[aur-general] github switched to SSL everywhere
Recently github switched over to using SSL for their entire website [1]. Currently wget does not accept the wildcard *.github.com in the certificate: $ wget http://github.com/ --2010-11-06 15:45:12-- http://github.com/ Resolving github.com... 207.97.227.239 Connecting to github.com|207.97.227.239|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://github.com/ [following] --2010-11-06 15:45:12-- https://github.com/ Connecting to github.com|207.97.227.239|:443... connected. ERROR: certificate common name `*.github.com' doesn't match requested host name `github.com'. To connect to github.com insecurely, use `--no-check-certificate'. This can be solved/worked around by passing --no-check-certificate to wget, something that makepkg does by default (DLAGENTS in /etc/makepkg.conf) _only_ for sources with the protocol https://. It does not do this for http sources, and of course does not know about any redirects to https. So my question is, what is the recommended course of action here, updating all PKGBUILDs that grab from github to point to the https source? Or is it wget's problem and we should just wait for an update? It has been fixed in wget's git repo but not released yet [2]. FYI: This is known to the github people, and they consider it wget's issue [3]. [1] https://github.com/blog/738-sidejack-prevention-phase-2-ssl-everywhere [2] https://savannah.gnu.org/bugs/index.php?20421 [3] http://support.github.com/discussions/repos/4702-cannot-download-via-wget-an...
On 11/06/2010 08:28 AM, Chris van Dijk wrote:
Recently github switched over to using SSL for their entire website [1]. Currently wget does not accept the wildcard *.github.com in the certificate:
$ wget http://github.com/ --2010-11-06 15:45:12-- http://github.com/ Resolving github.com... 207.97.227.239 Connecting to github.com|207.97.227.239|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://github.com/ [following] --2010-11-06 15:45:12-- https://github.com/ Connecting to github.com|207.97.227.239|:443... connected. ERROR: certificate common name `*.github.com' doesn't match requested host name `github.com'. To connect to github.com insecurely, use `--no-check-certificate'.
do you have ca-certificates installed? -- Ionuț
On Sat, 06 Nov 2010 09:29:18 +0200 Ionuț Bîru <ibiru@archlinux.org> wrote:
On 11/06/2010 08:28 AM, Chris van Dijk wrote:
Recently github switched over to using SSL for their entire website [1]. Currently wget does not accept the wildcard *.github.com in the certificate:
$ wget http://github.com/ --2010-11-06 15:45:12-- http://github.com/ Resolving github.com... 207.97.227.239 Connecting to github.com|207.97.227.239|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://github.com/ [following] --2010-11-06 15:45:12-- https://github.com/ Connecting to github.com|207.97.227.239|:443... connected. ERROR: certificate common name `*.github.com' doesn't match requested host name `github.com'. To connect to github.com insecurely, use `--no-check-certificate'.
do you have ca-certificates installed?
$ pacman -Q ca-certificates ca-certificates 20090814-3
Am 06.11.2010 08:29, schrieb Ionuț Bîru:
$ wget http://github.com/ --2010-11-06 15:45:12-- http://github.com/ Resolving github.com... 207.97.227.239 Connecting to github.com|207.97.227.239|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://github.com/ [following] --2010-11-06 15:45:12-- https://github.com/ Connecting to github.com|207.97.227.239|:443... connected. ERROR: certificate common name `*.github.com' doesn't match requested host name `github.com'. To connect to github.com insecurely, use `--no-check-certificate'.
do you have ca-certificates installed?
wget is broken, and it will probably always remain that way.
On 06/11/10 20:34, Thomas Bächler wrote:
Am 06.11.2010 08:29, schrieb Ionuț Bîru:
$ wget http://github.com/ --2010-11-06 15:45:12-- http://github.com/ Resolving github.com... 207.97.227.239 Connecting to github.com|207.97.227.239|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://github.com/ [following] --2010-11-06 15:45:12-- https://github.com/ Connecting to github.com|207.97.227.239|:443... connected. ERROR: certificate common name `*.github.com' doesn't match requested host name `github.com'. To connect to github.com insecurely, use `--no-check-certificate'.
do you have ca-certificates installed?
wget is broken, and it will probably always remain that way.
Well, there is a patch, but it is in a bzr repo and I am too lazy to figure out how to get a patch out of one of those...
On Sat, Nov 6, 2010 at 8:40 AM, Allan McRae <allan@archlinux.org> wrote:
Well, there is a patch, but it is in a bzr repo and I am too lazy to figure out how to get a patch out of one of those...
The original bug report references this one: https://savannah.gnu.org/bugs/?23934 There's a raw patch that applies to wget 1.12, see comment #4. -- A: Because it obfuscates the reading. Q: Why is top posting so bad? ------------------------------------------- Denis A. Altoe Falqueto Linux user #524555 -------------------------------------------
I believe this also explains why I'm having problem with yaourt too. Despite I've tried git packages it didn't work out for me. --- Quis custodiet ipsos custodes? 2010/11/6 Denis A. Altoé Falqueto <denisfalqueto@gmail.com>
On Sat, Nov 6, 2010 at 8:40 AM, Allan McRae <allan@archlinux.org> wrote:
Well, there is a patch, but it is in a bzr repo and I am too lazy to figure out how to get a patch out of one of those...
The original bug report references this one:
https://savannah.gnu.org/bugs/?23934
There's a raw patch that applies to wget 1.12, see comment #4.
-- A: Because it obfuscates the reading. Q: Why is top posting so bad?
------------------------------------------- Denis A. Altoe Falqueto Linux user #524555 -------------------------------------------
participants (6)
-
Allan McRae
-
Alper KANAT
-
Chris van Dijk
-
Denis A. Altoé Falqueto
-
Ionuț Bîru
-
Thomas Bächler