getnonfreefonts: tug.org certificate errors
Tom Kacvinsky
tkacvins at gmail.com
Sat Nov 6 23:50:34 CET 2021
On Sat, Nov 6, 2021 at 6:22 PM Karl Berry <karl at freefriends.org> wrote:
> | Resolving www.tug.org... 94.23.251.76
> | Connecting to www.tug.org|94.23.251.76|:443... connected.
> | ERROR: The certificate of 'www.tug.org' is not trusted.
> | ERROR: The certificate of 'www.tug.org' has expired.
> | ! Error: Can't execute wget.
>
> To the best of my knowledge, the certificates on the user's machine have
> to be updated. It's a network-wide issue, not related to tug.org or
> getnonfreefonts.
>
> Here is a brief description and some further references:
> https://savannah.nongnu.org/forum/forum.php?forum_id=10054
I tried building the latest wget with the latest OpenSSL 1.1.1,
with the appropriate flags already set in the wget openssl support
code. That is, X509_VERIFY_PARAM_set_flags is called with the param
X509_V_FLAG_TRUSTED_FIRST. but this did not take. I now get this
instead:
SSL_INIT
Resolving www.tug.org (www.tug.org)... 94.23.251.76
Connecting to www.tug.org (www.tug.org)|94.23.251.76|:443... connected.
ERROR: The certificate of 'www.tug.org' is not trusted.
ERROR: The certificate of 'www.tug.org' has expired.
So the OpenSSL docs on how to work around this seems to be emitting
bogons. Will look at it some more because it seems for this use case,
the weak link is the client code (in this case, wget),
Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20211106/e7d77865/attachment-0001.html>
More information about the tex-live
mailing list.