* Strange certificate problem with wget
@ 2014-05-19 9:25 Neuer User
2014-05-19 9:32 ` Burton, Ross
0 siblings, 1 reply; 11+ messages in thread
From: Neuer User @ 2014-05-19 9:25 UTC (permalink / raw)
To: yocto
Hello
I need to use wget with https support in my image. So I added "wget" to
my packages.
The problem is that it doesn't seem to find the installed certificates:
# wget https://www.google.com
--2014-05-19 11:20:42-- https://www.google.com/
Resolving www.google.com... 173.194.113.242, 173.194.113.241,
173.194.113.244, ...
Connecting to www.google.com|173.194.113.242|:443... connected.
ERROR: cannot verify www.google.com's certificate, issued by
'/C=US/O=Google Inc/CN=Google Internet Authority G2':
Unable to locally verify the issuer's authority.
To connect to www.google.com insecurely, use `--no-check-certificate'.
No problem, when using curl instead.
Seems, I am missing something pretty obvious. Can anybody hint me into
the right direction?
Thanks
Michael
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Strange certificate problem with wget
2014-05-19 9:25 Strange certificate problem with wget Neuer User
@ 2014-05-19 9:32 ` Burton, Ross
2014-05-19 9:35 ` Neuer User
0 siblings, 1 reply; 11+ messages in thread
From: Burton, Ross @ 2014-05-19 9:32 UTC (permalink / raw)
To: Neuer User; +Cc: yocto
On 19 May 2014 10:25, Neuer User <auslands-kv@gmx.de> wrote:
> I need to use wget with https support in my image. So I added "wget" to
> my packages.
>
> The problem is that it doesn't seem to find the installed certificates:
By "installed certificates" you mean that you installed
ca-certificates into the image, right?
Ross
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Strange certificate problem with wget
2014-05-19 9:32 ` Burton, Ross
@ 2014-05-19 9:35 ` Neuer User
2014-05-19 10:56 ` Paul Barker
0 siblings, 1 reply; 11+ messages in thread
From: Neuer User @ 2014-05-19 9:35 UTC (permalink / raw)
To: yocto
Am 19.05.2014 11:32, schrieb Burton, Ross:
> On 19 May 2014 10:25, Neuer User <auslands-kv@gmx.de> wrote:
>> I need to use wget with https support in my image. So I added "wget" to
>> my packages.
>>
>> The problem is that it doesn't seem to find the installed certificates:
>
> By "installed certificates" you mean that you installed
> ca-certificates into the image, right?
>
> Ross
>
Yeah, exactly.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Strange certificate problem with wget
2014-05-19 9:35 ` Neuer User
@ 2014-05-19 10:56 ` Paul Barker
2014-05-19 12:02 ` Neuer User
0 siblings, 1 reply; 11+ messages in thread
From: Paul Barker @ 2014-05-19 10:56 UTC (permalink / raw)
To: Neuer User; +Cc: Yocto discussion list
On 19 May 2014 10:35, Neuer User <auslands-kv@gmx.de> wrote:
> Am 19.05.2014 11:32, schrieb Burton, Ross:
>> On 19 May 2014 10:25, Neuer User <auslands-kv@gmx.de> wrote:
>>> I need to use wget with https support in my image. So I added "wget" to
>>> my packages.
>>>
>>> The problem is that it doesn't seem to find the installed certificates:
>>
>> By "installed certificates" you mean that you installed
>> ca-certificates into the image, right?
>>
>> Ross
>>
> Yeah, exactly.
>
If you run 'wget --version' you should be able to find out if you're
running busybox wget or gnu wget. I assume you're expecting gnu wget
as you added wget to your packages, but it's worth quickly checking
that the correct binary is being executed.
Thanks,
--
Paul Barker
Email: paul@paulbarker.me.uk
http://www.paulbarker.me.uk
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Strange certificate problem with wget
2014-05-19 10:56 ` Paul Barker
@ 2014-05-19 12:02 ` Neuer User
2014-05-21 9:37 ` Neuer User
0 siblings, 1 reply; 11+ messages in thread
From: Neuer User @ 2014-05-19 12:02 UTC (permalink / raw)
To: yocto
Am 19.05.2014 12:56, schrieb Paul Barker:
> On 19 May 2014 10:35, Neuer User <auslands-kv@gmx.de> wrote:
>> Am 19.05.2014 11:32, schrieb Burton, Ross:
>>> On 19 May 2014 10:25, Neuer User <auslands-kv@gmx.de> wrote:
>>>> I need to use wget with https support in my image. So I added "wget" to
>>>> my packages.
>>>>
>>>> The problem is that it doesn't seem to find the installed certificates:
>>>
>>> By "installed certificates" you mean that you installed
>>> ca-certificates into the image, right?
>>>
>>> Ross
>>>
>> Yeah, exactly.
>>
>
> If you run 'wget --version' you should be able to find out if you're
> running busybox wget or gnu wget. I assume you're expecting gnu wget
> as you added wget to your packages, but it's worth quickly checking
> that the correct binary is being executed.
>
> Thanks,
>
~# wget --version
GNU Wget 1.14 built on linux-gnueabi.
+digest +https +ipv6 -iri -large-file +nls +ntlm +opie +ssl/openssl
Wgetrc:
/etc/wgetrc (system)
Locale: /usr/share/locale
Compile: arm-poky-linux-gnueabi-gcc -march=armv7-a -mthumb-interwork
-mfloat-abi=hard -mfpu=neon -mtune=cortex-a9
--sysroot=/home/ubuntu/yocto/build/tmp/sysroots/cubox-i
-DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc"
-DLOCALEDIR="/usr/share/locale" -I.
-I/home/ubuntu/yocto/build/tmp/work/cortexa9hf-vfp-neon-poky-linux-gnueabi/wget/1.14-r16.0/wget-1.14/src
-I../lib
-I/home/ubuntu/yocto/build/tmp/work/cortexa9hf-vfp-neon-poky-linux-gnueabi/wget/1.14-r16.0/wget-1.14/lib
-O2 -pipe -g -feliminate-unused-debug-types
Link: arm-poky-linux-gnueabi-gcc -march=armv7-a -mthumb-interwork
-mfloat-abi=hard -mfpu=neon -mtune=cortex-a9
--sysroot=/home/ubuntu/yocto/build/tmp/sysroots/cubox-i -O2 -pipe
-g -feliminate-unused-debug-types -Wl,-O1 -Wl,--hash-style=gnu
-Wl,--as-needed -lssl
/home/ubuntu/yocto/build/tmp/sysroots/cubox-i/lib/libcrypto.so -lz
-ldl -lz -lz -lpcre ftp-opie.o openssl.o http-ntlm.o
../lib/libgnu.a
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
Please send bug reports and questions to <bug-wget@gnu.org>.
Looks, as if I get the right one, but strangely without working
certificates check...
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Strange certificate problem with wget
2014-05-19 12:02 ` Neuer User
@ 2014-05-21 9:37 ` Neuer User
2014-05-21 10:27 ` Burton, Ross
0 siblings, 1 reply; 11+ messages in thread
From: Neuer User @ 2014-05-21 9:37 UTC (permalink / raw)
To: yocto
Nobody any idea?
I really need certificate support in wget. What am I missing? I guess,
it is a very stupid error on my side, but I just don't know which.
Michael
Am 19.05.2014 14:02, schrieb Neuer User:
> Am 19.05.2014 12:56, schrieb Paul Barker:
>> On 19 May 2014 10:35, Neuer User <auslands-kv@gmx.de> wrote:
>>> Am 19.05.2014 11:32, schrieb Burton, Ross:
>>>> On 19 May 2014 10:25, Neuer User <auslands-kv@gmx.de> wrote:
>>>>> I need to use wget with https support in my image. So I added "wget" to
>>>>> my packages.
>>>>>
>>>>> The problem is that it doesn't seem to find the installed certificates:
>>>>
>>>> By "installed certificates" you mean that you installed
>>>> ca-certificates into the image, right?
>>>>
>>>> Ross
>>>>
>>> Yeah, exactly.
>>>
>>
>> If you run 'wget --version' you should be able to find out if you're
>> running busybox wget or gnu wget. I assume you're expecting gnu wget
>> as you added wget to your packages, but it's worth quickly checking
>> that the correct binary is being executed.
>>
>> Thanks,
>>
> ~# wget --version
> GNU Wget 1.14 built on linux-gnueabi.
>
> +digest +https +ipv6 -iri -large-file +nls +ntlm +opie +ssl/openssl
>
> Wgetrc:
> /etc/wgetrc (system)
> Locale: /usr/share/locale
> Compile: arm-poky-linux-gnueabi-gcc -march=armv7-a -mthumb-interwork
> -mfloat-abi=hard -mfpu=neon -mtune=cortex-a9
> --sysroot=/home/ubuntu/yocto/build/tmp/sysroots/cubox-i
> -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc"
> -DLOCALEDIR="/usr/share/locale" -I.
>
> -I/home/ubuntu/yocto/build/tmp/work/cortexa9hf-vfp-neon-poky-linux-gnueabi/wget/1.14-r16.0/wget-1.14/src
> -I../lib
> -I/home/ubuntu/yocto/build/tmp/work/cortexa9hf-vfp-neon-poky-linux-gnueabi/wget/1.14-r16.0/wget-1.14/lib
> -O2 -pipe -g -feliminate-unused-debug-types
> Link: arm-poky-linux-gnueabi-gcc -march=armv7-a -mthumb-interwork
> -mfloat-abi=hard -mfpu=neon -mtune=cortex-a9
> --sysroot=/home/ubuntu/yocto/build/tmp/sysroots/cubox-i -O2 -pipe
> -g -feliminate-unused-debug-types -Wl,-O1 -Wl,--hash-style=gnu
> -Wl,--as-needed -lssl
> /home/ubuntu/yocto/build/tmp/sysroots/cubox-i/lib/libcrypto.so -lz
> -ldl -lz -lz -lpcre ftp-opie.o openssl.o http-ntlm.o
> ../lib/libgnu.a
>
> Copyright (C) 2011 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://www.gnu.org/licenses/gpl.html>.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
> Please send bug reports and questions to <bug-wget@gnu.org>.
>
>
> Looks, as if I get the right one, but strangely without working
> certificates check...
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Strange certificate problem with wget
2014-05-21 9:37 ` Neuer User
@ 2014-05-21 10:27 ` Burton, Ross
2014-05-21 10:56 ` Neuer User
` (2 more replies)
0 siblings, 3 replies; 11+ messages in thread
From: Burton, Ross @ 2014-05-21 10:27 UTC (permalink / raw)
To: Neuer User; +Cc: yocto
On 21 May 2014 10:37, Neuer User <auslands-kv@gmx.de> wrote:
> I really need certificate support in wget. What am I missing? I guess,
> it is a very stupid error on my side, but I just don't know which.
Try passing --ca-certificate=/etc/ssl/certs/ca-certificates.crt to
verify that wget works if you tell it exactly where the certificate
bundle is.
Ross
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Strange certificate problem with wget
2014-05-21 10:27 ` Burton, Ross
@ 2014-05-21 10:56 ` Neuer User
2014-05-21 11:25 ` Neuer User
[not found] ` <537C84D4.3030302@gmx.de>
2 siblings, 0 replies; 11+ messages in thread
From: Neuer User @ 2014-05-21 10:56 UTC (permalink / raw)
To: yocto
Thanks Paul.
That's it. It does't seem to know where they are. If I add the option
with the path, it works.
Do I miss something in my local.conf?
Cheers
Michael
Am 21.05.2014 12:27, schrieb Burton, Ross:
> On 21 May 2014 10:37, Neuer User <auslands-kv@gmx.de> wrote:
>> I really need certificate support in wget. What am I missing? I guess,
>> it is a very stupid error on my side, but I just don't know which.
>
> Try passing --ca-certificate=/etc/ssl/certs/ca-certificates.crt to
> verify that wget works if you tell it exactly where the certificate
> bundle is.
>
> Ross
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Strange certificate problem with wget
2014-05-21 10:27 ` Burton, Ross
2014-05-21 10:56 ` Neuer User
@ 2014-05-21 11:25 ` Neuer User
[not found] ` <537C84D4.3030302@gmx.de>
2 siblings, 0 replies; 11+ messages in thread
From: Neuer User @ 2014-05-21 11:25 UTC (permalink / raw)
To: yocto; +Cc: yocto-EtnWKYl6rD/WsZ/bQMPhNw@public.gmane.org
Very sorry for mixing up your name with Pauls, Ross.
Sorry,
Michael
------------------------------------------------------
Thanks Paul.
That's it. It does't seem to know where they are. If I add the option
with the path, it works.
Do I miss something in my local.conf?
Cheers
Michael
Am 21.05.2014 12:27, schrieb Burton, Ross:
> On 21 May 2014 10:37, Neuer User <auslands-kv@gmx.de> wrote:
>> I really need certificate support in wget. What am I missing? I guess,
>> it is a very stupid error on my side, but I just don't know which.
>
> Try passing --ca-certificate=/etc/ssl/certs/ca-certificates.crt to
> verify that wget works if you tell it exactly where the certificate
> bundle is.
>
> Ross
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Strange certificate problem with wget
[not found] ` <537C84D4.3030302@gmx.de>
@ 2014-05-21 15:02 ` Burton, Ross
2014-05-23 17:30 ` Neuer User
0 siblings, 1 reply; 11+ messages in thread
From: Burton, Ross @ 2014-05-21 15:02 UTC (permalink / raw)
To: yocto
On 21 May 2014 11:49, Auslands-KV <auslands-kv@gmx.de> wrote:
> That's it. It does't seem to know where they are. If I add the option
> with the path, it works.
>
> Do I miss something in my local.conf?
No, OpenSSL should know where they are out of this, this is probably a
problem with the OpenSSL recipe.
GnuTLS is known to integrate better in general, so you might want to
try applying this patch to switch wget to GnuTLS:
http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/commit/?id=8f42471e4bd5505a1f2766bbc675d23e078dfdc7
Ross
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: Strange certificate problem with wget
2014-05-21 15:02 ` Burton, Ross
@ 2014-05-23 17:30 ` Neuer User
0 siblings, 0 replies; 11+ messages in thread
From: Neuer User @ 2014-05-23 17:30 UTC (permalink / raw)
To: yocto
Btw, this works beautifully. Thanks a lot!
Michael
Am 21.05.2014 17:02, schrieb Burton, Ross:
> On 21 May 2014 11:49, Auslands-KV <auslands-kv@gmx.de> wrote:
>> That's it. It does't seem to know where they are. If I add the option
>> with the path, it works.
>>
>> Do I miss something in my local.conf?
>
> No, OpenSSL should know where they are out of this, this is probably a
> problem with the OpenSSL recipe.
>
> GnuTLS is known to integrate better in general, so you might want to
> try applying this patch to switch wget to GnuTLS:
>
> http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/commit/?id=8f42471e4bd5505a1f2766bbc675d23e078dfdc7
>
> Ross
>
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2014-05-23 17:31 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-05-19 9:25 Strange certificate problem with wget Neuer User
2014-05-19 9:32 ` Burton, Ross
2014-05-19 9:35 ` Neuer User
2014-05-19 10:56 ` Paul Barker
2014-05-19 12:02 ` Neuer User
2014-05-21 9:37 ` Neuer User
2014-05-21 10:27 ` Burton, Ross
2014-05-21 10:56 ` Neuer User
2014-05-21 11:25 ` Neuer User
[not found] ` <537C84D4.3030302@gmx.de>
2014-05-21 15:02 ` Burton, Ross
2014-05-23 17:30 ` Neuer User
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.