Re: [rhelv5-list] wget error [SOLVED]

Fri, 03 Feb 2012 09:43:40 -0800

I downloaded the source of wget-1.13.4, compiled it ( struggled a little bit with the gnutls definition GNUTLS_TLS1_2 which is not available in the gnutls.h in RHEL5.4's gnutls-devel-1.4.1-3.el5_4.8), and tried to access the same server. It works this time. 

[root@oits wget-1.13.4]# src/wget https://server.domain.org
--2012-02-03 12:51:01--  https://server.domain.org/
Resolving server.domain.org... 192.168.1.3
Connecting to server.domain.org|192.168.1.3|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `index.html'

    [ <=>                                   ] 11,577      --.-K/s   in 0s

2012-02-03 12:51:02 (58.0 MB/s) - `index.html' saved [11577]

[root@oits wget-1.13.4]#
So the cert and its installation are fine. The problem was the wget bug on the older version. 

Vu


On 02/03/2012 10:56 AM, Vu Pham wrote:


On 02/03/2012 10:41 AM, Krzysztof Mazurek wrote:
That's kind of basic SSL functionality - to warn you or deny access if servers DNS name does not match the CN in certificate ;) 
So SSL connection may not continue when:

1. CA is unknown and cannot be verified,
2. Certificates CN field (Common Name) doesn't match the DNS name of server, 
3. Servers SSL certificate is too old or is on a CRL list.
4. and as usual other SSL implementation problems ;)
Try connecting to HTTPS website with web browser and get the certificate. See if it's valid and the CN coresponds with DNS name. You must connnect to dns name (not IP adress - it won't work). I would start with that. 

Krzysztof
I think this problem does not belong to the above four reasons :). Googling "wget subject alternative name" shows that it is the wget bug that is fixed in version 1.13. 

     -- missing a check for Subject Alternative Name (TLS cert.)
        closes: Bug#409938
The versions I am using are 1.11 on RHEL 5.4 and 1.12 on RHEL 6.2

Thanks,
Vu


_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list

_______________________________________________
rhelv5-list mailing list
rhelv5-list@redhat.com
https://www.redhat.com/mailman/listinfo/rhelv5-list

Reply via email to