Debian Bug report logs - #642051
wget --secure-protocol=SSLv3 fails with "GnuTLS: GnuTLS internal error."

version graph

Package: wget; Maintainer for wget is Noël Köthe <noel@debian.org>; Source for wget is src:wget.

Reported by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Date: Mon, 19 Sep 2011 02:15:31 UTC

Severity: normal

Tags: confirmed, upstream

Found in versions wget/1.13.4-1, wget/1.13-1

Done: Noël Köthe <noel@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://savannah.gnu.org/bugs/index.php?34642

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, dkg@fifthhorseman.net, Noël Köthe <noel@debian.org>:
Bug#642051; Package wget. (Mon, 19 Sep 2011 02:15:34 GMT) Full text and rfc822 format available.

Acknowledgement sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
New Bug report received and forwarded. Copy sent to dkg@fifthhorseman.net, Noël Köthe <noel@debian.org>. (Mon, 19 Sep 2011 02:15:34 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: wget --secure-protocol=SSLv3 fails with "GnuTLS: GnuTLS internal error."
Date: Sun, 18 Sep 2011 22:13:08 -0400
Package: wget
Version: 1.13-1
Severity: normal

Setting wget's --secure-protocol option to SSLv3 produces a "GnuTLS
internal error", despite the fact that GnuTLS is capable of handling
SSLv3:

0 dkg@pip:~/tmp$ wget --secure-protocol=SSLv3 https://encrypted.google.com
--2011-09-18 22:06:47--  https://encrypted.google.com/
Resolving encrypted.google.com (encrypted.google.com)... 74.125.226.128, 74.125.226.142, 74.125.226.143, ...
Connecting to encrypted.google.com (encrypted.google.com)|74.125.226.128|:443... connected.
GnuTLS: GnuTLS internal error.
Unable to establish SSL connection.
4 dkg@pip:~/tmp$ wget --secure-protocol=TLSv1 https://encrypted.google.com
--2011-09-18 22:06:53--  https://encrypted.google.com/
Resolving encrypted.google.com (encrypted.google.com)... 74.125.226.128, 74.125.226.142, 74.125.226.143, ...
Connecting to encrypted.google.com (encrypted.google.com)|74.125.226.128|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `index.html'

    [ <=>                                   ] 9,938       --.-K/s   in 0.06s   

2011-09-18 22:06:54 (164 KB/s) - `index.html' saved [9938]

0 dkg@pip:~/tmp$ gnutls-cli --priority 'SECURE:-VERS-TLS-ALL:+VERS-SSL3.0' encrypted.google.com < /dev/null
Resolving 'encrypted.google.com'...
Connecting to '74.125.226.128:443'...
- Certificate type: X.509
 - Got a certificate list of 2 certificates.
 - Certificate[0] info:
  - subject `C=US,ST=California,L=Mountain View,O=Google Inc,CN=*.google.com', issuer `C=US,O=Google Inc,CN=Google Internet Authority', RSA key 1024 bits, signed using RSA-SHA1, activated `2011-09-05 06:05:49 UTC', expires `2012-09-05 06:15:49 UTC', SHA-1 fingerprint `56f6a9a9d2edfd1ab2f9637ed351ac56b359a98d'
 - Certificate[1] info:
  - subject `C=US,O=Google Inc,CN=Google Internet Authority', issuer `C=US,O=Equifax,OU=Equifax Secure Certificate Authority', RSA key 1024 bits, signed using RSA-SHA1, activated `2009-06-08 20:43:27 UTC', expires `2013-06-07 19:43:27 UTC', SHA-1 fingerprint `dd7a7f131ddba33d3e8670179483e6fea6987d6a'
- The hostname in the certificate matches 'encrypted.google.com'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: SSL3.0
- Key Exchange: RSA
- Cipher: ARCFOUR-128
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

0 dkg@pip:~/tmp$ 


Maybe something is wrong with how wget is initializing gnutls?

Thanks for maintaining wget in debian!

      --dkg


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-1-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages wget depends on:
ii  dpkg           1.16.0.3        
ii  install-info   4.13a.dfsg.1-8  
ii  libc6          2.13-18         
ii  libgcrypt11    1.5.0-3         
ii  libgnutls26    2.12.7-8        
ii  libgpg-error0  1.10-0.3        
ii  libidn11       1.22-3          
ii  zlib1g         1:1.2.3.4.dfsg-3

wget recommends no packages.

wget suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Noël Köthe <noel@debian.org>:
Bug#642051; Package wget. (Tue, 25 Oct 2011 10:00:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to NoèlKöthe <INVALID.NOREPLY@gnu.org>:
Extra info received and forwarded to list. Copy sent to Noël Köthe <noel@debian.org>. (Tue, 25 Oct 2011 10:00:05 GMT) Full text and rfc822 format available.

Message #10 received at 642051@bugs.debian.org (full text, mbox):

From: NoèlKöthe <INVALID.NOREPLY@gnu.org>
To: NoèlKöthe <noel@debian.org>, 642051@bugs.debian.org, gscrivano@gnu.org
Subject: [bug #34642] wget --secure-protocol=SSLv3 fails with "GnuTLS: GnuTLS internal error."
Date: Tue, 25 Oct 2011 10:05:51 +0000
URL:
  <http://savannah.gnu.org/bugs/?34642>

                 Summary: wget --secure-protocol=SSLv3 fails with "GnuTLS:
GnuTLS internal error."
                 Project: GNU Wget
            Submitted by: nok
            Submitted on: Di 25 Okt 2011 12:05:50 CEST
                Category: Crash/Freeze/Infloop
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 1.13.4
        Operating System: GNU/Linux
         Reproducibility: Every Time
           Fixed Release: None
         Planned Release: None
              Regression: None
           Work Required: None
          Patch Included: No

    _______________________________________________________

Details:

Hello,

with wget 1.13 and 1.13.4 (versions before used openssl) the following error
occurs:

$ LC_ALL=C wget --debug --secure-protocol=SSLv3 https://encrypted.google.com
Setting --secure-protocol (secureprotocol) to SSLv3
DEBUG output created by Wget 1.13.4 on linux-gnu.

URI encoding = `ANSI_X3.4-1968'
--2011-10-25 11:51:11--  https://encrypted.google.com/
Resolving encrypted.google.com (encrypted.google.com)... 74.125.39.100,
74.125.39.101, 74.125.39.102, ...
Caching encrypted.google.com => 74.125.39.100 74.125.39.101 74.125.39.102
74.125.39.113 74.125.39.138 74.125.39.139
Connecting to encrypted.google.com
(encrypted.google.com)|74.125.39.100|:443... connected.
Created socket 4.
Releasing 0x00000000017eca80 (new refcount 1).
GnuTLS: GnuTLS internal error.
Closed fd 4
Unable to establish SSL connection.


This is wget on Debian GNU/Linux with gnutls 2.12.12

$ LC_ALL=C wget -V
GNU Wget 1.13.4 built on linux-gnu.

+digest +https +ipv6 +iri +large-file +nls -ntlm +opie +ssl/gnutls 

Wgetrc: 
    /etc/wgetrc (system)
Locale: /usr/share/locale 
Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc" 
    -DLOCALEDIR="/usr/share/locale" -I. -I../lib -I../lib -Iyes/include 
    -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -O2 -g -Wall 
Link: gcc -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -O2 -g -Wall -Lyes/lib -lgnutls 
    -lgcrypt -lgpg-error -lz -lidn -lrt ftp-opie.o gnutls.o 
    ../lib/libgnu.a 

Copyright (C) 2009 Free Software Foundation, Inc.
...

This is a forwarded bug report from http://bugs.debian.org/642051

Thanks for your work.

Regards

Noël




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?34642>

_______________________________________________
  Nachricht geschickt von/durch Savannah
  http://savannah.gnu.org/





Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#642051; Package wget. (Tue, 25 Oct 2011 10:03:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Noël Köthe <noel@debian.org>:
Extra info received and forwarded to list. (Tue, 25 Oct 2011 10:03:35 GMT) Full text and rfc822 format available.

Message #15 received at 642051@bugs.debian.org (full text, mbox):

From: Noël Köthe <noel@debian.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, 642051@bugs.debian.org
Cc: control <control@bugs.debian.org>
Subject: Re: Bug#642051: wget --secure-protocol=SSLv3 fails with "GnuTLS: GnuTLS internal error."
Date: Tue, 25 Oct 2011 12:01:18 +0200
[Message part 1 (text/plain, inline)]
found 642051 1.13.4-1
tags 642051 + confirmed upstream
forwarded 642051 https://savannah.gnu.org/bugs/index.php?34642
thanks

Hello Daniel,

Thanks for your detailed report. It is always reproducible and I
forwarded it to upstream.

