GNU bug report logs -
#22408
wget rejects Let's Encrypt certs, although Icecat accepts them
Previous Next
Reported by: Mark H Weaver <mhw <at> netris.org>
Date: Tue, 19 Jan 2016 14:28:02 UTC
Severity: normal
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 22408 in the body.
You can then email your comments to 22408 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#22408; Package
guix.
(Tue, 19 Jan 2016 14:28:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Mark H Weaver <mhw <at> netris.org>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Tue, 19 Jan 2016 14:28:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
On recent GuixSD, IceCat accepts the Let's Encrypt certificate from
https://git.dthompson.us/, but 'wget' rejects it:
mhw <at> jojen:~$ wget https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf
--2016-01-19 09:23:23-- https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf
Resolving git.dthompson.us (git.dthompson.us)... 23.92.20.238
Connecting to git.dthompson.us (git.dthompson.us)|23.92.20.238|:443... connected.
ERROR: The certificate of ‘git.dthompson.us’ is not trusted.
ERROR: The certificate of ‘git.dthompson.us’ hasn't got a known issuer.
Mark
Information forwarded
to
bug-guix <at> gnu.org:
bug#22408; Package
guix.
(Wed, 20 Jan 2016 05:04:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 22408 <at> debbugs.gnu.org (full text, mbox):
On Tue, Jan 19, 2016 at 09:27:09AM -0500, Mark H Weaver wrote:
> On recent GuixSD, IceCat accepts the Let's Encrypt certificate from
> https://git.dthompson.us/, but 'wget' rejects it:
>
> mhw <at> jojen:~$ wget https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf
> --2016-01-19 09:23:23-- https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf
> Resolving git.dthompson.us (git.dthompson.us)... 23.92.20.238
> Connecting to git.dthompson.us (git.dthompson.us)|23.92.20.238|:443... connected.
> ERROR: The certificate of ‘git.dthompson.us’ is not trusted.
> ERROR: The certificate of ‘git.dthompson.us’ hasn't got a known issuer.
I don't think this issue is specific to our packaging. On up-to-date
Debian testing, I have the same result from Debian's wget.
I don't know how good the ssllabs.com test is, but it did report some
errors while testing the domain.
Let's Encrypt certs can work in Debian's and Guix's wget. I could `wget
--https-only` from my domain with a Let's Encrypt cert with HTTP Strict
Transport Security enabled.
>
> Mark
>
>
>
Information forwarded
to
bug-guix <at> gnu.org:
bug#22408; Package
guix.
(Sun, 24 Jan 2016 13:28:03 GMT)
Full text and
rfc822 format available.
Message #11 received at 22408 <at> debbugs.gnu.org (full text, mbox):
Leo Famulari <leo <at> famulari.name> writes:
> On Tue, Jan 19, 2016 at 09:27:09AM -0500, Mark H Weaver wrote:
>> On recent GuixSD, IceCat accepts the Let's Encrypt certificate from
>> https://git.dthompson.us/, but 'wget' rejects it:
>>
>> mhw <at> jojen:~$ wget https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf
>> --2016-01-19 09:23:23-- https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf
>> Resolving git.dthompson.us (git.dthompson.us)... 23.92.20.238
>> Connecting to git.dthompson.us (git.dthompson.us)|23.92.20.238|:443... connected.
>> ERROR: The certificate of ‘git.dthompson.us’ is not trusted.
>> ERROR: The certificate of ‘git.dthompson.us’ hasn't got a known issuer.
>
> I don't think this issue is specific to our packaging. On up-to-date
> Debian testing, I have the same result from Debian's wget.
>
> I don't know how good the ssllabs.com test is, but it did report some
> errors while testing the domain.
>
> Let's Encrypt certs can work in Debian's and Guix's wget. I could `wget
> --https-only` from my domain with a Let's Encrypt cert with HTTP Strict
> Transport Security enabled.
>
>
I could run on debian testing, last updated 16 hours ago, the following
without issues:
wget https://gedankenausbruch.com/downloadbereich/Hinweis%20beim%20Download.txt
running
gnurl -O https://gedankenausbruch.com/downloadbereich/Hinweis%20beim%20Download.txt
on up-to-date guixsd did work too.
gedankenausbruch.com is signed by let's encrypt too:
https://www.ssllabs.com/ssltest/analyze.html?d=gedankenausbruch.com
This doesn't prove anything, but I guess it's no bug but
misconfiguration at dthompson.us ?
>>
>> Mark
>>
>>
>>
>
>
>
--
ng/ni*
vcard: http://krosos.sdf.org
Reply sent
to
Leo Famulari <leo <at> famulari.name>:
You have taken responsibility.
(Sun, 05 Mar 2017 21:06:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Mark H Weaver <mhw <at> netris.org>:
bug acknowledged by developer.
(Sun, 05 Mar 2017 21:06:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 22408-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Tue, Jan 19, 2016 at 09:27:09AM -0500, Mark H Weaver wrote:
> On recent GuixSD, IceCat accepts the Let's Encrypt certificate from
> https://git.dthompson.us/, but 'wget' rejects it:
>
> mhw <at> jojen:~$ wget https://git.dthompson.us/presentations.git/blob/HEAD:/guix-blu-2016-01-20.pdf
This works for me on GuixSD, so I'm closing the bug.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 03 Apr 2017 11:24:03 GMT)
Full text and
rfc822 format available.
This bug report was last modified 7 years and 19 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.