Re: [Bug-wget] Need to handle wild card certificates

2010-12-02 Thread Petr Pisar 
On Thu, Dec 02, 2010 at 10:21:29PM +0100, Giuseppe Scrivano wrote:
> I am not sure yet about the next release, I can't apply a patch because
> the author hasn't assigned copyright to the FSF yet.  I don't think
> there will be a release before 2-3 weeks.
> 
This concrete server certificate provides DNS subject alternative names (SAN)
which are implemented in wget by a patch already commited into trunk. The SAN
patch has been written by me and the copyright asssignement to FSF has been
handled more than a year ago. (Otherwise Mica did not commit the code).

(BTW referencing the commit by ordinal number in bazaar VCS is nonsense as the
ordinal numbers are not global stable. The correct identifier is revision-id
`petr.pi...@atlas.cz-20091024230644-bawcvao7wi71y1ky'.)

I communicated the copyright assignement with Mica by direct e-mails. Please
ask him or FSF.)

-- Petr


pgpSHSHTCdoh9.pgp
Description: PGP signature

Re: [Bug-wget] Need to handle wild card certificates

2010-12-02 Thread Giuseppe Scrivano 
I am not sure yet about the next release, I can't apply a patch because
the author hasn't assigned copyright to the FSF yet.  I don't think
there will be a release before 2-3 weeks.

Cheers,
Giuseppe



Orion Poplawski  writes:

> Thanks for the information.  Is a new release scheduled soon?  It's
> causing trouble with packaging on Fedora, so if a new release is not
> scheduled I may file a Fedora bug for a bugfix update in the mean
> time.
>
> On 12/02/2010 06:52 AM, Giuseppe Scrivano wrote:
>> Thanks for your report, but it seems that this problem is fixed in the
>> development version by the commit #2317.
>>
>> Giuseppe
>>
>>
>>
>> Orion Poplawski  writes:
>>
>>> --2010-12-01 10:27:05--
>>> https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.bz2
>>> Connecting to tn123.org|94.23.160.241|:443... connected.
>>> ERROR: certificate common name “*.tn123.org” doesn’t match requested
>>> host name “tn123.org”.
>>> To connect to tn123.org insecurely, use ‘--no-check-certificate’.
>>>
>>> Firefox connects fine without complaining.

Re: [Bug-wget] Question

2010-12-02 Thread Micah Cowan 
(12/02/2010 09:59 AM), Pavel-rambler wrote:
> Hello.
> As the program wget to calculate - what size borrows a site,
> and what total of files on a site?

Hello,

I'm sorry to say that I don't understand your English well enough to
know what you're trying to ask. Perhaps you'll be better served by a
Russian-language forum about wget (use Google)?

Also, it's really not necessary to post the same message twice in a
three-hour period.

-- 
Micah J. Cowan
http://micah.cowan.name/

[Bug-wget] Question

2010-12-02 Thread Pavel-rambler 
Hello.
As the program wget to calculate - what size borrows a site,
and what total of files on a site?
-- 
Best regards,
 Pavel-rambler  mailto:cempa...@rambler.ru

Re: [Bug-wget] Fwd: Possible Bug Discovered w/ https proxy

2010-12-02 Thread Micah Cowan 
(12/02/2010 10:28 AM), John Anderson wrote:
> I'm resending this once.  It was my first message to the bug-wget mailing
> list once I got some issues that were causing my mail to bounce from the
> list, and I'm not sure this message made it to the list.  If anyone on the
> list gets this, please reply just so I know I can send to the list.

It made it; yesterday too.

BTW, in the future you can check the mailing list archives. There are
two; see http://wget.addictivecode.org/MailingLists

(Note: at the moment, actually only the gmane archive at
http://news.gmane.org/gmane.comp.web.wget.general is working right now;
the FSF is currently having issues with some of their websites.)

Also, both archives operate on at least some sort of delay; at the
moment, the one from today (Dec 2) hasn't shown up yet in Gmane (and I
believe the FSF's listman/pipermail archives may be on a higher delay
than Gmane's), so wait ~24 hrs before deciding a message wasn't received
because it's not in the archives.

-- 
HTH,
Micah J. Cowan
http://micah.cowan.name/

[Bug-wget] Fwd: Possible Bug Discovered w/ https proxy

2010-12-02 Thread John Anderson 
I'm resending this once.  It was my first message to the bug-wget mailing
list once I got some issues that were causing my mail to bounce from the
list, and I'm not sure this message made it to the list.  If anyone on the
list gets this, please reply just so I know I can send to the list.

Thanks,

John A.

-- Forwarded message --
From: John Anderson 
Date: Wed, Dec 1, 2010 at 11:30 AM
Subject: Possible Bug Discovered w/ https proxy
To: bug-wget@gnu.org


Wget Maintainers,



I may have discovered a bug that occurs when wget version 1.12  attempts to
use an https proxy.  It appears as though wget, even when told to use an
https proxy attempts to make a plaintext connection to the proxy server.





