wget - The certificate has not yet been activated (does also happen in qemuarm "virt" machine)


Matthias Klein
 

Hello,

another addition to the problem:
The problem does not seem to be directly related to the custom kernel or the one yocto, as I can recreate the problem in a second yocto.

The yocto is for the qemuarm "virt" machine. I have the complete sources for it here: https://github.com/matthiasklein/meta-yocto-coffee-qemuarm

Is it possible that it is somehow related to 32 bit ARM?

# uname -a
Linux qemuarm 5.15.16-yocto-standard #1 SMP PREEMPT Tue Jan 25 14:32:58 UTC 2022 armv7l GNU/Linux

# wget -4 https://speed.hetzner.de/100MB.bin
--2022-02-03 09:18:37-- https://speed.hetzner.de/100MB.bin
SSL_INIT
Resolving speed.hetzner.de... 88.198.248.254
Connecting to speed.hetzner.de|88.198.248.254|:443... connected.
The certificate has not yet been activated

# wget --version
GNU Wget 1.21.2 built on linux-gnueabi.

-cares +digest -gpgme +https +ipv6 -iri +large-file -metalink +nls
+ntlm +opie -psl +ssl/gnutls

Wgetrc:
/etc/wgetrc (system)
Locale:
/usr/share/locale
Compile:
arm-poky-linux-gnueabi-gcc -mthumb -mfpu=neon -mfloat-abi=hard
-mcpu=cortex-a15 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2
-Wformat -Wformat-security -Werror=format-security -DHAVE_CONFIG_H
-DSYSTEM_WGETRC="/etc/wgetrc" -DLOCALEDIR="/usr/share/locale" -I.
-I../../wget-1.21.2/src -I../lib -I../../wget-1.21.2/lib -DNDEBUG
-O2 -pipe -g -feliminate-unused-debug-types
Link:
arm-poky-linux-gnueabi-gcc -mthumb -mfpu=neon -mfloat-abi=hard
-mcpu=cortex-a15 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2
-Wformat -Wformat-security -Werror=format-security -DNDEBUG -O2
-pipe -g -feliminate-unused-debug-types -Wl,-O1
-Wl,--hash-style=gnu -Wl,--as-needed -Wl,-z,relro,-z,now -lpcre
-lnettle -lgnutls -lz ftp-opie.o gnutls.o http-ntlm.o
../lib/libgnu.a -lunistring

Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic <hniksic@...>.
Please send bug reports and questions to <bug-wget@...>.

Best regards,
Matthias


Matthias Klein
 

Hello together,

I can "fix" the bug by switching from gnutls to openssl:

PACKAGECONFIG:remove = "gnutls"
PACKAGECONFIG:append = " openssl"

Can anyone explain this?
What exactly does the change to openssl mean?

Many greetings,
Matthias


Khem Raj
 

On Thu, Feb 3, 2022 at 9:14 AM Matthias Klein
<matthias.klein@...> wrote:

Hello together,

I can "fix" the bug by switching from gnutls to openssl:

PACKAGECONFIG:remove = "gnutls"
PACKAGECONFIG:append = " openssl"

Can anyone explain this?
What exactly does the change to openssl mean?
this means you are choosing openSSL to provide TLS protocol
implementation instead of gnuTLS


Many greetings,
Matthias



Matthias Klein
 

Hello Khem,

this means you are choosing openSSL to provide TLS protocol implementation instead of gnuTLS
Please excuse that my question was so unspecific.
Does it make a functional difference from which library the TLS support comes from?

Best regards,
Matthias


Khem Raj
 

On Thu, Feb 3, 2022 at 11:20 PM Matthias Klein
<matthias.klein@...> wrote:

Hello Khem,

this means you are choosing openSSL to provide TLS protocol implementation instead of gnuTLS
Please excuse that my question was so unspecific.
Does it make a functional difference from which library the TLS support comes from?
ideally it should not. It really should be that app is using right
port to talk to the one you choose.

Best regards,
Matthias