Am Sonntag, den 18.09.2011, 22:13 -0400 schrieb Daniel Kahn Gillmor:

> Setting wget's --secure-protocol option to SSLv3 produces a "GnuTLS
> internal error", despite the fact that GnuTLS is capable of handling
> SSLv3:
> 
> 0 dkg@pip:~/tmp$ wget --secure-protocol=SSLv3 https://encrypted.google.com
> --2011-09-18 22:06:47--  https://encrypted.google.com/
> Resolving encrypted.google.com (encrypted.google.com)... 74.125.226.128, 74.125.226.142, 74.125.226.143, ...
> Connecting to encrypted.google.com (encrypted.google.com)|74.125.226.128|:443... connected.
> GnuTLS: GnuTLS internal error.
> Unable to establish SSL connection.
> 4 dkg@pip:~/tmp$ wget --secure-protocol=TLSv1 https://encrypted.google.com
> --2011-09-18 22:06:53--  https://encrypted.google.com/
> Resolving encrypted.google.com (encrypted.google.com)... 74.125.226.128, 74.125.226.142, 74.125.226.143, ...
> Connecting to encrypted.google.com (encrypted.google.com)|74.125.226.128|:443... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: unspecified [text/html]
> Saving to: `index.html'
> 
>     [ <=>                                   ] 9,938       --.-K/s   in 0.06s   
> 
> 2011-09-18 22:06:54 (164 KB/s) - `index.html' saved [9938]
> 
> 0 dkg@pip:~/tmp$ gnutls-cli --priority 'SECURE:-VERS-TLS-ALL:+VERS-SSL3.0' encrypted.google.com < /dev/null
> Resolving 'encrypted.google.com'...
> Connecting to '74.125.226.128:443'...
> - Certificate type: X.509
>  - Got a certificate list of 2 certificates.
>  - Certificate[0] info:
>   - subject `C=US,ST=California,L=Mountain View,O=Google Inc,CN=*.google.com', issuer `C=US,O=Google Inc,CN=Google Internet Authority', RSA key 1024 bits, signed using RSA-SHA1, activated `2011-09-05 06:05:49 UTC', expires `2012-09-05 06:15:49 UTC', SHA-1 fingerprint `56f6a9a9d2edfd1ab2f9637ed351ac56b359a98d'
>  - Certificate[1] info:
>   - subject `C=US,O=Google Inc,CN=Google Internet Authority', issuer `C=US,O=Equifax,OU=Equifax Secure Certificate Authority', RSA key 1024 bits, signed using RSA-SHA1, activated `2009-06-08 20:43:27 UTC', expires `2013-06-07 19:43:27 UTC', SHA-1 fingerprint `dd7a7f131ddba33d3e8670179483e6fea6987d6a'
> - The hostname in the certificate matches 'encrypted.google.com'.
> - Peer's certificate issuer is unknown
> - Peer's certificate is NOT trusted
> - Version: SSL3.0
> - Key Exchange: RSA
> - Cipher: ARCFOUR-128
> - MAC: SHA1
> - Compression: NULL
> - Handshake was completed
> 
> - Simple Client Mode:
> 
> 0 dkg@pip:~/tmp$ 
> 
> 
> Maybe something is wrong with how wget is initializing gnutls?

-- 
Noël Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
[signature.asc (application/pgp-signature, inline)]

Bug Marked as found in versions wget/1.13.4-1. Request was from Noël Köthe <noel@debian.org> to control@bugs.debian.org. (Tue, 25 Oct 2011 10:03:50 GMT) Full text and rfc822 format available.

Added tag(s) upstream and confirmed. Request was from Noël Köthe <noel@debian.org> to control@bugs.debian.org. (Tue, 25 Oct 2011 10:03:52 GMT) Full text and rfc822 format available.

Set Bug forwarded-to-address to 'https://savannah.gnu.org/bugs/index.php?34642'. Request was from Noël Köthe <noel@debian.org> to control@bugs.debian.org. (Tue, 25 Oct 2011 10:03:53 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Noël Köthe <noel@debian.org>:
Bug#642051; Package wget. (Fri, 08 Nov 2013 13:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to NoëlKöthe <INVALID.NOREPLY@gnu.org>:
Extra info received and forwarded to list. Copy sent to Noël Köthe <noel@debian.org>. (Fri, 08 Nov 2013 13:18:04 GMT) Full text and rfc822 format available.

