[Touch-packages] [Bug 1580700] Re: Add Let's Encrypt Authority to Package
I've uploaded a fixed wget package to precise-proposed for processing by the SRU team. ** Also affects: wget (Ubuntu Precise) Importance: Undecided Status: New ** Changed in: wget (Ubuntu) Status: New => Fix Released ** Changed in: wget (Ubuntu Precise) Status: New => Confirmed ** Changed in: wget (Ubuntu Precise) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Description changed: + [Impact] + wget in Ubuntu 12.04 doesn't have support for TLS Server Name Indication, which makes it incompatible with certain sites, includes sites that use the Let's Encrypt Authority. + + The updated package fixes the issue with a backported patch from wget + 1.14. + + [Test Case] + 1- wget https://www.x.org + 2- Connection should succeed, instead of getting an error (ERROR: no certificate subject alternative name matches) + + [Regression Potential] + Commit is simple. If broken, could possibly break SSL support in wget. + + + Original report: + Let's Encrypt Authority should be added to CA-certificates. https://www.X.org is now using a cert from this CA, wget fails when connecting to X.org. ** Summary changed: - Add Let's Encrypt Authority to Package + wget in 12.04 does not support SNI ** Changed in: wget (Ubuntu Precise) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to wget in Ubuntu. https://bugs.launchpad.net/bugs/1580700 Title: wget in 12.04 does not support SNI Status in wget package in Ubuntu: Fix Released Status in wget source package in Precise: In Progress Bug description: [Impact] wget in Ubuntu 12.04 doesn't have support for TLS Server Name Indication, which makes it incompatible with certain sites, includes sites that use the Let's Encrypt Authority. The updated package fixes the issue with a backported patch from wget 1.14. [Test Case] 1- wget https://www.x.org 2- Connection should succeed, instead of getting an error (ERROR: no certificate subject alternative name matches) [Regression Potential] Commit is simple. If broken, could possibly break SSL support in wget. Original report: Let's Encrypt Authority should be added to CA-certificates. https://www.X.org is now using a cert from this CA, wget fails when connecting to X.org. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1580700/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1580700] Re: Add Let's Encrypt Authority to Package
Ubuntu 12.04 has wget 1.13.4, which doesn't have support for TLS Server Name Indication, which was included in 1.14. That needs to get backported. ** No longer affects: ca-certificates (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1580700 Title: Add Let's Encrypt Authority to Package Status in wget package in Ubuntu: New Bug description: Let's Encrypt Authority should be added to CA-certificates. https://www.X.org is now using a cert from this CA, wget fails when connecting to X.org. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1580700/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1580700] Re: Add Let's Encrypt Authority to Package
I can reproduce this with wget on 12.04, but not on 14.04. Both use the same version of ca-certificates. Using openssl directly also works: openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect www.x.org:443 I suspect wget on 12.04 is doing something odd, I'll look into this. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1580700 Title: Add Let's Encrypt Authority to Package Status in wget package in Ubuntu: New Bug description: Let's Encrypt Authority should be added to CA-certificates. https://www.X.org is now using a cert from this CA, wget fails when connecting to X.org. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wget/+bug/1580700/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1580700] Re: Add Let's Encrypt Authority to Package
The ca-certificates I have is "ca-certificates 20160104ubuntu0.12.04.1" The issue exists with two versions of wget I've tried wget 1.13.4-2ubuntu1.2 and Wget 1.16.3 which I compiled myself Although the error message is different for each, I believe its the same issue. Error with Wget 1.13.4: "ERROR: no certificate subject alternative name matches requested host name `www.x.org'. To connect to www.x.org insecurely, use `--no-check-certificate'." Error with Wget 1.16.3: "ERROR: The certificate of 'www.x.org' is not trusted." -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1580700 Title: Add Let's Encrypt Authority to Package Status in ca-certificates package in Ubuntu: New Status in wget package in Ubuntu: New Bug description: Let's Encrypt Authority should be added to CA-certificates. https://www.X.org is now using a cert from this CA, wget fails when connecting to X.org. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1580700/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1580700] Re: Add Let's Encrypt Authority to Package
Current ca-certificates should already have the required CA. Which version of ca-certificates, and which version of wget are you trying? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ca-certificates in Ubuntu. https://bugs.launchpad.net/bugs/1580700 Title: Add Let's Encrypt Authority to Package Status in ca-certificates package in Ubuntu: New Status in wget package in Ubuntu: New Bug description: Let's Encrypt Authority should be added to CA-certificates. https://www.X.org is now using a cert from this CA, wget fails when connecting to X.org. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1580700/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp