[aur-general] github switched to SSL everywhere

Chris van Dijk quigybo at hotmail.com
Sat Nov 6 07:28:58 CET 2010


Recently github switched over to using SSL for their entire website
[1]. Currently wget does not accept the wildcard *.github.com in the
certificate:

$ wget http://github.com/
--2010-11-06 15:45:12--  http://github.com/
Resolving github.com... 207.97.227.239
Connecting to github.com|207.97.227.239|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://github.com/ [following]
--2010-11-06 15:45:12--  https://github.com/
Connecting to github.com|207.97.227.239|:443... connected.
ERROR: certificate common name `*.github.com' doesn't match requested
host name `github.com'.
To connect to github.com insecurely, use `--no-check-certificate'.

This can be solved/worked around by passing --no-check-certificate to
wget, something that makepkg does by default (DLAGENTS in
/etc/makepkg.conf) _only_ for sources with the protocol https://. It
does not do this for http sources, and of course does not know about
any redirects to https.

So my question is, what is the recommended course of action here,
updating all PKGBUILDs that grab from github to point to the https
source? Or is it wget's problem and we should just wait for an update?
It has been fixed in wget's git repo but not released yet [2].

FYI: This is known to the github people, and they consider it wget's
issue [3].

[1] https://github.com/blog/738-sidejack-prevention-phase-2-ssl-everywhere
[2] https://savannah.gnu.org/bugs/index.php?20421
[3] http://support.github.com/discussions/repos/4702-cannot-download-via-wget-any-longer


More information about the aur-general mailing list