Re: [pca] back and annoyed

Tue, 18 Aug 2009 08:08:17 -0700 


Martin Paul wrote:

Hi Don,


I don't believe that there are any plans to move the patchdiag.xref 
file to Akamai, but I will try to get confirmation.

DOM> I have confirmed that the patchdiag.xerf will remain on SunSolve.



Ok, thanks. I hope that downloads will really be more stable now when 
going through Akamai - after all there are now at least three servers 
and two redirects involved for each download, all of which could fail ..

DOM> I hope so too. We are still experiencing some teething problems, 
but we are working to sort them out.





http://sunsolve.sun.com/search/document.do?assetkey=1-9-240066-1 
was updated last Friday to reflect this information.

If you feel that there is anything missing from this document that 
you feel would be useful please let me know and I can get it added.



AFAIK, wget 1.11 (this exact version) will not work at all with the 
described method. It was this version where download from SunSolves 
with --http-user and --http-passwd suddenly stopped working. I talked 
about that to Micah Cowan, and he fixed it by adding 
--auth-no-challenge to wget in 1.11.1. That's why I use a different 
method to provide SOA data in pca, which works with all versions of wget.

DOM> Ok, thanks Martin.

DOM> I have confirmed that 1.11 will not work (even if I try to add 
parameters to /.wgetrc).
DOM> I'll get 
http://sunsolve.sun.com/search/document.do?assetkey=1-9-240066-1 updated 
to reflect this.



One thing that's been a nuisance for a long time, and which you list 
as well:


  Use the "--no-check-certificate". This is not available with earlier
  versions of wget and may result in problems with certificates.

DOM> I have version 1.10.2 installed and always use 
"--no-check-certificate" with wget .

DOM> I'm not seeing any issue with this.



The reason for all those problems with the certificate is that on 
Solaris there are no default CA certs installed with wget or OpenSSL. 
When trying e.g. "wget https://sunsolve.sun.com/patchdiag.xref"; on 
some Linux system, it will work without a flaw, because some default 
CA certs are delivered with the OS. I always wondered why doesn't do 
something similar with Solaris - as the certs come on DVD or from a 
checksummed ISO image, this should be pretty safe. I understand that 
this is not part of the area you work in, but still wanted to bring it 
up.

DOM> I'll pass this one on, once I figure out where to pass it to...

Thanks for the feedback!

Best,
-Don


Martin.

























					Reply via email to