From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Date: Fri, 9 Sep 2005 18:45:05 +0400 From: Sergey Vlasov To: sisyphus@altlinux.ru Subject: Re: [sisyphus] Re: wget: bugzilla.altlinux.org: unable to get local issuer certificate Message-ID: <20050909144505.GB30519@master.mivlgu.local> Mail-Followup-To: sisyphus@altlinux.ru References: <20050901190724.GA5664@basalt.office.altlinux.org> <20050908075020.GE3539@solemn.turbinal.org> <20050908125034.GW6899@osdn.org.ua> <20050909012836.GG3539@solemn.turbinal.org> <20050909091543.GV6899@osdn.org.ua> <20050909103228.GX3539@solemn.turbinal.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ALfTUftag+2gvp1h" Content-Disposition: inline In-Reply-To: X-BeenThere: sisyphus@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ALT Linux Sisyphus discussion list List-Id: ALT Linux Sisyphus discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Sep 2005 14:45:07 -0000 Archived-At: List-Archive: --ALfTUftag+2gvp1h Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Sep 09, 2005 at 05:32:46PM +0400, Anton Farygin wrote: > On Fri, 09 Sep 2005 14:32:28 +0400, Alexey Tourbin wrote: >=20 > > On Fri, Sep 09, 2005 at 12:15:43PM +0300, Michael Shigorin wrote: > >> > > =EE=C5 =D0=CF=CE=D1=CC. wget =D0=CF=C8=CF=C4=D5 =D7=CF=CF=C2=DD= =C5 "=D3=CC=CF=CD=C1=CE" =D0=CF > >> > > =DE=C1=D3=D4=C9 https. > >> > =F0=CF=D0=D2=CF=C2=D5=CA curl, =CF=CE =C2=CF=CC=C5=C5 =CB=D2=D5=D4 = =D7 =DC=D4=CF=CD =D0=CC=C1=CE=C5 > >> > =DE=C5=CD wget =C5=D3=D4=D8 =C5=DD=C5 libcurl, =CD=CF=D6=C5=D4 =C2= =D9=D4=D8 =C5=D3=D4=D8 > >> > =CB=C1=CB=C1=D1-=D4=CF =CF=C2=D7=D1=DA=CB=C1 =CB =CE=C5=CA =C4=CC=D1= perl'=C1 > >> =EB=D3=D4=C1=D4=C9, =C4=C1. > >=20 > > =F5=CA, =CE=CF =C4=CF=CC=D6=C5=CE =C2=D9=D4=D8 =CB=C1=CB=CF=CA-=CE=C9= =C2=D5=C4=D8 > > =D3=D4=C1=CE=C4=C1=D2=D4=CE=D9=CA =C9=CE=D3=D4=D2=D5=CD=C5=CE=D4 =D0=CF= =C4 =CE=C1=DA=D7=C1=CE=C9=C5=CD > > "=D3=CB=C1=DE=C1=D4=D8 =D5=D2=CC =C9 =D0=CF=CC=CF=D6=C9=D4=D8 =D7 =C6= =C1=CA=CC=CF". =F4=C5=CD > > =C2=CF=CC=C5=C5 =DE=D4=CF wget -- =E7=EE=F5=D4=D9=CA. >=20 > =C9=CE=D3=D4=D2=D5=CD=C5=CE=D4 =C5=D3=D4=D8. =CE=C1=DA=D9=D7=C1=C5=D4=D3= =D1 curl >=20 > curl url >=C6=C1=CA=CC $ curl https://bugzilla.altlinux.ru/ >/dev/null; echo $? =20 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify = failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle.crt; you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. 60 =F4=C1=CB =DE=D4=CF =CE=D5=D6=CE=CF =C9=CC=C9 =C4=CF=C2=C1=D7=CC=D1=D4=D8 = =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4 CA (=D2=C1=DA =D5=D6 =CF=CE =CC=C5=D7=D9=CA)= =D7 =D3=CF=CF=D4=D7=C5=D4=D3=D4=D7=D5=C0=DD=C9=CA =C6=C1=CA=CC, =C9=CC=C9 =DA= =C1=C2=C9=D4=D8 =CE=C1 =C2=C5=DA=CF=D0=C1=D3=CE=CF=D3=D4=D8 =C9 =CF=D4=D2= =D5=C2=C9=D4=D8 =D0=D2=CF=D7=C5=D2=CB=D5. =F0=D2=C9=DE=A3=CD wget =C9=DD=C5=D4 =D3=C5=D2=D4=C9=C6=C9=CB=C1=D4=D9 =D7 = /var/lib/ssl/cert.pem, =C1 curl - =D7 /usr/share/curl/curl-ca-bundle.crt. --ALfTUftag+2gvp1h Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDIZ/xW82GfkQfsqIRAkmAAJwKebqbAw4EIBLDXrpnBFu1iuGhLwCeLYgV nS4Ln9OgMfvIzYpDYuQkRhM= =k4Ky -----END PGP SIGNATURE----- --ALfTUftag+2gvp1h--