Re: cygwin wget ssl

[Daniel Stenberg]

On Wed, 20 Apr 2005, Hrvoje Niksic wrote:
It seems this site is sending something that the OpenSSL library cannot 
handle.  For example, both Wget and curl on Linux display the same error:

$ curl https://www.danier.com
curl: (35) error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad 
record mac
Maybe this should be reported to the OpenSSL maintainers?
If you force it to do SSLv2 it works fine. At times, old and bad SSL 
implementations make it hard for OpenSSL to autodetect version.

--
  -=- Daniel Stenberg -=- http://daniel.haxx.se -=-
   ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Problems with mirror option on Win XP

[Zoran Lazarević]

Ola!
I encountered a problem on Win XP when I want to use -m option with wget.
The command looks like this : wget -m -nH -nv -o wget.log --cut-dirs=1 
--progress=bar http://IP_ADDRESS:8014/VIRTUAL_DIR

Directory structure on server looks something like this and inside every 
directory there is one or more files:
VIRTUAL_DIR
   |- DIR1
   |  |-DIR12
   |  |-DIR123
   | |-DIR1234
   |   |-DIR12345
   |- DIR2

When I call command for the first time, wget creates all directories and 
I get all the files that are inside those directories.
If I add or change a file in directory DIR12 for example, the command 
retrieves new/changed file.
BUT if I change or add a file in DIR12345, the file is not copied from 
server. And in the log file there is no record of wget trying to access 
that directory.
Last scanned directory is DIR1234.

If I run that same command on linux machine it works well.
I even tried to run it on XP under cygwin and it works.
I tried to change command to use -l option and it still doesn't work.
If someone could give me any idea what is going on I would be very grateful.
Thanks,
   Zoran

Length: -77,656,064

[Voelker Bernhard]

Hello gnu,
 
I'm experiencing a wrong display of the file size of a huge file to get:

   berny wget -Y off -c 'ftp://my-server/pub/dvd.iso'
   --13:56:35--  ftp://my-server/pub/dvd.iso
  = `dvd.iso'
   Resolving my-server... 192.168.0.4
   Connecting to linx.ct.siemens.de[192.168.0.4]:21... connected.
   Logging in as anonymous ... Logged in!
   == SYST ... done.== PWD ... done.
   == TYPE I ... done.  == CWD /pub ... done.
   == PASV ... done.== RETR dvd.iso ... done.
   Length: -77,656,064 (unauthoritative)
   ...
 
The file on the FTP-Server is  2^32 bytes:

   -rw-r--r--   1 75   ftp  8512278528 Apr 13 10:31 
suse93-dvd1-7.9GBImage.iso

My version of wget:

   berny wget --version
   GNU Wget 1.9.1
   ...

My system(s):

   Solaris9 (SunOS 5.9)
   Cygwin   (CYGWIN_NT-5.0 1.5.14)

I think it is only a displaying error since the download starts correctly.

Have a nice day,
Bernhard Voelker

bugs on NTLM

[Sami Krank]

Hi!

Last two days I have been learning and debugging NTLM on the latest
version of wget from cvs (1.10-alpha2+cvs-dev). Mainly I have debugged
on linux, but noticed same problems occurs on win32 too. During testing
I found four bugs, that needs to be fixed. 

On previous threads I noticed that you had problem to find test server
for NTLM-testing. If you need, I can provide IIS-6.0 server for testing
NTLM. Just let me know, so I will set it up.

1:NTLM Domain is not written right
in http-ntlm.c line ~420

usr = strchr(user, '\\');
if (!usr) usr = strchr(user, '/');

if (usr) {
  domain = usr; // Sets pointer to '\' or '/'. Should be: domain = user;
  domlen = usr - domain;
  usr++;
}

2: NTLM auth stops to early.
in http.c there is variable auth_tried_already and test

if (auth_tried_already || !(user  passwd)) ...

Now when trying, wget tries first basic auth and gets back

WWW-Authenticate: NTLM

in response header. wget send first phase of authentication fine on next
request and gets result 401 and

WWW-Authenticate: NTLM TlRMT...

in response header. Now wget should send next request with NTLM type-3
message, which contains final authentication information. I made an
dirty-hack-hack-fix to get ahead on testing. Then I found next problem.

3: NTLM type-3 message might be invalid, because server sends 401 and

WWW-Authenticate: NTLM

if response header. My testserver is Microsoft-IIS/6.0. 


4: Error on response header handling
Microsoft-IIS/6.0 sends actually 2 WWW-Authenticate rows in header

...
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
...