Message #26 received at 642051@bugs.debian.org (full text, mbox):

From: NoëlKöthe <INVALID.NOREPLY@gnu.org>
To: NoëlKöthe <noel@debian.org>, 642051@bugs.debian.org, gscrivano@gnu.org
Subject: [bug #34642] wget --secure-protocol=SSLv3 fails with "GnuTLS: GnuTLS internal error."
Date: Fri, 08 Nov 2013 13:15:51 +0000
Follow-up Comment #1, bug #34642 (project wget):

I tested the problem with wget 1.14 with libgnutls28 and it is fixed.

You can close this bug report

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?34642>

_______________________________________________
  Nachricht gesendet von/durch Savannah
  http://savannah.gnu.org/




Information forwarded to debian-bugs-dist@lists.debian.org, Noël Köthe <noel@debian.org>:
Bug#642051; Package wget. (Fri, 08 Nov 2013 13:27:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to NoëlKöthe <INVALID.NOREPLY@gnu.org>:
Extra info received and forwarded to list. Copy sent to Noël Köthe <noel@debian.org>. (Fri, 08 Nov 2013 13:27:08 GMT) Full text and rfc822 format available.

Message #31 received at 642051@bugs.debian.org (full text, mbox):

From: NoëlKöthe <INVALID.NOREPLY@gnu.org>
To: NoëlKöthe <noel@debian.org>, 642051@bugs.debian.org, gscrivano@gnu.org
Subject: [bug #34642] wget --secure-protocol=SSLv3 fails with "GnuTLS: GnuTLS internal error."
Date: Fri, 08 Nov 2013 13:24:58 +0000
Follow-up Comment #2, bug #34642 (project wget):

sorry. It is fixed with the 1.15 alpha.

Here are the both tests (SSLv3+TLSv1):

1.14-4 Debian testing/unstable:
$ LC_ALL=C wget --debug --secure-protocol=SSLv3
https://encrypted.google.comSetting --secure-protocol (secureprotocol) to
SSLv3
DEBUG output created by Wget 1.14 on linux-gnu.

URI encoding = 'ANSI_X3.4-1968'
--2013-11-08 14:19:37--  https://encrypted.google.com/
Resolving encrypted.google.com (encrypted.google.com)... 173.194.112.165,
173.194.112.166, 173.194.112.167, ...
Caching encrypted.google.com => 173.194.112.165 173.194.112.166
173.194.112.167 173.194.112.168 173.194.112.169 173.194.112.174
173.194.112.160 173.194.112.161 173.194.112.162 173.194.112.163
173.194.112.164 2a00:1450:4001:805::1005
Connecting to encrypted.google.com
(encrypted.google.com)|173.194.112.165|:443... connected.
Created socket 5.
Releasing 0x0000000001603fc0 (new refcount 1).
GnuTLS: No or insufficient priorities were set.
Closed fd 5
Unable to establish SSL connection.

$ LC_ALL=C wget --debug --secure-protocol=TLSv1
https://encrypted.google.comSetting --secure-protocol (secureprotocol) to
TLSv1
DEBUG output created by Wget 1.14 on linux-gnu.

URI encoding = 'ANSI_X3.4-1968'
--2013-11-08 14:21:08--  https://encrypted.google.com/
Resolving encrypted.google.com (encrypted.google.com)... 173.194.112.163,
173.194.112.164, 173.194.112.165, ...
Caching encrypted.google.com => 173.194.112.163 173.194.112.164
173.194.112.165 173.194.112.166 173.194.112.167 173.194.112.168
173.194.112.169 173.194.112.174 173.194.112.160 173.194.112.161
173.194.112.162 2a00:1450:4001:805::1005
Connecting to encrypted.google.com
(encrypted.google.com)|173.194.112.163|:443... connected.
Created socket 5.
Releasing 0x0000000003215fa0 (new refcount 1).

---request begin---
GET / HTTP/1.1
User-Agent: Wget/1.14 (linux-gnu)
Accept: */*
Host: encrypted.google.com
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.1 200 OK
Date: Fri, 08 Nov 2013 13:21:08 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie:
PREF=ID=b24e56ecb2ecdefd:FF=0:TM=1383916868:LM=1383916868:S=JwSHoFlTL8eDDBxC;
expires=Sun, 08-Nov-2015 13:21:08 GMT; path=/; domain=.google.com
Set-Cookie:
NID=67=nrWl0Px9C82sKTzkb40qagwXauVS8EMjNO2olgb7mC0d1H8-KjoYx8Q869oMuIDJAXotNdOmtI9yWk2vgnFVV1P35KmPMHlkrpJyxvl88Es2_OlPS88O0C3TioZALRtz;
expires=Sat, 10-May-2014 13:21:08 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for
more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 443:quic
Transfer-Encoding: chunked

---response end---
200 OK
cdm: 1 2 3 4 5 6 7 8
Stored cookie google.com -1 (ANY) / <permanent> <insecure> [expiry 2015-11-08
14:21:08] PREF
ID=b24e56ecb2ecdefd:FF=0:TM=1383916868:LM=1383916868:S=JwSHoFlTL8eDDBxC
cdm: 1 2 3 4 5 6 7 8
Stored cookie google.com -1 (ANY) / <permanent> <insecure> [expiry 2014-05-10
15:21:08] NID
67=nrWl0Px9C82sKTzkb40qagwXauVS8EMjNO2olgb7mC0d1H8-KjoYx8Q869oMuIDJAXotNdOmtI9yWk2vgnFVV1P35KmPMHlkrpJyxvl88Es2_OlPS88O0C3TioZALRtz
Registered socket 5 for persistent reuse.
URI content encoding = 'ISO-8859-1'
Length: unspecified [text/html]
Saving to: 'index.html'

    [ <=>                                          ] 18,267      --.-K/s   in
0.01s   

2013-11-08 14:21:08 (1.16 MB/s) - 'index.html' saved [18267]


and with 1.15 alpha (in Debian experimental):

$ LC_ALL=C wget --debug --secure-protocol=SSLv3
https://encrypted.google.comSetting --secure-protocol (secureprotocol) to
SSLv3
DEBUG output created by Wget 1.14.96-38327 on linux-gnu.

URI encoding = 'ANSI_X3.4-1968'
--2013-11-08 14:22:07--  https://encrypted.google.com/
Certificates loaded: 166
Resolving encrypted.google.com (encrypted.google.com)... 173.194.112.160,
173.194.112.161, 173.194.112.162, ...
Caching encrypted.google.com => 173.194.112.160 173.194.112.161
173.194.112.162 173.194.112.163 173.194.112.164 173.194.112.165
173.194.112.166 173.194.112.167 173.194.112.168 173.194.112.169
173.194.112.174 2a00:1450:4001:805::1005
Connecting to encrypted.google.com
(encrypted.google.com)|173.194.112.160|:443... connected.
Created socket 5.
Releasing 0x00000000011d03f0 (new refcount 1).

---request begin---
GET / HTTP/1.1
User-Agent: Wget/1.14.96-38327 (linux-gnu)
Accept: */*
Host: encrypted.google.com
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.1 200 OK
Date: Fri, 08 Nov 2013 13:22:07 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie:
PREF=ID=8488821683f21123:FF=0:TM=1383916927:LM=1383916927:S=EoRepPFYw2ruFAmH;
expires=Sun, 08-Nov-2015 13:22:07 GMT; path=/; domain=.google.com
Set-Cookie:
NID=67=ttrOrKXHIQJ0XHCzQYgzyC9wpYV0C2HWJGcb8Lyie_6UBWNYX1jFRV0fIKqG0Y_KnfxB3yPmrTZ7CLAiL0qQhL6gEJ17LmtZNqCvfuD5QN8EhVIvkzYrs9rq8HnRFerh;
expires=Sat, 10-May-2014 13:22:07 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for
more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 443:quic
Transfer-Encoding: chunked

---response end---
200 OK
cdm: 1 2 3 4 5 6 7 8
Stored cookie google.com -1 (ANY) / <permanent> <insecure> [expiry 2015-11-08
14:22:07] PREF
ID=8488821683f21123:FF=0:TM=1383916927:LM=1383916927:S=EoRepPFYw2ruFAmH
cdm: 1 2 3 4 5 6 7 8
Stored cookie google.com -1 (ANY) / <permanent> <insecure> [expiry 2014-05-10
15:22:07] NID
67=ttrOrKXHIQJ0XHCzQYgzyC9wpYV0C2HWJGcb8Lyie_6UBWNYX1jFRV0fIKqG0Y_KnfxB3yPmrTZ7CLAiL0qQhL6gEJ17LmtZNqCvfuD5QN8EhVIvkzYrs9rq8HnRFerh
Registered socket 5 for persistent reuse.
URI content encoding = 'ISO-8859-1'
Length: unspecified [text/html]
Saving to: 'index.html'

