On 29/03/12 04:45, drayon wrote: > Having the most head wrenching time with wget: > > Version/compile details running on Mac OS X 10.6.8 > ================================================== > GNU Wget 1.13.4 built on darwin11.3.0. > (...) > > I then issued the following command: (--certificate=file) > ==================================== > wget --certificate=forums.mvgroup.org.pem > https://forums.mvgroup.org/index.php?showtopic=2827 > --2012-03-29 10:56:08-- https://forums.mvgroup.org/index.php?showtopic=2827 > OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line > OpenSSL: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib > Disabling SSL due to encountered errors. > ======================================= > I assume "--certificate=forums.mvgroup.org.pem" looks for this "file" in the > current terminal directory? or do we include the full path? ie > wget --certificate=/System/Library/OpenSSL/certs/forums.mvgroup.org.pem > ======================================= It looks for it in the current folder. You can also call it from a different folder specifying the full path. But note that it is reading it here, the error is "PEM routines:PEM_read_bio:no start line", otherwise it would be "system library:fopen:No such file or directory"
> Ok so in Terminal I change directory to '/System/Library/OpenSSL/certs' > then issue: > sudo wget --ca-certificate=forums.mvgroup.org.pem > https://forums.mvgroup.org/index.php?showtopic=2827 > > Success (note sudo since this is a system directory). You shouldn't need sudo here, just for running it on this folder (it wouldn't be able to save it there, but you could use for instance -O /tmp/forum ). It's strange it worked for you, as I wasn't able to get it work using just --ca-certificate > wget manual says "Without this option Wget looks for CA certificates at the > system-specified locations, chosen at OpenSSL installation time". So why on > OS X does SSL NOT look in '/System/Library/OpenSSL/certs'? I can't find a > config file or correct command to set to this directory as the default to > look for certificates. > > Also I use ‘--ca-directory=directory’ as > > wget --ca-directory=/System/Library/OpenSSL/certs/ > https://forums.mvgroup.org/index.php?showtopic=2827 > > terminal reports > ====================== > Resolving forums.mvgroup.org... 87.241.99.41 > Connecting to forums.mvgroup.org|87.241.99.41|:443... connected. > ERROR: cannot verify forums.mvgroup.org's certificate, issued by > `/O=MVGroup/CN=forums.mvgroup.org': > Self-signed certificate encountered. > To connect to forums.mvgroup.org insecurely, use `--no-check-certificate'. > ====================== > > I think this must be a bug or wrong usage because logically this command > tells wget to tell openssl to look in '/System/Library/OpenSSL/certs/' for a > certificate but it keeps failing unless we specifically tell wget the exact > file based on the current directory else it fails if current directory doesnt > contain a cert. Note that the wget manual also says "the file name is based on a hash value derived from the certificate. This is achieved by processing a certificate directory with the `c_rehash' utility supplied with OpenSSL.". In this case, running c_rehash <folder>, creates a symlink from 3cc93452.0 to forums.mvgroup.org.pem Using wget with ca-directory does work for me if there is such link, but fail otherwise. I suppose wget is also trying to open it at /System/Library/OpenSSL/certs/3cc93452.0, so if you make such symlink there it should also work.
