I was looking in muon and found wget2.  In the description it says: GNU Wget2 is the successor of GNU Wget.  So I installed wget2 and tested it to find it works.  Do any other apps use wget?  If so, could I replace /usr/bin/wget with a symbolic link to /usr/bin/wget2?  I ask because I thought about using muon to purge wget, but it warned me that a bunch of stuff would also be removed, so I clicked cancel. On 9/17/22 15:08, James Mcphee via PLUG-discuss wrote: > wget, curl, etc are compiled with gnu_tls or openssl or libressl, or > whatever.  usually when adding those config options, you'll have some > vars for distro-specific settings.  anyway.  in ubuntu, > ca-certificates is the pkg that holds your normal trust stuff.  > update-ca-certificates is the command you'd use to do the update.  So, > if you think you broke your trust store, you could try > update-ca-certificates, and if that didn't work, a reinstall of > ca-certificates.  specifically, what update-ca-certificates does is > takes the list from /etc/ca-certificates.conf from /etc/ssl/certs and > updates the various ca bundles like the java cacerts and the > ca-certificates.txt, and anything else if the distro decided to use > that in its TLS/SSL config. > > On Sat, Sep 17, 2022 at 11:46 AM Michael Butash via PLUG-discuss > wrote: > > Some quick searching as I don't often use wget, it looks like it > doesn't use local system certs, and has no inherent trust to certs > at all.  If you search "wget ssl certificates" like I just did, > you see others posting how to skip the check and trust anyways, > and various discussions wtf this is even a thing still.  Weird > software caveat I'd say it doesn't just reference system cert > trusts, or just hasn't felt the need to be updated in 20 years > because you know, security is meh. > > -mb > > > > On Sat, Sep 17, 2022 at 10:40 AM Jim via PLUG-discuss > wrote: > > It's not just ww.gutenberg.org . > That's an example of what happens no matter what site I try to > use wget on.  About the truststore, how do I add to or update > it?  I decided to ask for help after trying to install > openwebrx following the instructions here. > https://www.openwebrx.de/download/ubuntu.php Also I found out > today that something similar happens with youtube-dl.  I tried > to use it today and this is what happened.   Youtube-dl works > if I use the --no-check-certificate option. > > $ youtube-dl https://www.youtube.com/watch?v=VW3XQDDGhA4 > [youtube] VW3XQDDGhA4: Downloading webpage > WARNING:Unable to download webpage: CERTIFICATE_VERIFY_FAILED] certificate ver > ify failed: unable to get local issuer certificate (_ssl.c:1131)> > [youtube] VW3XQDDGhA4: Downloading API JSON > ERROR:Unable to download API page: CERTIFICATE_VERIFY_FAILED] certificate veri > fy failed: unable to get local issuer certificate > (_ssl.c:1131)> (caused by URLError(SSLCertVerifica > tionError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate > verify failed: unable to get local issuer > certificate (_ssl.c:1131)'))) > > > > On 9/16/22 17:33, James Mcphee via PLUG-discuss wrote: >> check out the verification of the cert chain.  it works for >> me with a new build of 20.04, so it might be that you need to >> add or update your truststore. >> openssl s_client -connect www.gutenberg.org:443 >> < /dev/null | openssl x509 >> -text -noout >> >> up there at the top, this is what it looks like when it works >> depth=2 C = US, ST = New Jersey, L = Jersey City, O = The >> USERTRUST Network, CN = USERTrust RSA Certification Authority >> verify return:1 >> depth=1 C = US, ST = VA, L = Herndon, O = Network Solutions >> L.L.C., CN = Network Solutions OV Server CA 2 >> verify return:1 >> depth=0 C = US, ST = Utah, L = Salt Lake City, O = Project >> Gutenberg Literary Archive Foundation, CN = *.gutenberg.org >> >> verify return:1 >> DONE >> >> I can see that i have that usertrust network cert in >> /etc/ssl/certs, so all is good.  if i had to add one i'd have >> then run update-ca-certicates. >> >> On Fri, Sep 16, 2022 at 2:17 PM Jim via PLUG-discuss >> wrote: >> >> This has been bugging me for a while, but today it's >> annoying me to the point I want to fix it.  Wget gives me >> an error whenever I try to use it.  I have no problem >> getting files using a web browser.  Here's an example. >> Using firefox I was able to download the file, but this >> can be a pain in the butt when I'm trying to add a >> repository.  I have Ubuntu 20.04 installed. >> >> >> $ wget https://www.gutenberg.org/ebooks/68992.epub.images >> --2022-09-16 14:08:02-- >> https://www.gutenberg.org/ebooks/68992.epub.images >> Resolving www.gutenberg.org >> (www.gutenberg.org )... >> 152.19.134.47, 2610:28:3090:3000:0:bad:cafe:47 >> Connecting to www.gutenberg.org >> (www.gutenberg.org >> )|152.19.134.47|:443... connected. >> ERROR: cannot verify www.gutenberg.org's >> certificate, issued by >> ‘CN=Network Solutions OV Server CA 2 >> ,O=Network Solutions L.L.C.,L=Herndon,ST=VA,C=US’: >>  Self-signed certificate encountered. >> To connect to www.gutenberg.org >> insecurely, use >> `--no-check-certificate'. >> >> Any idea how to fix this?  thanks >> >> >> --------------------------------------------------- >> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss >> >> >> >> -- >> James McPhee >> jmcphe@gmail.com >> >> --------------------------------------------------- >> PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > --------------------------------------------------- > PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > > -- > James McPhee > jmcphe@gmail.com > > --------------------------------------------------- > PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss