Using Debian Wheeze amd64, same version of wget (1.13.4-3+deb7u1). Just had new SSL keys generated for my hobby site stech.muecke.pw (heartbleed disaster recovery). According to gnutls-cli my certificate is completely valid:
$ gnutls-cli --x509cafile /etc/ssl/certs/ca-certificates.crt
[..]
- The hostname in the certificate matches 'stech.muecke.pw'.
- Peer's certificate is trusted
[..]
Corresponding wget command still fails:
$ wget -4 --ca-certificate /etc/ssl/certs/ca-certificates.crt \
https://stech.muecke.pw -O /dev/null
[..]
Connecting to stech.muecke.pw (stech.muecke.pw)|xx.xx.xx.xx|:443... connected.
GnuTLS: A TLS warning alert has been received.
Unable to establish SSL connection.
--no-check-certificate does not help.
Curl works, as does iceweasel. Wget with --no-check-certificate, using
IP address instead of hostname also works (with IP v4 and v6 addresses).
Using a locally defined DNS alias "mosquito.pool" with
--no-check-certificate also works, but the public DNS alias
"mosquito.selfhost.eu" produces the above error.
cheers,
David
--
GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk2.gpg
Fingerprint: B63B 6AF2 4EEB F033 46F7 7F1D 935E 6F08 E457 205F
pgp5i0FmmIGZJ.pgp
Description: PGP signature
