Debian Bug report logs - #646413
wget should have a way to fall back to the system installed certificates when using --ca-directory

version graph

Package: wget; Maintainer for wget is Noël Köthe <noel@debian.org>; Source for wget is src:wget.

Reported by: Vincent Lefevre <vincent@vinc17.net>

Date: Mon, 24 Oct 2011 00:42:01 UTC

Severity: wishlist

Tags: upstream

Found in versions wget/1.13.4-1, wget/1.14-1

Forwarded to https://savannah.gnu.org/bugs/index.php?38004

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Noël Köthe <noel@debian.org>:
Bug#646413; Package wget. (Mon, 24 Oct 2011 00:42:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Vincent Lefevre <vincent@vinc17.net>:
New Bug report received and forwarded. Copy sent to Noël Köthe <noel@debian.org>. (Mon, 24 Oct 2011 00:42:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Vincent Lefevre <vincent@vinc17.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: wget should have a way to fall back to the system installed certificates when using --ca-directory
Date: Mon, 24 Oct 2011 02:39:40 +0200
Package: wget
Version: 1.13.4-1
Severity: normal

The system installed certificates directory is not complete, so that
one may need to have additional certificates in one's own directory
and use the --ca-directory (either as a command-line option or via
the .wgetrc file). But if such an option is used, the system installed
certificates are no longer used, as documented in the wget man page,
meaning that wget will start to fail on various sites. For instance:

xvii:~> wget --ca-directory=$HOME/wd/config/cacert https://twitter.com/
--2011-10-24 02:29:31--  https://twitter.com/
Resolving twitter.com (twitter.com)... 199.59.148.10, 199.59.149.198, 199.59.149.230
Connecting to twitter.com (twitter.com)|199.59.148.10|:443... connected.
ERROR: The certificate of `twitter.com' is not trusted.
ERROR: The certificate of `twitter.com' hasn't got a known issuer.
zsh: exit 5     wget --ca-directory=$HOME/wd/config/cacert https://twitter.com/

xvii:~> wget https://twitter.com/
--2011-10-24 02:34:20--  https://twitter.com/
Resolving twitter.com (twitter.com)... 199.59.148.10, 199.59.149.198, 199.59.149.230
Connecting to twitter.com (twitter.com)|199.59.148.10|:443... connected.
HTTP request sent, awaiting response... 200 OK
[...]

There should be a way to fallback to the system installed certificates
directory. For instance, --ca-directory could contain a list of
directories (like $PATH-like environment variables), and if the
path ends with a ":", the default directories are appended.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages wget depends on:
ii  dpkg           1.16.1.1        
ii  install-info   4.13a.dfsg.1-8  
ii  libc6          2.13-21         
ii  libgcrypt11    1.5.0-3         
ii  libgnutls26    2.12.12-1       
ii  libgpg-error0  1.10-1          
ii  libidn11       1.22-3          
ii  zlib1g         1:1.2.3.4.dfsg-3

wget recommends no packages.

wget suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Noël Köthe <noel@debian.org>:
Bug#646413; Package wget. (Mon, 31 Dec 2012 09:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to NoëlKöthe <INVALID.NOREPLY@gnu.org>:
Extra info received and forwarded to list. Copy sent to Noël Köthe <noel@debian.org>. (Mon, 31 Dec 2012 09:48:03 GMT) Full text and rfc822 format available.

Message #10 received at 646413@bugs.debian.org (full text, mbox):

From: NoëlKöthe <INVALID.NOREPLY@gnu.org>
To: NoëlKöthe <noel@debian.org>, 646413@bugs.debian.org, gscrivano@gnu.org
Subject: [bug #38004] wget should have a way to fall back to the system installed certificates when using --ca-directory
Date: Mon, 31 Dec 2012 09:45:48 +0000
URL:
  <http://savannah.gnu.org/bugs/?38004>

                 Summary: wget should have a way to fall back to the system
installed certificates when using --ca-directory
                 Project: GNU Wget
            Submitted by: nok
            Submitted on: Mo 31 Dez 2012 10:45:46 CET
                Category: Feature Request
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 1.13.4
        Operating System: GNU/Linux
         Reproducibility: Every Time
           Fixed Release: None
         Planned Release: None
              Regression: None
           Work Required: None
          Patch Included: No