    [ <=>                                          ] 18,219      --.-K/s   in
0.01s   

2013-11-08 14:22:07 (1.18 MB/s) - 'index.html' saved [18219]

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?34642>

_______________________________________________
  Nachricht gesendet von/durch Savannah
  http://savannah.gnu.org/




Reply sent to Noël Köthe <noel@debian.org>:
You have taken responsibility. (Fri, 08 Nov 2013 13:39:05 GMT) Full text and rfc822 format available.

Notification sent to Daniel Kahn Gillmor <dkg@fifthhorseman.net>:
Bug acknowledged by developer. (Fri, 08 Nov 2013 13:39:05 GMT) Full text and rfc822 format available.

Message #36 received at 642051-done@bugs.debian.org (full text, mbox):

From: Noël Köthe <noel@debian.org>
To: 642051-done@bugs.debian.org
Subject: #642051 wget --secure-protocol=SSLv3 fails with "GnuTLS: GnuTLS internal error."
Date: Fri, 08 Nov 2013 14:26:04 +0100
[Message part 1 (text/plain, inline)]
fixed 642051 1.14.96.38327-1
thanks

Hello,

I tested the problem with wget in testing/unstable and experimental:

1.14-4 testing/unstable:
$ LC_ALL=C wget --debug --secure-protocol=SSLv3 https://encrypted.google.com
Setting --secure-protocol (secureprotocol) to SSLv3
DEBUG output created by Wget 1.14 on linux-gnu.

URI encoding = 'ANSI_X3.4-1968'
--2013-11-08 14:19:37--  https://encrypted.google.com/
Resolving encrypted.google.com (encrypted.google.com)... 173.194.112.165, 173.194.112.166, 173.194.112.167, ...
Caching encrypted.google.com => 173.194.112.165 173.194.112.166 173.194.112.167 173.194.112.168 173.194.112.169 173.194.112.174 173.194.112.160 173.194.112.161 173.194.112.162 173.194.112.163 173.194.112.164 2a00:1450:4001:805::1005
Connecting to encrypted.google.com (encrypted.google.com)|173.194.112.165|:443... connected.
Created socket 5.
Releasing 0x0000000001603fc0 (new refcount 1).
GnuTLS: No or insufficient priorities were set.
Closed fd 5
Unable to establish SSL connection.

$ LC_ALL=C wget --debug --secure-protocol=TLSv1 https://encrypted.google.com
Setting --secure-protocol (secureprotocol) to TLSv1
DEBUG output created by Wget 1.14 on linux-gnu.

URI encoding = 'ANSI_X3.4-1968'
--2013-11-08 14:21:08--  https://encrypted.google.com/
Resolving encrypted.google.com (encrypted.google.com)... 173.194.112.163, 173.194.112.164, 173.194.112.165, ...
Caching encrypted.google.com => 173.194.112.163 173.194.112.164 173.194.112.165 173.194.112.166 173.194.112.167 173.194.112.168 173.194.112.169 173.194.112.174 173.194.112.160 173.194.112.161 173.194.112.162 2a00:1450:4001:805::1005
Connecting to encrypted.google.com (encrypted.google.com)|173.194.112.163|:443... connected.
Created socket 5.
Releasing 0x0000000003215fa0 (new refcount 1).

---request begin---
GET / HTTP/1.1
User-Agent: Wget/1.14 (linux-gnu)
Accept: */*
Host: encrypted.google.com
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.1 200 OK
Date: Fri, 08 Nov 2013 13:21:08 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=b24e56ecb2ecdefd:FF=0:TM=1383916868:LM=1383916868:S=JwSHoFlTL8eDDBxC; expires=Sun, 08-Nov-2015 13:21:08 GMT; path=/; domain=.google.com
Set-Cookie: NID=67=nrWl0Px9C82sKTzkb40qagwXauVS8EMjNO2olgb7mC0d1H8-KjoYx8Q869oMuIDJAXotNdOmtI9yWk2vgnFVV1P35KmPMHlkrpJyxvl88Es2_OlPS88O0C3TioZALRtz; expires=Sat, 10-May-2014 13:21:08 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 443:quic
Transfer-Encoding: chunked

