I was looking in muon and found wget2. In the description it says: GNU
Wget2 is the successor of GNU Wget. So I installed wget2 and tested it
to find it works. Do any other apps use wget? If so, could I replace
/usr/bin/wget with a symbolic link to /usr/bin/wget2? I ask because I
thought about using muon to purge wget, but it warned me that a bunch of
stuff would also be removed, so I clicked cancel.
On 9/17/22 15:08, James Mcphee via PLUG-discuss wrote:
> wget, curl, etc are compiled with gnu_tls or openssl or libressl, or
> whatever. usually when adding those config options, you'll have some
> vars for distro-specific settings. anyway. in ubuntu,
> ca-certificates is the pkg that holds your normal trust stuff.
> update-ca-certificates is the command you'd use to do the update. So,
> if you think you broke your trust store, you could try
> update-ca-certificates, and if that didn't work, a reinstall of
> ca-certificates. specifically, what update-ca-certificates does is
> takes the list from /etc/ca-certificates.conf from /etc/ssl/certs and
> updates the various ca bundles like the java cacerts and the
> ca-certificates.txt, and anything else if the distro decided to use
> that in its TLS/SSL config.
>
> On Sat, Sep 17, 2022 at 11:46 AM Michael Butash via PLUG-discuss
> <plug-discuss@lists.phxlinux.org> wrote:
>
> Some quick searching as I don't often use wget, it looks like it
> doesn't use local system certs, and has no inherent trust to certs
> at all. If you search "wget ssl certificates" like I just did,
> you see others posting how to skip the check and trust anyways,
> and various discussions wtf this is even a thing still. Weird
> software caveat I'd say it doesn't just reference system cert
> trusts, or just hasn't felt the need to be updated in 20 years
> because you know, security is meh.
>
> -mb
>
>
>
> On Sat, Sep 17, 2022 at 10:40 AM Jim via PLUG-discuss
> <plug-discuss@lists.phxlinux.org> wrote:
>
> It's not just ww.gutenberg.org <http://ww.gutenberg.org>.
> That's an example of what happens no matter what site I try to
> use wget on. About the truststore, how do I add to or update
> it? I decided to ask for help after trying to install
> openwebrx following the instructions here.
> https://www.openwebrx.de/download/ubuntu.php Also I found out
> today that something similar happens with youtube-dl. I tried
> to use it today and this is what happened. Youtube-dl works
> if I use the --no-check-certificate option.
>
> $ youtube-dl https://www.youtube.com/watch?v=VW3XQDDGhA4
> [youtube] VW3XQDDGhA4: Downloading webpage
> WARNING:Unable to download webpage: <urlopen error [SSL:
> CERTIFICATE_VERIFY_FAILED] certificate ver
> ify failed: unable to get local issuer certificate (_ssl.c:1131)>
> [youtube] VW3XQDDGhA4: Downloading API JSON
> ERROR:Unable to download API page: <urlopen error [SSL:
> CERTIFICATE_VERIFY_FAILED] certificate veri
> fy failed: unable to get local issuer certificate
> (_ssl.c:1131)> (caused by URLError(SSLCertVerifica
> tionError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate
> verify failed: unable to get local issuer
> certificate (_ssl.c:1131)')))
>
>
>
> On 9/16/22 17:33, James Mcphee via PLUG-discuss wrote:
>> check out the verification of the cert chain. it works for
>> me with a new build of 20.04, so it might be that you need to
>> add or update your truststore.
>> openssl s_client -connect www.gutenberg.org:443
>> <http://www.gutenberg.org:443> < /dev/null | openssl x509
>> -text -noout
>>
>> up there at the top, this is what it looks like when it works
>> depth=2 C = US, ST = New Jersey, L = Jersey City, O = The
>> USERTRUST Network, CN = USERTrust RSA Certification Authority
>> verify return:1
>> depth=1 C = US, ST = VA, L = Herndon, O = Network Solutions
>> L.L.C., CN = Network Solutions OV Server CA 2
>> verify return:1
>> depth=0 C = US, ST = Utah, L = Salt Lake City, O = Project
>> Gutenberg Literary Archive Foundation, CN = *.gutenberg.org
>> <http://gutenberg.org>
>> verify return:1
>> DONE
>>
>> I can see that i have that usertrust network cert in
>> /etc/ssl/certs, so all is good. if i had to add one i'd have
>> then run update-ca-certicates.
>>
>> On Fri, Sep 16, 2022 at 2:17 PM Jim via PLUG-discuss
>> <plug-discuss@lists.phxlinux.org> wrote:
>>
>> This has been bugging me for a while, but today it's
>> annoying me to the point I want to fix it. Wget gives me
>> an error whenever I try to use it. I have no problem
>> getting files using a web browser. Here's an example.
>> Using firefox I was able to download the file, but this
>> can be a pain in the butt when I'm trying to add a
>> repository. I have Ubuntu 20.04 installed.
>>
>>
>> $ wget https://www.gutenberg.org/ebooks/68992.epub.images
>> --2022-09-16 14:08:02--
>> https://www.gutenberg.org/ebooks/68992.epub.images
>> Resolving www.gutenberg.org <http://www.gutenberg.org>
>> (www.gutenberg.org <http://www.gutenberg.org>)...
>> 152.19.134.47, 2610:28:3090:3000:0:bad:cafe:47
>> Connecting to www.gutenberg.org
>> <http://www.gutenberg.org> (www.gutenberg.org
>> <http://www.gutenberg.org>)|152.19.134.47|:443... connected.
>> ERROR: cannot verify www.gutenberg.org's
>> <http://www.gutenberg.org's> certificate, issued by
>> ‘CN=Network Solutions OV Server CA 2
>> ,O=Network Solutions L.L.C.,L=Herndon,ST=VA,C=US’:
>> Self-signed certificate encountered.
>> To connect to www.gutenberg.org
>> <http://www.gutenberg.org> insecurely, use
>> `--no-check-certificate'.
>>
>> Any idea how to fix this? thanks
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>>
>> --
>> James McPhee
>> jmcphe@gmail.com
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> --
> James McPhee
> jmcphe@gmail.com
>
> ---------------------------------------------------
> PLUG-discuss mailing list:PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss---------------------------------------------------
PLUG-discuss mailing list:
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)