If wget is used to connect to a server that requests renegociation of the SSL connection, wget complains of a read error and quits. This happens when connecting to an Apache web server that is using "SSLVerifyClient" elsewhere than in the global config. Because the web server does not know that it will require the client to authenticate itself until it know which URL is requested, it has to request a renegociation of the SSL connection in order to get a certificate from the server.
Steps to reproduce: wget --sslcertkey=somefile --sslcertfile=someotherfile someurl someurl should be served off an Apache web server with "SSLVerifyClient require" configured, say, in an .htaccess for that particular URL. Fix: when the renegociation happens, SSL_read returns an error: SSL_ERROR_WANT_READ. The openssl documentation suggests that when this error is received, the SSL_read should be tried again. --- wget-1.9.1/src/gen_sslfunc.c 2005/08/25 22:07:02 1.1 +++ wget-1.9.1/src/gen_sslfunc.c 2005/08/25 22:09:23 @@ -321,9 +321,10 @@ if (select_fd (fd, opt.read_timeout, 0) <= 0) return -1; #endif - do + do { res = SSL_read (con, buf, len); - while (res == -1 && errno == EINTR); + if (SSL_get_error(con, res) == SSL_ERROR_WANT_READ) continue; + } while (res == -1 && errno == EINTR); return res; } -Phil