<div dir="ltr"><div>Some quick searching as I don't often use wget, it looks like it doesn't use local system certs, and has no inherent trust to certs at all. If you search "wget ssl certificates" like I just did, you see others posting how to skip the check and trust anyways, and various discussions wtf this is even a thing still. Weird software caveat I'd say it doesn't just reference system cert trusts, or just hasn't felt the need to be updated in 20 years because you know, security is meh.<br></div><div><br></div><div>-mb</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Sep 17, 2022 at 10:40 AM Jim via PLUG-discuss <<a href="mailto:plug-discuss@lists.phxlinux.org">plug-discuss@lists.phxlinux.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>It's not just <a href="http://ww.gutenberg.org" target="_blank">ww.gutenberg.org</a>. That's an example of what happens
no matter what site I try to use wget on. About the truststore,
how do I add to or update it? I decided to ask for help after
trying to install openwebrx following the instructions here.
<a href="https://www.openwebrx.de/download/ubuntu.php" target="_blank">https://www.openwebrx.de/download/ubuntu.php</a> Also I found out
today that something similar happens with youtube-dl. I tried to
use it today and this is what happened. Youtube-dl works if I
use the --no-check-certificate option. <br>
</p>
<p><span style="font-family:monospace"><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)">$ youtube-dl
<a href="https://www.youtube.com/watch?v=VW3XQDDGhA4" target="_blank">https://www.youtube.com/watch?v=VW3XQDDGhA4</a>
</span><br>
[youtube] VW3XQDDGhA4: Downloading webpage
<br>
<span style="color:rgb(178,104,24);background-color:rgb(255,255,255)">WARNING:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> Unable to
download webpage: <urlopen error [SSL:
CERTIFICATE_VERIFY_FAILED] certificate ver</span><br>
ify failed: unable to get local issuer certificate
(_ssl.c:1131)>
<br>
[youtube] VW3XQDDGhA4: Downloading API JSON
<br>
<span style="color:rgb(178,24,24);background-color:rgb(255,255,255)">ERROR:</span><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)"> Unable to
download API page: <urlopen error [SSL:
CERTIFICATE_VERIFY_FAILED] certificate veri</span><br>
fy failed: unable to get local issuer certificate
(_ssl.c:1131)> (caused by URLError(SSLCertVerifica<br>
tionError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed: unable to get local issuer<br>
certificate (_ssl.c:1131)')))<br>
<br>
<br>
</span></p>
<p><br>
</p>
<div>On 9/16/22 17:33, James Mcphee via
PLUG-discuss wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">check out the verification of the cert chain. it
works for me with a new build of 20.04, so it might be that you
need to add or update your truststore.
<div>openssl s_client -connect <a href="http://www.gutenberg.org:443" target="_blank">www.gutenberg.org:443</a>
< /dev/null | openssl x509 -text -noout<br>
</div>
<div><br>
</div>
<div>up there at the top, this is what it looks like when it
works</div>
<div>depth=2 C = US, ST = New Jersey, L = Jersey City, O = The
USERTRUST Network, CN = USERTrust RSA Certification Authority<br>
verify return:1<br>
depth=1 C = US, ST = VA, L = Herndon, O = Network Solutions
L.L.C., CN = Network Solutions OV Server CA 2<br>
verify return:1<br>
depth=0 C = US, ST = Utah, L = Salt Lake City, O = Project
Gutenberg Literary Archive Foundation, CN = *.<a href="http://gutenberg.org" target="_blank">gutenberg.org</a><br>
verify return:1<br>
DONE<br>
</div>
<div><br>
</div>
<div>I can see that i have that usertrust network cert in
/etc/ssl/certs, so all is good. if i had to add one i'd have
then run update-ca-certicates.</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Sep 16, 2022 at 2:17
PM Jim via PLUG-discuss <<a href="mailto:plug-discuss@lists.phxlinux.org" target="_blank">plug-discuss@lists.phxlinux.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>This has been bugging me for a while, but today it's
annoying me to the point I want to fix it. Wget gives me
an error whenever I try to use it. I have no problem
getting files using a web browser. Here's an example.
Using firefox I was able to download the file, but this
can be a pain in the butt when I'm trying to add a
repository. I have Ubuntu 20.04 installed.<br>
</p>
<p><br>
</p>
<p><span style="font-family:monospace"><span style="color:rgb(0,0,0);background-color:rgb(255,255,255)">$
wget <a href="https://www.gutenberg.org/ebooks/68992.epub.images" target="_blank">https://www.gutenberg.org/ebooks/68992.epub.images</a>
</span><br>
--2022-09-16 14:08:02-- <a href="https://www.gutenberg.org/ebooks/68992.epub.images" target="_blank">https://www.gutenberg.org/ebooks/68992.epub.images</a>
<br>
Resolving <a href="http://www.gutenberg.org" target="_blank">www.gutenberg.org</a>
(<a href="http://www.gutenberg.org" target="_blank">www.gutenberg.org</a>)...
152.19.134.47, 2610:28:3090:3000:0:bad:cafe:47 <br>
Connecting to <a href="http://www.gutenberg.org" target="_blank">www.gutenberg.org</a>
(<a href="http://www.gutenberg.org" target="_blank">www.gutenberg.org</a>)|152.19.134.47|:443...
connected. <br>
ERROR: cannot verify <a href="http://www.gutenberg.org's" target="_blank">www.gutenberg.org's</a>
certificate, issued by ‘CN=Network Solutions OV Server
CA 2<br>
,O=Network Solutions L.L.C.,L=Herndon,ST=VA,C=US’: <br>
Self-signed certificate encountered. <br>
To connect to <a href="http://www.gutenberg.org" target="_blank">www.gutenberg.org</a>
insecurely, use `--no-check-certificate'.<br>
<br>
Any idea how to fix this? thanks</span></p>
<p><span style="font-family:monospace"><br>
</span></p>
</div>
---------------------------------------------------<br>
PLUG-discuss mailing list: <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">James McPhee<br>
<a href="mailto:jmcphe@gmail.com" target="_blank">jmcphe@gmail.com</a></div>
<br>
<fieldset></fieldset>
<pre>---------------------------------------------------
PLUG-discuss mailing list: <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</blockquote>
</div>
---------------------------------------------------<br>
PLUG-discuss mailing list: <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div>