "ACEDICOM Root" >> - "AddTrust Low-Value Services Root" >> - "AddTrust Public Services Root" >> - "AddTrust Qualified Certificates Root" >> - "CA Disig Root R1" >> - "CNNIC ROOT" >> - "Camerfirma Chambers of Commerce Root" >> - "Camerfirma Global Chambersign Root" >> - "Certinomis - Autorité Racine" >> - "Certum Root CA" >> - "China Internet Network Information Center EV Certificates Root" >> - "Comodo Secure Services root" >> - "Comodo Trusted Services root" >> - "DST ACES CA X6" >> - "GeoTrust Global CA 2" >> - "PSCProcert" >> - "Security Communication EV RootCA1" >> - "Swisscom Root CA 1" >> - "Swisscom Root CA 2" >> - "Swisscom Root EV CA 2" >> - "TURKTRUST Certificate Services Provider Root 2007" >> - "TUBITAK UEKAE Kok Sertifika Hizmet Saglayicisi - Surum 3" >> - "UTN USERFirst Hardware Root CA" >> * mozilla/blacklist.txt >> Update blacklist to remove certificates no longer in certdata.txt and >> explicitly ignore distrusted certificates. >> * debian/copyright: >> Fix lintian insecure-copyright-format-uri with https URL. >> * debian/changelog: >> Fix lintian file-contains-trailing-whitespace. >> * debian/{compat,control}: >> Set to debhelper compat 11. >> * Update openssl dependency to >= 1.1.0 to support `openssl rehash` and >> drop >> usage of `c_rehash` script. Closes: #895075 >> >> [ Thijs Kinkhorst ] >> * Remove Christian Perrier from uploaders at his request (closes: #894070). >> * Checked for policy 4.1.4, no changes. >> >> -- Michael Shuler <mich...@pbandjelly.org> Mon, 09 Apr 2018 18:43:49 -0500 >> >> Maybe the last update broke something? >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Fwknop-discuss mailing list >> Fwknop-discuss@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss >> > >
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss