Closed maravtdm closed 2 years ago
--with-openssl
explicitly selects the crypto library for checksumming etc. The TLS library to use is auto-selected in this case.
While --with-ssl=openssl
explicitly selects the TLS library to be OpenSSL.
So depending on which dev libraries you installed, both builds may use a different TLS library (or different versions) - e.g. GnuTLS is preferred over OpenSSL in automatic mode.
It would be interesting to see what you end up with. If you could share the config.log
for both cases, I can find out. Please check that it doesn't contain any private data that you don't want to share (e.g. path / user / machine name).
Hi, Thanks for your answer
(for privacy, I'm fine with that) Here they are config_with-openssl.log config_with-ssl_openssl.log
Outcome appears the same for you and it is for me as well. Have some more details on it on my end. Using openssl 3.0.0: In config.h, HAVE_GNU_TLS_OCSP_H is unset as it should be. But openssl has it's own header for it - openssl/ocsp.h which is enabled - HAVE_OPENSSL_OCSP_H and so WITH_OCSP is set.
Despite this, ocsp doesn't work with openssl. I tried setting both ssl=openssl and openssl=yes and got these results
From your log files, ./configure --with-ssl=openssl
builds with openssl while ./configure --with-openssl
builds with GnuTLS + -lcrypto (from openssl, but libcrypto is not called from code as GnuTLS has all the crypto built in).
So the only question is why OCSP doesn't work with OpenSSL. It does here (Debian unstable, openssl 1.1.1l-1).
So I assume that on your system, openssl is built without OCSP support (or otherwise incorrectly). What openssl versions do you use ? Did you run all the tests when building openssl ? And what doies it say about OCSP ? Did you run make check
for wget2 ?
OCSP response is too old. Ignoring.
This error comes from the fact that the stapled OCSP response is older than 3 days. I don't know why the check fails in OpenSSL and succeeds in GnuTLS, have to look into that. In the meanwhile, could you disable that with --no-ocsp-date
? That should disable this particular check.
Hi,
Curiously, the issue ( --with-openssl) no longer exists ...
blackstar :: ~ » wget2 -V
GNU Wget2 2.0.0 - multithreaded metalink/file/website downloader
+digest +https +ssl/openssl +ipv6 +iri +large-file +nls -ntlm -opie +psl -hsts
+iconv +idn2 +zlib +lzma +brotlidec +zstd +bzip2 +lzip +http2 +gpgme
blackstar :: ~ » wget2 https://github.com/stedolan/jq/releases/download/jq-1.6/jq-1.6.tar.gz
[0] Downloading 'https://github.com/stedolan/jq/releases/download/jq-1.6/jq-1.6.tar.gz' ...
HTTP response 302 [https://github.com/stedolan/jq/releases/download/jq-1.6/jq-1.6.tar.gz]
Adding URL: https://objects.githubusercontent.com/github-production-release-asset-2e65be/5101141/e4612500-eca9-11e8-8306-c58af06c65f5?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220105%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220105T082800Z&X-Amz-Expires=300&X-Amz-Signature=c7d164fc079b38162a8afc8689283ababa7e0e8b376f17f6d2dff27957dc8df3&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=5101141&response-content-disposition=attachment%3B%20filename%3Djq-1.6.tar.gz&response-content-type=application%2Foctet-stream
[0] Downloading 'https://objects.githubusercontent.com/github-production-release-asset-2e65be/5101141/e4612500-eca9-11e8-8306-c58af06c65f5?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220105%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220105T082800Z&X-Amz-Expires=300&X-Amz-Signature=c7d164fc079b38162a8afc8689283ababa7e0e8b376f17f6d2dff27957dc8df3&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=5101141&response-content-disposition=attachment%3B%20filename%3Djq-1.6.tar.gz&response-content-type=application%2Foctet-stream' ...
Saving 'jq-1.6.tar.gz.1'
HTTP response 200 [https://objects.githubusercontent.com/github-production-release-asset-2e65be/5101141/e4612500-eca9-11e8-8306-c58af06c65f5?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20220105%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20220105T082800Z&X-Amz-Expires=300&X-Amz-Signature=c7d164fc079b38162a8afc8689283ababa7e0e8b376f17f6d2dff27957dc8df3&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=5101141&response-content-disposition=attachment%3B%20filename%3Djq-1.6.tar.gz&response-content-type=application%2Foctet-stream]
Hi,
with ./configure --with-ssl=openssl, I have this issue :
But, with ./configure --with-openssl, everything is fine :