-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, (I am still here, still running OSX 10.6.8 with all security updates etc.) I've compiled the 1.14.96-38327 tarball here. With it, I'm suddenly getting retries when I need to fetch something with https (while regular http seems ok) no matter what server I need to pull from. I also updated gnutls to 3.2.6 and nettle to 2.7 just in case but no help in this regard. For example, here's a wget of the nightly Enigmail build in debug mode: > $ wget -d https://www.enigmail.net/download/nightly/enigmail-nightly-all.xpi > DEBUG output created by Wget 1.14.96-38327 on darwin10.8.0. > > URI encoding = ‘UTF-8’ > --2013-11-04 10:06:45-- > https://www.enigmail.net/download/nightly/enigmail-nightly-all.xpi > Certificates loaded: -1250 > Resolving www.enigmail.net (www.enigmail.net)... 217.26.54.154 > Caching www.enigmail.net => 217.26.54.154 > Connecting to www.enigmail.net (www.enigmail.net)|217.26.54.154|:443... > connected. > Created socket 4. > Releasing 0x01091670 (new refcount 1). > WARNING: No certificate presented by www.enigmail.net. > > ---request begin--- > GET /download/nightly/enigmail-nightly-all.xpi HTTP/1.1 > User-Agent: Wget/1.14.96-38327 (darwin10.8.0) > Accept: */* > Host: www.enigmail.net > Connection: Keep-Alive > > ---request end--- > HTTP request sent, awaiting response... Read error (Success.) in headers. > Retrying. > > --2013-11-04 10:06:47-- (try: 2) > https://www.enigmail.net/download/nightly/enigmail-nightly-all.xpi > Found www.enigmail.net in host_name_addresses_map (0x1091670) > Connecting to www.enigmail.net (www.enigmail.net)|217.26.54.154|:443... > connected. > Created socket 4. > Releasing 0x01091670 (new refcount 1). > WARNING: No certificate presented by www.enigmail.net. > > ---request begin--- > GET /download/nightly/enigmail-nightly-all.xpi HTTP/1.1 > User-Agent: Wget/1.14.96-38327 (darwin10.8.0) > Accept: */* > Host: www.enigmail.net > Connection: Keep-Alive > > ---request end--- > HTTP request sent, awaiting response... Read error (Success.) in headers. > Retrying. > > --2013-11-04 10:06:49-- (try: 3) > https://www.enigmail.net/download/nightly/enigmail-nightly-all.xpi > Found www.enigmail.net in host_name_addresses_map (0x1091670) > Connecting to www.enigmail.net (www.enigmail.net)|217.26.54.154|:443... > connected. > Created socket 4. > Releasing 0x01091670 (new refcount 1). > WARNING: No certificate presented by www.enigmail.net. > > ---request begin--- > GET /download/nightly/enigmail-nightly-all.xpi HTTP/1.1 > User-Agent: Wget/1.14.96-38327 (darwin10.8.0) > Accept: */* > Host: www.enigmail.net > Connection: Keep-Alive > > ---request end--- > HTTP request sent, awaiting response... Read error (Success.) in headers. > Retrying. > > ^C I can fetch this file ok with 1.14.96-38327 if I use plain http. ;) I saved the current stable 1.14 build of wget and it fetches from https ok. So this might be a regression of some sort. My ~/.wgetrc (for all wget versions/sessions shown here): > $ cat ~/.wgetrc > tries = 0 > continue = on > timestamping = on > timeout = 20 > waitretry = 5 > random_wait = on > #inet4_only = on > #prefer_family = IPv4 > retry_connrefused = on > check-certificate = off > trust-server-names = on > #content-on-error = on > auth-no-challenge = on > ca-certificate = /usr/local/share/wget/cacert.pem > robots = off > #load-cookies = /Users/scifi/Library/Application Support/Camino/cookies.txt My compile parms: > $ wget --version > GNU Wget 1.14.96-38327 built on darwin10.8.0. > > +digest +https +ipv6 +iri +large-file +nls +ntlm +opie +ssl/gnutls > > Wgetrc: > /Users/scifi/.wgetrc (user) > /usr/local/etc/wgetrc (system) > Locale: > /usr/local/share/locale > Compile: > gcc-4.2 -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/local/etc/wgetrc" > -DLOCALEDIR="/usr/local/share/locale" -I. -I../lib -I../lib > -I/usr/local/ssl/include -I/usr/X11/include -I/usr/local/include > -I/WhichXcode/Headers/FlatCarbon -I/usr/include > -I/usr/local/include -Os -mtune=core2 -march=core2 > -force_cpusubtype_ALL -arch i386 > Link: > gcc-4.2 -Os -mtune=core2 -march=core2 -force_cpusubtype_ALL -arch > i386 -Os -mtune=core2 -march=core2 -force_cpusubtype_ALL -arch i386 > -L/usr/local/lib -L/usr/local/lib -liconv -L/usr/local/lib -lintl > -Wl,-framework -Wl,CoreFoundation -lnettle -L/usr/local/lib > -lgnutls -L/usr/local/ssl/lib -L/usr/local/lib/libquicktime > -L/usr/X11/lib -lnettle -lhogweed -lgmp /usr/lib/libz.dylib > -lp11-kit -lintl /usr/lib/libpthread.dylib -lz -L/usr/local/ssl/lib > -L/usr/local/lib/libquicktime -L/usr/local/lib -L/usr/X11/lib > -L/usr/lib -lidn -lpcre ftp-opie.o gnutls.o http-ntlm.o > ../lib/libgnu.a > > Copyright (C) 2011 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later > <http://www.gnu.org/licenses/gpl.html>. > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > Originally written by Hrvoje Niksic <hnik...@xemacs.org>. > Please send bug reports and questions to <bug-wget@gnu.org>. Of course I would much-rather use Secure mode rather than open-clear mode if for no other reason than to tell TPTB to stop spying on everyone. If ya git my gist. ;) FWIW, thanks for keeping this project alive. -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJSd8ktAAoJEKkeWNKet7+KcScIAJPrr2pz0vqK2Sb6hQJmYxrT nx8Q/IbNqfgYSHQY8fft6dF4cpPPvFPzQGWUjTsLhTBgpwJ0GhSgoNJzW5Ma4X0T tAh2FJVWhAynRMvQIF/joJeynykhToAvBBSHcIq08baS6RvtTPgFWBNG8mDBG6Uw OV71+0Vg6Jp2wQU/Oa4gro5VTeJbqSwnomb5+4tsLNgGRW7LIL6HcrS9GIkg5oz2 QBe5PxY/n0AhiwuWcvoMn4zKK7uOsj+92Tlz/crRqGJCEma6clFdM6Xr5u8NFw6P 4oUodTh92YQiT9yL9z+cgBUm7+ph0p+B60jwSyaJRqqpfrA64igzVDbXR1D9qFM= =BMBC -----END PGP SIGNATURE-----