Re: [Bug-wget] Wget cannot validate https://ftp.gnu.org?

On Wed, Oct 18, 2017 at 7:58 PM, Jeffrey Walton wrote: > On Mon, Oct 16, 2017 at 4:52 AM, Tim Rühsen wrote: >> ... >> >> Caveat: wget has been build with GnuTLS (3.5.15). The OpenSSL (1.1.0f) >> code seems not to support --ca-directory !? It succeeds with

Re: [Bug-wget] Wget cannot validate https://ftp.gnu.org?

On Mon, Oct 16, 2017 at 4:52 AM, Tim Rühsen wrote: > ... > > Caveat: wget has been build with GnuTLS (3.5.15). The OpenSSL (1.1.0f) > code seems not to support --ca-directory !? It succeeds with both the > above tests. While we only actively support GnuTLS, we accept OpenSSL >

Re: [Bug-wget] Wget cannot validate https://ftp.gnu.org?

On Mon, Oct 16, 2017 at 4:52 AM, Tim Rühsen wrote: > Hi Jeffrey, > ... > Caveat: wget has been build with GnuTLS (3.5.15). The OpenSSL (1.1.0f) > code seems not to support --ca-directory !? It succeeds with both the > above tests. While we only actively support GnuTLS, we

Re: [Bug-wget] Wget cannot validate https://ftp.gnu.org?

Hi Jeffrey, I can't reproduce your issue on the first try (Debian unstable here). That means the issuers cert (DST Root CA X3,O=Digital Signature Trust Co.) is part of the systems's CA cert store. $ ls -la /etc/ssl/certs/*X3* lrwxrwxrwx 1 root root 53 27-10-11 09:39:52

Re: [Bug-wget] Wget cannot validate https://ftp.gnu.org?

So it looks like the behavior below is inherited from OpenSSL: $ openssl s_client -connect ftp.gnu.org:443 -servername ftp.gnu.org -CAfile ~/.cacert/lets-encrypt-root-x3.pem CONNECTED(0003) ... Verify return code: 2 (unable to get issuer certificate) However, OpenSSL also has -partial-chain

[Bug-wget] Wget cannot validate https://ftp.gnu.org?

I'm having trouble downloading tarballs from ftp.gnu.org using wget. wget --ca-certificate="$HOME/.cacert/lets-encrypt-root-x3.pem" "https://ftp.gnu.org/gnu/libunistring/libunistring-0.9.7.tar.gz; -O libunistring-0.9.7.tar.gz --2017-10-14 17:59:40--