[bug #58097] Wget doesn't download intermediate certificates when not su

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #58097] Wget doesn't download intermediate certificates when not su

From:	anonymous
Subject:	[bug #58097] Wget doesn't download intermediate certificates when not supplied in the response
Date:	Wed, 1 Apr 2020 19:48:36 -0400 (EDT)
User-agent:	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36

URL:
  <https://savannah.gnu.org/bugs/?58097>

                 Summary: Wget doesn't download intermediate certificates when
not supplied in the response
                 Project: GNU Wget
            Submitted by: None
            Submitted on: Wed 01 Apr 2020 11:48:34 PM UTC
                Category: Feature Request
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: Michael Clark
        Originator Email: address@hidden
             Open/Closed: Open
                 Release: 1.20
         Discussion Lock: Any
        Operating System: GNU/Linux
         Reproducibility: Every Time
           Fixed Release: None
         Planned Release: None
              Regression: No
           Work Required: None
          Patch Included: No

    _______________________________________________________

Details:

When using `wget` to connect to an Apache server which I believe lacks the
`SSLCertificateChainFire` directive (www.xocolatl.com; I've contacted the
server administrator to request a fix, so might not work indefinitely) using a
Let's Encrypt certificate, `wget` reports (from running `wget
https://www.xocolatl.com/`):

> ERROR: The certificate of ‘www.xocolatl.com’ is not trusted.            
                                                                              
                   
> ERROR: The certificate of ‘www.xocolatl.com’ doesn't have a known
issuer.

The site works fine in Chrome on Linux, and other sites using Let's Encrypt
certificates work fine on my machine using `wget`.
https://www.ssllabs.com/ssltest/analyze.html?d=www.xocolatl.com&s=116.202.171.177
shows that the intermediate certificate requires an extra download, and
https://discussions.qualys.com/thread/12098 reports essentially the same
issue.

What I expected: `wget` would connect to the server and get the page as usual,
as works in my browser.

Can we make `wget` do the same as browsers, and fetch intermediate
certificates? How difficult would that be?



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Wed 01 Apr 2020 11:48:34 PM UTC  Name: wget-d-xocolatl.com.txt  Size:
776B   By: None
Debug output
<http://savannah.gnu.org/bugs/download.php?file_id=48730>

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?58097>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #58097] Wget doesn't download intermediate certificates when not supplied in the response, anonymous <=
- [bug #58097] Wget doesn't download intermediate certificates when not supplied in the response, Tim Ruehsen, 2020/04/03

Prev by Date: wget with https proxy still uses http
Next by Date: Wget2 and FAIL: wget_options_fuzzer
Previous by thread: wget with https proxy still uses http
Next by thread: [bug #58097] Wget doesn't download intermediate certificates when not supplied in the response
Index(es):
- Date
- Thread