search

t-richards / mausberry-switch

GPIO power switch service.
MIT License
24 stars 5 forks source link

Dont use ssl #3

Closed myoung34 closed 8 years ago

myoung34 commented 9 years ago

Wget does not like the SSL cert provided on tomrichards.net by default.

$ wget http://tomrichards.net/downloads/mausberry-switch_0.4_armhf.deb
--2014-12-27 04:35:32--  http://tomrichards.net/downloads/mausberry-switch_0.4_armhf.deb
Resolving tomrichards.net (tomrichards.net)... 104.28.28.31, 104.28.29.31, 2400:cb00:2048:1::681c:1d1f, ...
Connecting to tomrichards.net (tomrichards.net)|104.28.28.31|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://tomrichards.net/downloads/mausberry-switch_0.4_armhf.deb [following]
--2014-12-27 04:35:32--  https://tomrichards.net/downloads/mausberry-switch_0.4_armhf.deb
Connecting to tomrichards.net (tomrichards.net)|104.28.28.31|:443... connected.
GnuTLS: A TLS fatal alert has been received.
Unable to establish SSL connection.

The easiest option is to change the instructions to use curl -k or remove the 301 for http to https

$ curl -k --silent -L http://tomrichards.net/downloads/mausberry-switch_0.4_armhf.deb -O mausberry-switch_0.4_armhf.deb
t-richards commented 9 years ago

Welp, removing HTTPS is out of the question. I love my HTTPS . :smile:

For reference, wget using openssl on my Arch Linux machine works just fine:

$ wget --version
GNU Wget 1.16.1 built on linux-gnu.

+digest +https +ipv6 +iri +large-file +nls +ntlm +opie -psl +ssl/openssl 

Wgetrc: 
    /etc/wgetrc (system)
Locale: 
    /usr/share/locale 
Compile: 
    gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc" 
    -DLOCALEDIR="/usr/share/locale" -I. -I../lib -I../lib 
    -D_FORTIFY_SOURCE=2 -I/usr/include/uuid -DHAVE_LIBSSL -DNDEBUG 
    -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong 
    --param=ssp-buffer-size=4 
Link: 
    gcc -I/usr/include/uuid -DHAVE_LIBSSL -DNDEBUG -march=x86-64 
    -mtune=generic -O2 -pipe -fstack-protector-strong 
    --param=ssp-buffer-size=4 
    -Wl,-O1,--sort-common,--as-needed,-z,relro -lpcre -luuid -lssl 
    -lcrypto -L/usr/lib -lz -lidn ftp-opie.o openssl.o http-ntlm.o 
    ../lib/libgnu.a 

Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
Please send bug reports and questions to <bug-wget@gnu.org>.

$ wget https://tomrichards.net/downloads/mausberry-switch_0.4_armhf.deb
--2015-01-04 14:42:33--  https://tomrichards.net/downloads/mausberry-switch_0.4_armhf.deb
Resolving tomrichards.net (tomrichards.net)... 2400:cb00:2048:1::c71b:87c2, 2400:cb00:2048:1::c71b:86c2, 199.27.135.194, ...
Connecting to tomrichards.net (tomrichards.net)|2400:cb00:2048:1::c71b:87c2|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/octet-stream]
Saving to: ‘mausberry-switch_0.4_armhf.deb’

mausberry-switch_0.4_     [ <=>                       ]   7.02K  --.-KB/s   in 0s     

2015-01-04 14:42:34 (53.9 MB/s) - ‘mausberry-switch_0.4_armhf.deb’ saved [7192]
rob-smallshire commented 9 years ago

Just a note that I ran into this wget TLS problem too when following the instructions. I could download without problems through the browser though. It would be worthwhile updating the documentation to reflect this.

Other than that, the daemon works very well! Thank you for writing and sharing it.

t-richards commented 8 years ago

Turns out it was my cruddy SSL certificate from COMODO. Due to the fact that COMODO is :hankey: , many distributions have omitted COMODO's CA certificate from their root store. This makes things not work in various clients/browsers.

I have replaced it with a shiny new DigiCert certificate, and everything should be back to 100% working on all the platforms.