Hi. On Wed, Feb 24, 2021 at 11:27:31AM -0500, Albretch Mueller wrote: > sorry, bad wording typing fast. what I meant is that I use the wget > setting "--server-response" and keep my logs, but all I could see in > the logs was: > > WARNING: certificate common name `ftp.acc.umu.se' doesn't match > requested host name `chuangtzu.ftp.acc.umu.se'.
And "openssl x509" helpfully shows that chuangtzu.ftp.acc.umu.se uses the certificate issued to "CN = ftp.acc.umu.se" by LetsEncrypt, and has chuangtzu.ftp.acc.umu.se in the "X509v3 Subject Alternative Name" section. I.e. the certificate is as valid as you consider LetsEncrypt to be. Debian's wget uses GnuTLS for https, and GnuTLS can be quirky in this regard. > I had never seen anything like that in my logs before, let alone from > debian mirrors. Why would they not protocol their server responses as > every server does? Because less is more. As seen above, all you get is a false positive. The less garbage fill your logs - the clearer the cause of the problem is. > Yes, I have plenty of reasons to believe "they are watching 'me' (and > 'you' and every one and their pets)". ... Dear Albretch, you're in a in-between position here. Either try to approach to the problem as an engineer. For instance, judging a host by host name is not racist, it's highly inaccurate at best (I'll refrain from stronger terms). According to RIPE, umu.se is a perfectly valid Swedish domain, registered back in '87. Or, try to approach a problem as complete lunatic. In this case, your rant clearly lacks mentioning of nano-chips that are included in each and every COVID vaccine shot, an ability to control said nano-chips via 5G, and last, but not least - the secret cabal which benefits from it. To be serious, first approach is welcome here. Please try second approach elsewhere. Reco
