web-dev-qa-db-fra.com

wget n'accepte pas le certificat de google

J'utilise wget dans un travail cron pour télécharger mon agenda google. Je sais que ça fonctionnait encore la semaine dernière. Aujourd'hui, j'ai remarqué que ce n'était plus le cas. wget n'accepte pas le certificat de Google:

$ wget --debug  https://www.google.com/calendar/ical/<private-id>/basic.ics
> DEBUG output created by Wget 1.12 on linux-gnu.

--2013-07-26 12:36:31--  https://www.google.com/
Resolving www.google.com... 109.105.109.234, 109.105.109.223, 109.105.109.208, ...
Caching www.google.com => 109.105.109.234 109.105.109.223 109.105.109.208 109.105.109.249 109.105.109.229 109.105.109.219 109.105.109.245 109.105.109.227 109.105.109.240 109.105.109.230 109.105.109.241 109.105.109.212 109.105.109.251 109.105.109.216 109.105.109.238 109.105.109.218 2a00:1450:400f:803::1012
Connecting to www.google.com|109.105.109.234|:443... connected.
Created socket 3.
Releasing 0x09046cf8 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0x09047090
certificate:
  subject: /C=US/ST=California/O=Google Inc/CN=google.com
  issuer:  /C=US/O=Google Inc/CN=Google Internet Authority
ERROR: certificate common name `google.com' doesn't match requested Host name `www.google.com'.
To connect to www.google.com insecurely, use `--no-check-certificate'.
Closed 3/SSL 0x09047090

Donc, wget ne veut pas faire correspondre google.com avec www.google.com. Ce qui est bizarre. Les certificats semblent aller bien. curl fonctionne:

curl -v https://www.google.com/calendar/ical/<private-id>/basic.ics
* About to connect() to www.google.com port 443 (#0)
*   Trying 109.105.109.219... connected
* Connected to www.google.com (109.105.109.219) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-RC4-SHA
* Server certificate:
*    subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com
*    start date: 2013-07-12 08:56:36 GMT
*    expire date: 2013-10-31 23:59:59 GMT
*    subjectAltName: www.google.com matched
*    issuer: C=US; O=Google Inc; CN=Google Internet Authority
*    SSL certificate verify ok.
> GET /calendar/ical/<private-id>/basic.ics HTTP/1.1
> User-Agent: curl/7.21.6 (i686-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3
> Host: www.google.com
> Accept: */*
> 
< HTTP/1.1 200 OK
< Expires: Fri, 01 Jan 1990 00:00:00 GMT
< Date: Fri, 26 Jul 2013 10:42:18 GMT
< Content-Type: text/calendar; charset=UTF-8
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Transfer-Encoding: chunked
< 
...

Ce n'est pas terrible, je peux simplement utiliser curl à la place. Mais quand même - pourquoi ça ne marche pas?

Mon système est:

$ wget --version
> GNU Wget 1.12 built on linux-gnu.

+digest +ipv6 +nls +ntlm +opie +md5/openssl +https -gnutls +openssl 
-iri 

Wgetrc: 
    /etc/wgetrc (system)
Locale: /usr/share/locale 
Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc" 
    -DLOCALEDIR="/usr/share/locale" -I. -I../lib -g -O2 -DNO_SSLv2 
    -D_FILE_OFFSET_BITS=64 -O2 -g -Wall 
Link: gcc -g -O2 -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -O2 -g -Wall 
    -Wl,-Bsymbolic-functions /usr/lib/libssl.so /usr/lib/libcrypto.so 
    -ldl -lrt ftp-opie.o openssl.o http-ntlm.o gen-md5.o 
    ../lib/libgnu.a 

Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic <[email protected]>.
Currently maintained by Micah Cowan <[email protected]>.
Please send bug reports and questions to <[email protected]>.


$ uname -a
> Linux andrEee 3.0.0-32-generic #51-Ubuntu SMP Thu Mar 21 15:51:26 UTC 2013 i686 i686 i386 GNU/Linux

$ lsb_release -a
> No LSB modules are available.
  Distributor ID:   Ubuntu
  Description:  Ubuntu 11.10
  Release:  11.10
  Codename: oneiric
11.10googlewgetcertificatescurl
2
ahilsend

Ceci est un bug conn dans wget 1.12.

Étant donné que vous utilisez une version non prise en charge d'ubuntu, la meilleure solution consiste à effectuer une mise à niveau vers une version prise en charge. wget 1.14 est la dernière version d'ubuntu et a corrigé ce bogue.

4
0x7c0