---response end---
200 OK
cdm: 1 2 3 4 5 6 7 8
Stored cookie google.com -1 (ANY) / <permanent> <insecure> [expiry 2015-11-08 14:21:08] PREF ID=b24e56ecb2ecdefd:FF=0:TM=1383916868:LM=1383916868:S=JwSHoFlTL8eDDBxC
cdm: 1 2 3 4 5 6 7 8
Stored cookie google.com -1 (ANY) / <permanent> <insecure> [expiry 2014-05-10 15:21:08] NID 67=nrWl0Px9C82sKTzkb40qagwXauVS8EMjNO2olgb7mC0d1H8-KjoYx8Q869oMuIDJAXotNdOmtI9yWk2vgnFVV1P35KmPMHlkrpJyxvl88Es2_OlPS88O0C3TioZALRtz
Registered socket 5 for persistent reuse.
URI content encoding = 'ISO-8859-1'
Length: unspecified [text/html]
Saving to: 'index.html'

    [ <=>                                          ] 18,267      --.-K/s   in 0.01s   

2013-11-08 14:21:08 (1.16 MB/s) - 'index.html' saved [18267]


and with 1.15 alpha (in experimental):

$ LC_ALL=C wget --debug --secure-protocol=SSLv3 https://encrypted.google.com
Setting --secure-protocol (secureprotocol) to SSLv3
DEBUG output created by Wget 1.14.96-38327 on linux-gnu.

URI encoding = 'ANSI_X3.4-1968'
--2013-11-08 14:22:07--  https://encrypted.google.com/
Certificates loaded: 166
Resolving encrypted.google.com (encrypted.google.com)... 173.194.112.160, 173.194.112.161, 173.194.112.162, ...
Caching encrypted.google.com => 173.194.112.160 173.194.112.161 173.194.112.162 173.194.112.163 173.194.112.164 173.194.112.165 173.194.112.166 173.194.112.167 173.194.112.168 173.194.112.169 173.194.112.174 2a00:1450:4001:805::1005
Connecting to encrypted.google.com (encrypted.google.com)|173.194.112.160|:443... connected.
Created socket 5.
Releasing 0x00000000011d03f0 (new refcount 1).

---request begin---
GET / HTTP/1.1
User-Agent: Wget/1.14.96-38327 (linux-gnu)
Accept: */*
Host: encrypted.google.com
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response... 
---response begin---
HTTP/1.1 200 OK
Date: Fri, 08 Nov 2013 13:22:07 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: PREF=ID=8488821683f21123:FF=0:TM=1383916927:LM=1383916927:S=EoRepPFYw2ruFAmH; expires=Sun, 08-Nov-2015 13:22:07 GMT; path=/; domain=.google.com
Set-Cookie: NID=67=ttrOrKXHIQJ0XHCzQYgzyC9wpYV0C2HWJGcb8Lyie_6UBWNYX1jFRV0fIKqG0Y_KnfxB3yPmrTZ7CLAiL0qQhL6gEJ17LmtZNqCvfuD5QN8EhVIvkzYrs9rq8HnRFerh; expires=Sat, 10-May-2014 13:22:07 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Alternate-Protocol: 443:quic
Transfer-Encoding: chunked

---response end---
200 OK
cdm: 1 2 3 4 5 6 7 8
Stored cookie google.com -1 (ANY) / <permanent> <insecure> [expiry 2015-11-08 14:22:07] PREF ID=8488821683f21123:FF=0:TM=1383916927:LM=1383916927:S=EoRepPFYw2ruFAmH
cdm: 1 2 3 4 5 6 7 8
Stored cookie google.com -1 (ANY) / <permanent> <insecure> [expiry 2014-05-10 15:22:07] NID 67=ttrOrKXHIQJ0XHCzQYgzyC9wpYV0C2HWJGcb8Lyie_6UBWNYX1jFRV0fIKqG0Y_KnfxB3yPmrTZ7CLAiL0qQhL6gEJ17LmtZNqCvfuD5QN8EhVIvkzYrs9rq8HnRFerh
Registered socket 5 for persistent reuse.
URI content encoding = 'ISO-8859-1'
Length: unspecified [text/html]
Saving to: 'index.html'

    [ <=>                                          ] 18,219      --.-K/s   in 0.01s   

2013-11-08 14:22:07 (1.18 MB/s) - 'index.html' saved [18219]


-- 
Noël Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 07 Dec 2013 07:34:37 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 08:18:42 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.