LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page wget SSL error
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-21-2016, 03:48 PM   #1
Leaskovski
LQ Newbie
 
Registered: May 2015
Distribution: Raspbian
Posts: 3

Rep: Reputation: Disabled
wget SSL error

Hi Guys,

I recently had to recover my Raspberry PI from a backed up image, and after the restore, I am noticing some issues with using wget with a HTTPS website. I don't know if it is related to the restore or not, so I though I would include that piece of information in case it is.

Anyway, I am running...

Code:
wget -d -U "rinker.sh wget 1.0" --http-user=***** --http-password=***** "https://nic.changeip.com/nic/update?cmd=update"
...as part of a bash script that is cron'd to run every so often to make sure that my dynamic DNS provider is updated. When the above part of the script is run, and when I run it manually, SSL reports back that it failed...

Code:
Setting --user-agent (useragent) to rinker.sh wget 1.0
Setting --http-user (httpuser) to *****
Setting --http-password (httppassword) to *****
DEBUG output created by Wget 1.13.4 on linux-gnueabihf.

URI encoding = `UTF-8'
--2016-01-21 13:43:43--  https://nic.changeip.com/nic/update?cmd=update
Host `nic.changeip.com' has not issued a general basic challenge.
Resolving nic.changeip.com (nic.changeip.com)... 170.178.190.165
Caching nic.changeip.com => 170.178.190.165
Connecting to nic.changeip.com (nic.changeip.com)|170.178.190.165|:443... connected.
Created socket 4.
Releasing 0x0149b7b8 (new refcount 1).
GnuTLS: A TLS warning alert has been received.
Closed fd 4
Unable to establish SSL connection.
Now, I have been doing some digging, and I think the issue is to do with certificates, as if I run OpenSSL to debug the connection...

Code:
openssl s_client -connect nic.changeip.com:443
It gives me the following error...

Code:
verify error:num=19:self signed certificate in certificate chain
So, I thought that if I add the "--no-check-certificate" option to wget, it would solve my issue, but alas, this has no effect.

Any ideas as to what is happening? I have run an apt-get update and installed the ca-certificates package, but this hasn't had any effect either.

Thanks
 
Old 01-22-2016, 08:34 AM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
OpenSSL doesn't always find the root certificates unless you tell it to. What OS is this? Looks like Debian or Ubuntu? Try:
Code:
openssl s_client -connect nic.changeip.com:443 -CApath /etc/ssl/certs/
Gives for me (testing on a Debian 7 system):
Code:
Verify return code: 0 (ok)
But if you see the wget output, it's not using OpenSSL, it's using gnutls. So using gnutils-bin:

Code:
$ echo | gnutls-cli nic.changeip.com -p 443 
Resolving 'nic.changeip.com'...
Connecting to '170.178.190.165:443'...
*** Non fatal error: A TLS warning alert has been received.
*** Received alert [112]: The server name sent was not recognized
...
Googling that alert line, it appears to be an upstream bug in wget. So your options are: update wget (upgrade the OS or compile 1.15+ yourself), or use a different tool like curl.
 
1 members found this post helpful.
Old 01-22-2016, 09:58 AM   #3
Leaskovski
LQ Newbie
 
Registered: May 2015
Distribution: Raspbian
Posts: 3

Original Poster
Rep: Reputation: Disabled
Brilliant, thanks! I wondered why openssl worked when I passed it the ca-certificates folder and wget didn't... that explains it! Gievn that it doesn't look like wget is getting an update any time soon on rasbian, I have switched to curl, as like you say, that seems to work fine.

Cheers!
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR 2026 (HY000): SSL connection error: SSL_CTX_set_default_verify_paths failed prw8864 Linux - Software 1 11-15-2014 09:24 PM
using wget to authenticate a SSL web page AKviking Linux - General 5 07-08-2012 01:50 AM
[SOLVED] Error on SVN checkout: SSL handshake failed: SSL error: Key usage violation in certif jsaravana87 Linux - Server 3 05-07-2012 10:00 AM
sendmail: STARTTLS read error=generic SSL error.... All of a sudden! 3dMaster Linux - Server 2 12-08-2010 05:41 AM
Linux Citrix Receiver gives me error: provider code 20 SSL error 86 ebeyer Linux - Networking 1 09-16-2009 11:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:21 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration