Bug#686837: wget --no-check-certificate does check certificate in certain conditions

2012-09-07 Thread Noël Köthe 
tags 686837 + moreinfo unreproducible
thanks

Hello ?,

Am Donnerstag, den 06.09.2012, 15:11 + schrieb j doe:

 wget --no-check-certificate does check certificate in certain conditions
 
 conditions are
 using dns name in wget (wget https://example.tld)
 common name (hostname) field is wrong in certificate
 servername directive is wrong in apache server (or other httpd)
 
 i'm expecting wget not to inspect certificate and/or hostname if --no-check-
 certificate is used.
 
 $ wget --no-check-certificate https://example.tld
 --2012-09-06 15:00:10--  https://example.tld/
 Resolving example.tld (example.tld)... 257.257.257.257
 Connecting to example.tld (example.tld)|257.257.257.257|:443... connected.
 GnuTLS: A TLS warning alert has been received.
 Unable to establish SSL connection.

Can you give me a real world example were the problem is reproducible
for me and others?
Can you give me the output of wget -d ...?

It is not a general problem as far as I can see, so we need more details
and the example:

$ wget https://wiki.debconf.org/
--2012-09-07 23:06:28--  https://wiki.debconf.org/
Resolving wiki.debconf.org (wiki.debconf.org)... 89.16.166.57
Connecting to wiki.debconf.org (wiki.debconf.org)|89.16.166.57|:443... 
connected.
ERROR: The certificate of 'wiki.debconf.org' is not trusted.
ERROR: The certificate of 'wiki.debconf.org' hasn't got a known issuer.
The certificate's owner does not match hostname 'wiki.debconf.org'

$ wget --no-check-certificate https://wiki.debconf.org/
--2012-09-07 23:06:45--  https://wiki.debconf.org/
Resolving wiki.debconf.org (wiki.debconf.org)... 89.16.166.57
Connecting to wiki.debconf.org (wiki.debconf.org)|89.16.166.57|:443... 
connected.
WARNING: The certificate of 'wiki.debconf.org' is not trusted.
WARNING: The certificate of 'wiki.debconf.org' hasn't got a known issuer.
The certificate's owner does not match hostname 'wiki.debconf.org'
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://wiki.debconf.org/wiki/Main_Page [following]
--2012-09-07 23:06:48--  https://wiki.debconf.org/wiki/Main_Page
Reusing existing connection to wiki.debconf.org:443.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'index.html'

[ =] 15,132  
--.-K/s   in 0.09s   

2012-09-07 23:06:48 (158 KB/s) - 'index.html' saved [15132]

-- 
Noël Köthe noel debian.org
Debian GNU/Linux, www.debian.org


signature.asc
Description: This is a digitally signed message part

Bug#686837: wget --no-check-certificate does check certificate in certain conditions

2012-09-06 Thread j doe 
Package: wget
Version: 1.14-1
Severity: normal

Dear Maintainer,

wget --no-check-certificate does check certificate in certain conditions

conditions are
using dns name in wget (wget https://example.tld)
common name (hostname) field is wrong in certificate
servername directive is wrong in apache server (or other httpd)

i'm expecting wget not to inspect certificate and/or hostname if --no-check-
certificate is used.

$ wget --no-check-certificate https://example.tld
--2012-09-06 15:00:10--  https://example.tld/
Resolving example.tld (example.tld)... 257.257.257.257
Connecting to example.tld (example.tld)|257.257.257.257|:443... connected.
GnuTLS: A TLS warning alert has been received.
Unable to establish SSL connection.





-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wget depends on:
ii  dpkg   1.16.8
ii  install-info   4.13a.dfsg.1-10
ii  libc6  2.13-35
ii  libgcrypt111.5.0-3
ii  libgnutls262.12.20-1
ii  libgpg-error0  1.10-3.1
ii  libidn11   1.25-2
ii  libuuid1   2.20.1-5.1
ii  zlib1g 1:1.2.7.dfsg-13

wget recommends no packages.

wget suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org