On the client host, I perform the following actions:



[r...@host johna]# export https_proxy="https://proxy:3128";

[r...@host johna]# wget --proxy 'https://ccbux2/index.html'

--2010-11-24 14:51:07--  https://ccbux2 /index.html

Resolving proxy... 192.168.10.144

Connecting to proxy|192.168.10.144|:3128... connected.

Failed reading proxy response: Connection reset by peer

Retrying.



--2010-11-24 14:51:08--  (try: 2)  https://ccbux2 /index.html

Connecting to proxy|192.168.10.144|:3128... connected.

Failed reading proxy response: Connection reset by peer

Retrying.



--2010-11-24 14:51:10--  (try: 3)  https://ccbux2 /index.html

Connecting to proxy|192.168.10.144|:3128... connected.

Failed reading proxy response: Connection reset by peer

Retrying.





The remote host is a squid proxy, in the logs I see this:



Squid logged event:

==> /var/squid/logs/cache.log <==

2010/11/24 13:18:59| clientNegotiateSSL: Error negotiating SSL connection on
FD 12: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy
request (1/-1)





Is this something I’m doing wrong, or does this appear to be reproducible in
wget-1.12.  Other pertinent info follows:



[r...@host johna]# wget --version

GNU Wget 1.12 built on linux-gnu.



+digest +ipv6 +nls +ntlm +opie +md5/openssl +https -gnutls +openssl

-iri



Wgetrc:

/etc/wgetrc (system)

Locale: /usr/share/locale

Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc"

-DLOCALEDIR="/usr/share/locale" -I. -I../lib

-I/usr/kerberos/include -O2 -g -D_FORTIFY_SOURCE=2

-fstack-protector

Link: gcc -O2 -g -D_FORTIFY_SOURCE=2 -fstack-protector -g -O1 -lssl -lcrypto

-ldl -lz /usr/lib64/libssl.so /usr/lib64/libcrypto.so -ldl -lrt

ftp-opie.o openssl.o http-ntlm.o gen-md5.o ../lib/libgnu.a



Copyright (C) 2009 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later

.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.



Originally written by Hrvoje Niksic .

Currently maintained by Micah Cowan .

Please send bug reports and questions to .

You have new mail in /var/spool/mail/root



[r...@host johna]# ldd /usr/bin/wget

linux-vdso.so.1 =>  (0x672cfa45e000)

libssl.so.7 => /lib64/libssl.so.7 (0x672cf9ff9000)

   libcrypto.so.7 => /lib64/libcrypto.so.7 (0x672cf9c82000)

libdl.so.2 => /lib64/libdl.so.2 (0x672cf9a7e000)

libz.so.1 => /usr/lib64/libz.so.1 (0x672cf986a000)

librt.so.1 => /lib64/librt.so.1 (0x672cf9661000)

libc.so.6 => /lib64/libc.so.6 (0x672cf9311000)

libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2
(0x672cf90e7000)

libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x672cf8e52000)

libcom_err.so.2 => /lib64/libcom_err.so.2 (0x672cf8c5)

libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x672cf8a2b000)

libresolv.so.2 => /lib64/libresolv.so.2 (0x672cf8816000)

/lib64/ld-linux-x86-64.so.2 (0x672cfa246000)

libpthread.so.0 => /lib64/libpthread.so.0 (0x672cf85fc000)

libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0
(0x672cf83f5000)

[Bug-wget] Question

2010-12-02 Thread Pavel-rambler 
Hello.
As the program wget to learn - how many places are borrowed with a site,
and total of files on a site?
-- 
Best regards,
 Pavel-rambler  mailto:cempa...@rambler.ru

Re: [Bug-wget] Need to handle wild card certificates

2010-12-02 Thread Orion Poplawski 
Thanks for the information.  Is a new release scheduled soon?  It's causing 
trouble with packaging on Fedora, so if a new release is not scheduled I may 
file a Fedora bug for a bugfix update in the mean time.


On 12/02/2010 06:52 AM, Giuseppe Scrivano wrote:

Thanks for your report, but it seems that this problem is fixed in the
development version by the commit #2317.

Giuseppe



Orion Poplawski  writes:


--2010-12-01 10:27:05--
https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.bz2
Connecting to tn123.org|94.23.160.241|:443... connected.
ERROR: certificate common name “*.tn123.org” doesn’t match requested
host name “tn123.org”.
To connect to tn123.org insecurely, use ‘--no-check-certificate’.

Firefox connects fine without complaining.



--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA DivisionFAX: 303-415-9702
3380 Mitchell Lane  or...@cora.nwra.com
Boulder, CO 80301  http://www.cora.nwra.com

Re: [Bug-wget] Need to handle wild card certificates

2010-12-02 Thread Giuseppe Scrivano 
Thanks for your report, but it seems that this problem is fixed in the
development version by the commit #2317.

Giuseppe



Orion Poplawski  writes:

> --2010-12-01 10:27:05-- 
> https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.bz2
> Connecting to tn123.org|94.23.160.241|:443... connected.
> ERROR: certificate common name “*.tn123.org” doesn’t match requested
> host name “tn123.org”.
> To connect to tn123.org insecurely, use ‘--no-check-certificate’.
>
> Firefox connects fine without complaining.