This causes that authentication scheme is never recognized.

resp_header_strdup (resp, WWW-Authenticate)

gives returns first 'WWW-Authenticate'-value and it is 'Negotiate'.
Problem do not occur on all IIS-server.




I'm newbie on taking part in open source projects, so hope these
descriptions of the problems was clear enough.

Thanks before

Sami

Re: Length: -77,656,064

[Hrvoje Niksic]

Wget 1.9.1 doesn't work with large files.  The soon-to-be-released
1.10 does, though.

ftp://ftp.deepspace6.net/pub/ds6/sources/wget/wget-1.10-alpha2.tar.bz2

Re: bugs on NTLM

[Hrvoje Niksic]

Sami Krank [EMAIL PROTECTED] writes:

 Last two days I have been learning and debugging NTLM on the latest
 version of wget from cvs (1.10-alpha2+cvs-dev). Mainly I have
 debugged on linux, but noticed same problems occurs on win32
 too. During testing I found four bugs, that needs to be fixed.

 On previous threads I noticed that you had problem to find test
 server for NTLM-testing. If you need, I can provide IIS-6.0 server
 for testing NTLM. Just let me know, so I will set it up.

Please do -- I'd be interested to try it out.

 1:NTLM Domain is not written right
 in http-ntlm.c line ~420
[...]

I've now installed this fix.

 2: NTLM auth stops to early.
 in http.c there is variable auth_tried_already and test

   if (auth_tried_already || !(user  passwd)) ...

Current usage of auth_tried_already is too naive for NTLM.  After
getting the NTLM type 1 message we should probably *not* set it.

 3: NTLM type-3 message might be invalid, because server sends 401 and

   WWW-Authenticate: NTLM

 if response header. My testserver is Microsoft-IIS/6.0.

This should be tested further.

 4: Error on response header handling
 Microsoft-IIS/6.0 sends actually 2 WWW-Authenticate rows in header

I think this is easily fixed.  Wget's header code can iterate over a
header -- it is already done for Set-Cookie.

I'm not sure what Wget should do in the general case if it receives
several WWW-Authenticate headers.

Re: cygwin wget ssl

[Daniel Stenberg]

On Thu, 21 Apr 2005, Konrad Chan wrote:
After browsing the openssl newsgroup per Hrvoje's suggestion, I came to a 
similar conclusion as well (cipher problem). However, I couldn't find 
instructions on how to change the cipher for wget, I tried all the different 
ciphers using curl but no luck, since openssl ciphers only had SSLv3.
Let me repeat myself:
   If you force it to do SSLv2 it works fine.
wget --sslprotocol=1
--
 -=- Daniel Stenberg -=- http://daniel.haxx.se -=-
  ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol

Re: cygwin wget ssl

[Hrvoje Niksic]

Daniel Stenberg [EMAIL PROTECTED] writes:

 On Thu, 21 Apr 2005, Konrad Chan wrote:

 After browsing the openssl newsgroup per Hrvoje's suggestion, I came
 to a similar conclusion as well (cipher problem). However, I
 couldn't find instructions on how to change the cipher for wget, I
 tried all the different ciphers using curl but no luck, since
 openssl ciphers only had SSLv3.

 Let me repeat myself:

 If you force it to do SSLv2 it works fine.

 wget --sslprotocol=1

I've now noticed that the manual doesn't document *any* of the SSL
options.  :-(  Time to fix that oversight.

Re: wget 1.10 alpha 2

[Doug Kaufman]

On Wed, 20 Apr 2005, Hrvoje Niksic wrote:

 Herold Heiko [EMAIL PROTECTED] writes:
 
 I am greatly surprised.  Do you really believe that Windows users
 outside an academic environment are proficient in using the compiler?
 I have never seen a home Windows installation that even contained a
 compiler, the only exception being ones that belonged to professional
 C or C++ developers.

This is what Cygwin is all about. Once you open up the Cygwin bash
shell, all you have to do with most source code is configure; make;
make install. I am not a programmer and have been compiling programs
for several years. As long as the program copiles cleanly, there
shouldn't be a problem under Windows. I don't have any idea of how many
Windows users would try to patch the code if it didn't compile out of
the box.
  
 The very idea that a Windows user might grab source code and compile a
 package is strange.  I don't remember ever seeing a Windows program
 distributed in source form.