    _______________________________________________________

Details:

Hello,

a forwarded bug http://bugs.debian.org/646413

--8<--
The system installed certificates directory is not complete, so that
one may need to have additional certificates in one's own directory
and use the --ca-directory (either as a command-line option or via
the .wgetrc file). But if such an option is used, the system installed
certificates are no longer used, as documented in the wget man page,
meaning that wget will start to fail on various sites. For instance:

xvii:~> wget --ca-directory=$HOME/wd/config/cacert https://twitter.com/
--2011-10-24 02:29:31--  https://twitter.com/
Resolving twitter.com (twitter.com)... 199.59.148.10, 199.59.149.198,
199.59.149.230
Connecting to twitter.com (twitter.com)|199.59.148.10|:443... connected.
ERROR: The certificate of `twitter.com' is not trusted.
ERROR: The certificate of `twitter.com' hasn't got a known issuer.
zsh: exit 5     wget --ca-directory=$HOME/wd/config/cacert
https://twitter.com/

xvii:~> wget https://twitter.com/
--2011-10-24 02:34:20--  https://twitter.com/
Resolving twitter.com (twitter.com)... 199.59.148.10, 199.59.149.198,
199.59.149.230
Connecting to twitter.com (twitter.com)|199.59.148.10|:443... connected.
HTTP request sent, awaiting response... 200 OK
[...]

There should be a way to fallback to the system installed certificates
directory. For instance, --ca-directory could contain a list of
directories (like $PATH-like environment variables), and if the
path ends with a ":", the default directories are appended.
--8<--




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?38004>

_______________________________________________
  Nachricht gesendet von/durch Savannah
  http://savannah.gnu.org/




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#646413; Package wget. (Mon, 31 Dec 2012 09:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Noël Köthe <noel@debian.org>:
Extra info received and forwarded to list. (Mon, 31 Dec 2012 09:51:03 GMT) Full text and rfc822 format available.

Message #15 received at 646413@bugs.debian.org (full text, mbox):

From: Noël Köthe <noel@debian.org>
To: Vincent Lefevre <vincent@vinc17.net>, 646413@bugs.debian.org
Cc: control <control@bugs.debian.org>
Subject: Re: Bug#646413: wget should have a way to fall back to the system installed certificates when using --ca-directory
Date: Mon, 31 Dec 2012 10:48:54 +0100
[Message part 1 (text/plain, inline)]
tags 646413 + upstream
forwarded 646413 https://savannah.gnu.org/bugs/index.php?38004
severity 646413 wishlist
found 646413 1.14-1
thanks

Hello,

Am Montag, den 24.10.2011, 02:39 +0200 schrieb Vincent Lefevre:

> The system installed certificates directory is not complete, so that
> one may need to have additional certificates in one's own directory
> and use the --ca-directory (either as a command-line option or via
> the .wgetrc file). But if such an option is used, the system installed
> certificates are no longer used, as documented in the wget man page,
> meaning that wget will start to fail on various sites. For instance:
...
Thank you for your report.
I forwarded your request to the upstream bug tracking system.

Regards.

-- 
Noël Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
[signature.asc (application/pgp-signature, inline)]

Added tag(s) upstream. Request was from Noël Köthe <noel@debian.org> to control@bugs.debian.org. (Mon, 31 Dec 2012 09:51:05 GMT) Full text and rfc822 format available.

Set Bug forwarded-to-address to 'https://savannah.gnu.org/bugs/index.php?38004'. Request was from Noël Köthe <noel@debian.org> to control@bugs.debian.org. (Mon, 31 Dec 2012 09:51:06 GMT) Full text and rfc822 format available.

Severity set to 'wishlist' from 'normal' Request was from Noël Köthe <noel@debian.org> to control@bugs.debian.org. (Mon, 31 Dec 2012 09:51:06 GMT) Full text and rfc822 format available.

Marked as found in versions wget/1.14-1. Request was from Noël Köthe <noel@debian.org> to control@bugs.debian.org. (Mon, 31 Dec 2012 09:51:06 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 07:40:18 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.