wget 不接受 google 的证书

wget 不接受 google 的证书

我在 cron 作业中使用 wget 下载我的谷歌日历。我知道它上周还在工作。今天我注意到它不再工作了。wget不会接受谷歌的证书:

$ wget --debug  https://www.google.com/calendar/ical/<private-id>/basic.ics
> DEBUG output created by Wget 1.12 on linux-gnu.

--2013-07-26 12:36:31--  https://www.google.com/
Resolving www.google.com... 109.105.109.234, 109.105.109.223, 109.105.109.208, ...
Caching www.google.com => 109.105.109.234 109.105.109.223 109.105.109.208 109.105.109.249 109.105.109.229 109.105.109.219 109.105.109.245 109.105.109.227 109.105.109.240 109.105.109.230 109.105.109.241 109.105.109.212 109.105.109.251 109.105.109.216 109.105.109.238 109.105.109.218 2a00:1450:400f:803::1012
Connecting to www.google.com|109.105.109.234|:443... connected.
Created socket 3.
Releasing 0x09046cf8 (new refcount 1).
Initiating SSL handshake.
Handshake successful; connected socket 3 to SSL handle 0x09047090
certificate:
  subject: /C=US/ST=California/O=Google Inc/CN=google.com
  issuer:  /C=US/O=Google Inc/CN=Google Internet Authority
ERROR: certificate common name `google.com' doesn't match requested host name `www.google.com'.
To connect to www.google.com insecurely, use `--no-check-certificate'.
Closed 3/SSL 0x09047090

因此wget不想将 google.com 与 www.google.com 匹配。这很奇怪。证书似乎没有问题。curl正在运行:

curl -v https://www.google.com/calendar/ical/<private-id>/basic.ics
* About to connect() to www.google.com port 443 (#0)
*   Trying 109.105.109.219... connected
* Connected to www.google.com (109.105.109.219) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-RC4-SHA
* Server certificate:
*    subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com
*    start date: 2013-07-12 08:56:36 GMT
*    expire date: 2013-10-31 23:59:59 GMT
*    subjectAltName: www.google.com matched
*    issuer: C=US; O=Google Inc; CN=Google Internet Authority
*    SSL certificate verify ok.
> GET /calendar/ical/<private-id>/basic.ics HTTP/1.1
> User-Agent: curl/7.21.6 (i686-pc-linux-gnu) libcurl/7.21.6 OpenSSL/1.0.0e zlib/1.2.3.4 libidn/1.22 librtmp/2.3
> Host: www.google.com
> Accept: */*
> 
< HTTP/1.1 200 OK
< Expires: Fri, 01 Jan 1990 00:00:00 GMT
< Date: Fri, 26 Jul 2013 10:42:18 GMT
< Content-Type: text/calendar; charset=UTF-8
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Server: GSE
< Transfer-Encoding: chunked
< 
...

这不是很糟糕,我可以用 curl 代替。但是为什么它仍然不起作用?

我的系统是:

$ wget --version
> GNU Wget 1.12 built on linux-gnu.

+digest +ipv6 +nls +ntlm +opie +md5/openssl +https -gnutls +openssl 
-iri 

Wgetrc: 
    /etc/wgetrc (system)
Locale: /usr/share/locale 
Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc" 
    -DLOCALEDIR="/usr/share/locale" -I. -I../lib -g -O2 -DNO_SSLv2 
    -D_FILE_OFFSET_BITS=64 -O2 -g -Wall 
Link: gcc -g -O2 -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -O2 -g -Wall 
    -Wl,-Bsymbolic-functions /usr/lib/libssl.so /usr/lib/libcrypto.so 
    -ldl -lrt ftp-opie.o openssl.o http-ntlm.o gen-md5.o 
    ../lib/libgnu.a 

Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic <[email protected]>.
Currently maintained by Micah Cowan <[email protected]>.
Please send bug reports and questions to <[email protected]>.


$ uname -a
> Linux andrEee 3.0.0-32-generic #51-Ubuntu SMP Thu Mar 21 15:51:26 UTC 2013 i686 i686 i386 GNU/Linux

$ lsb_release -a
> No LSB modules are available.
  Distributor ID:   Ubuntu
  Description:  Ubuntu 11.10
  Release:  11.10
  Codename: oneiric

答案1

这是一个已知错误wget 1.12

由于您正在运行不受支持的 ubuntu 版本,最好的做法是升级到受支持的版本。 wget 1.14是 ubuntu 中的最新版本,并且已修复此错误。

相关内容