See, for example, htmldoc which converts html into a pdf file. The
free version is only distributed as source code. Or see consoletelnet,
distributed both as source and binary.
Doug

-- 
Doug Kaufman
Internet: [EMAIL PROTECTED]

Re: wget 1.10 alpha 2

[Hrvoje Niksic]

Doug Kaufman [EMAIL PROTECTED] writes:

 On Wed, 20 Apr 2005, Hrvoje Niksic wrote:

 Herold Heiko [EMAIL PROTECTED] writes:
 
 I am greatly surprised.  Do you really believe that Windows users
 outside an academic environment are proficient in using the compiler?
 I have never seen a home Windows installation that even contained a
 compiler, the only exception being ones that belonged to professional
 C or C++ developers.

 This is what Cygwin is all about. Once you open up the Cygwin bash
 shell, all you have to do with most source code is configure; make;
 make install.

Oh, I know that and I *love* Cygwin and use it all the time (while in
Windows)!  But that is beside the point because this problem doesn't
occur under Cygwin in the first place -- Cygwin compilation is as
clean as it gets.

My point was that a typical Windows (not Cygwin) user doesn't know
about the compilation process, nor can he be bothered to learn.
That's a great shame, but it's something that's not likely to change.
Making the code uglier for the sake of ordinary Windows users willing
to compile it brings literally no gain.

The above shouldn't be construed as not wanting to support Windows at
all.  There are Windows users, on this list and elsewhere, who are
perfectly able and willing to compile Wget from source.  But those
users are also able to read the documentation, to turn off
optimization for offending functions, not to mention to upgrade their
compiler, or get a free one that is much less buggy (the Borland
compiler comes to mind, but there are also Mingw, Cygwin, Watcom,
etc.)

SSL options

[Hrvoje Niksic]

I remembered why I never documented the SSL options.  Because they are
badly named, accept weird values, and I wanted to fix them.  I felt
(and still feel) that documenting them would make them official and
force us to keep supporting them forever.

Here is the list, extracted from `wget --help':

   --sslcertfile=FILE optional client certificate.
   --sslcertkey=KEYFILE   optional keyfile for this certificate.
   --sslcadir=DIR dir where hash list of CA's are stored.
   --sslcafile=FILE   file with bundle of CA's
   --sslcerttype=0/1  Client-Cert type 0=PEM (default) / 1=ASN1 (DER)
   --sslcheckcert=0/1 Check the server cert agenst given CA
   --sslprotocol=0-3  choose SSL protocol; 0=automatic,
  1=SSLv2 2=SSLv3 3=TLSv1
   --egd-file=FILEfile name of the EGD socket.

The names are unreadable because they don't include the usual
separator between words.  They also contain weird acronyms and
abbreviations, such as CA or cert, making them even harder to
read.

Finally, the values they force upon the user are unbelievably cryptic.
How hard would it have been to support something like
--sslprotocol=sslv2 or --sslcerttype=pem... but no, it was easier to
call atoi.

The question is what should we do for 1.10?  Document the unreadable
names and cryptic values, and have to support them until eternity?
Leave them undocumented and fix (and document) them for the next
release?  Fix them for this release (and break the freeze), and
document them?

Does anyone ever use them anyway?

RE: SSL options

[Tony Lewis]

Hrvoje Niksic wrote:

 The question is what should we do for 1.10?  Document the
 unreadable names and cryptic values, and have to support
 them until eternity?

My vote is to change them to more reasonable syntax (as you suggested
earlier in the note) for 1.10 and include the new syntax in the
documentation. However, I think wget should to continue to support the old
options and syntax as alternatives in case people have included them in
scripts.

Tony

404 error redirect

[Tanton Gibbs]

I'm setting up a site for my company to allow 
people to get certain files out of our company repository. Basically, I 
want people to be able to write the following:

wget http://servername/~tgibbs/FileWanted.rpm

However, the files are stored someplace else and I 
don't want to mirror them. Therefore, I have set up an ErrorDocument in 
apache that on 404 errors redirects to another page. The second page, then 
determines the referring URI and serves up the correct rpm. This works 
fine if I'm using internet explorer, but wget gives me a 404 error :-( For 
some reason, it is not following the internal redirect.

Does anyone know a way around this?

If not, perhaps you know of a way to tell wget how 
to name the file based on HTTP headers. I've tried attachement; 
filename="filename" but it just ignores those.

Also, I'm not subscribed to the list, so please cc 
me.

Thanks!
Tanton

NTLM test server available

[Sami Krank]

Hi!

You may use this server to test NTLM-authentication on wget.

http://212.50.205.135/ntlm/
usr: testuser
pwd: DummyUser

Server is not promised to be available all the time, because
it is actually running under my linux workstation. 
Server is MS Windows Server 2003 Enterprise Edition + IIS 6.0.

Hope this helps you on testing.

Sami