[kwlug-disc] wget and --no-check-certificates with Unlimitel

unsolicited unsolicited at swiz.ca
Sun Jun 5 02:02:39 EDT 2011


Paul Nijjar wrote, On 06/05/2011 12:10 AM:
> On Sat, Jun 04, 2011 at 11:57:18PM -0400, Bob Jonkman wrote:
>> If the certificate is issued to primus.ca, but the URL you're accessing  
>> is unlimitel.ca then you'll get errors.  But I don't know if that's the  
>> meaning of "Unable to locally verify the issuer's authority".
>>
>> Unlimitel was recently bought by Primus, so up to now they may have been  
>> using certificates issued to unlimitel.ca, which matches the URL.
> 
> Here is what Firefox reports about the cert (at
> https://api.unlimitel.ca): 
> 
> Issued To
> Common Name (CN)		*.unlimitel.ca
> Organization (O)		Primus Telecommunications Canada Inc
> Organizational Unit (OU)	<Not Part Of Certificate>
> Serial Number			00:82:F5
> 
> Issued By
> Common Name (CN)		GeoTrust SSL CA
> Organization (O)		GeoTrust, Inc.
> Organizational Unit (OU)	<Not Part Of Certificate>
> 
> Validity
> Issued On			4/3/2011
> Expires On			4/6/2014
> 
> There is fingerprint information too, but you could look that up.
> 
> This suggests that the certs should not give me errors (and they don't
> in Firefox) but that they have been changed with the sale to Primus.
> 
> However, I don't know why this would make wget confused.

wget bug, maybe?

Have you asked the wget developers?

Do other browsers report issues? (Suppose FireFox has special smarts 
for ignoring these rude, but prevalent, certificate errors in the 
wild?) [If this is a certificate error.] e.g. I'm trying to remember, 
but isn't it Opera that claims strict adherence to standards? If so, 
and it doesn't complain, then would that not point towards wget as the 
culprit?

Get the source and set a breakpiont? Heck, get the source anyways, 
perhaps there are code comments near the issuance of the error that 
will explain things?



More information about the kwlug-disc mailing list