[pca] Issue with wget version 1.18 (Solaris 10 patch# 125215-07) :: ERROR "Unable to establish SSL connection"

Fri Feb 17 11:11:32 CET 2017

Thanks Martin,
    i don't understand why with wget 1.18 the SSL Handshake failed and with
1.16 work fine...
When try to connect with the wget 1.18 client version, the apache 2 (httpd)
process core...

*WGET 1.16*

# wget -S -O /dev/null --no-check-certificate --debug https://pdpcasrv1
DEBUG output created by Wget 1.16 on solaris2.10.

--2017-02-17 10:47:16--  https://pdpcasrv1/
Resolving pdpcasrv1... 10.41.152.75
Caching pdpcasrv1 => 10.41.152.75
Connecting to pdpcasrv1|10.41.152.75|:443... connected.
Created socket 5.
Releasing 0x0009ce70 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 5 to SSL handle 0x000a19b0
certificate:
  subject: /C=IT/L=Location/O=Organization/OU=Organization
Unit/CN=pdpcasrv1/emailAddress=myemail at company.com
  issuer:  /C=IT/L=Location/O=Organization/OU=Organization Unit
/CN=pdpcasrv1/emailAddress=
myemail at company.com
WARNING: cannot verify pdpcasrv1's certificate, issued by '/C=IT/L=Location
/O=Organization/OU=Organization Unit/CN=pdpcasrv1/emailAddress=
myemail at company.com':
  Self-signed certificate encountered.

---request begin---
GET / HTTP/1.1
User-Agent: Wget/1.16 (solaris2.10)
Accept: */*
Host: pdpcasrv1
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 200 OK
Date: Fri, 17 Feb 2017 09:47:16 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/1.0.1u DAV/2
Last-Modified: Fri, 17 Feb 2017 09:15:17 GMT
ETag: "3766-51fb8-5a225340"
Accept-Ranges: bytes
Content-Length: 335800
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

---response end---

  HTTP/1.1 200 OK
  Date: Fri, 17 Feb 2017 09:47:16 GMT
  Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/1.0.1u DAV/2
  Last-Modified: Fri, 17 Feb 2017 09:15:17 GMT
  ETag: "3766-51fb8-5a225340"
  Accept-Ranges: bytes
  Content-Length: 335800
  Keep-Alive: timeout=15, max=100
  Connection: Keep-Alive
  Content-Type: text/html
Registered socket 5 for persistent reuse.
Length: 335800 (328K) [text/html]
Saving to: '/dev/null'

/dev/null
100%[=============================================================================>]
327.93K  --.-KB/s   in 0.03s

2017-02-17 10:47:16 (11.5 MB/s) - '/dev/null' saved [335800/335800]
#

WGET 1.18

# wget -S -O /dev/null --no-check-certificate --debug https://pdpcasrv1
DEBUG output created by Wget 1.18 on solaris2.10.

Reading HSTS entries from //.wget-hsts
--2017-02-17 10:46:42--  https://pdpcasrv1/
Resolving pdpcasrv1... 10.41.152.75
Caching pdpcasrv1 => 10.41.152.75
Connecting to pdpcasrv1|10.41.152.75|:443... connected.
Created socket 5.
Releasing 0x000ae3a0 (new refcount 1).
Initiating SSL handshake.
SSL handshake failed.
Closed fd 5
Unable to establish SSL connection.
#

Any idea?
Many thanks in advance
Michele

2017-02-16 9:32 GMT+01:00 Martin Paul <martin.paul at univie.ac.at>:

> Hi,
>
>    i have a problem with wget ver.1.18 (125215-07). No problem with a
>> previous
>> revision, wget 1.16 (125215-06). My PCA proxy (pdpcasrv1) have a Self
>> Signed
>> Certificate (https).
>>
>
> Just to be sure, I tried wget 1.18 with Oracle's patch download server -
> this still works fine.
>
> To find out why wget 1.18 doesn't like to talk HTTPS to your local PCA
> proxy, I guess you'll need to collect wget debug information (put --debug
> in PCA's "wgetopt"-option or in a wgetrc or the like, or try wget outside
> of PCA) or check the log files of your PCA proxy web server.
>
> Martin.
>
>

-- 
--
Michele Vecchiato
Fax +39 06 9186 7019 | Mob.+39 335 633 6950
e-mail: michele.vecchiato at gmail.com
LinkedIn  pub profile http://www.linkedin.com/in/michelevecchiato

*** Per favore considerate l' ambiente prima di stampare questa e-mail.
Grazie ***
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.univie.ac.at/pipermail/pca/attachments/20170217/ac08a371/attachment.html>