Discussion:
Bug#707555: wget: https fails with GnuTLS: Decryption has failed. first time and segfaults next tries.
(too old to reply)
rodrifra
2013-05-09 12:10:03 UTC
Permalink
Package: wget
Version: 1.14-1
Severity: important

Dear Maintainer,
the command that leads to the error is:

wget --save-cookies cookies --keep-session-cookies --save-cookies cookies -O Todos.html https://sede.dgt.gob.es/sede/faces/paginas/testra/testraIframe.xhtml?pagina=consulta.html

-- System Information:
Debian Release: 7.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wget depends on:
ii dpkg 1.16.10
ii install-info 4.13a.dfsg.1-10
ii libc6 2.13-38
ii libgcrypt11 1.5.0-5
ii libgnutls26 2.12.20-6
ii libgpg-error0 1.10-3.1
ii libidn11 1.25-2
ii libuuid1 2.20.1-5.3
ii zlib1g 1:1.2.7.dfsg-13

wget recommends no packages.

wget suggests no packages.

-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Caronte Estigia
2013-05-09 13:00:02 UTC
Permalink
By the way, despite reported wget's version is the one from the unstable packages (1.14-1), the problem is also in the stable version.
I upgraded to unstable to check if the problem was solved, but it wasn't. Version 1.12 from oldstable works without any problem.

May GNUTLS not be tested thoroughly?.




________________________________
De: Debian Bug Tracking System <***@bugs.debian.org>
Para: rodrifra <***@yahoo.es>
Enviado: Jueves 9 de Mayo de 2013 14:00
Asunto: Bug#707555: Acknowledgement (wget: https fails with GnuTLS: Decryption has failed. first time and segfaults next tries.)


Thank you for filing a new Bug report with Debian.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
Noël Köthe <***@debian.org>

If you wish to submit further information on this problem, please
send it to ***@bugs.debian.org.

Please do not send mail to ***@bugs.debian.org unless you wish
to report a problem with the Bug-tracking system.
--
707555: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707555
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Caronte Estigia
2013-05-09 13:30:02 UTC
Permalink
I've been checking version 1.14 in Ubuntu, that version appears to be compiled with openssl and the error there is:

OpenSSL: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

So the error does not seem to be GNUTLS specific.
Noël Köthe
2013-08-13 15:50:01 UTC
Permalink
tags 707555 + confirmed upstream pending
thanks

Hello,
Post by rodrifra
wget --save-cookies cookies --keep-session-cookies --save-cookies cookies -O Todos.html https://sede.dgt.gob.es/sede/faces/paginas/testra/testraIframe.xhtml?pagina=consulta.html
http://bugs.debian.org/707555

build like Tim with GNU TLS 3.2 (libgnutls28):

$ LC_ALL=C wget --debug --secure-protocol=SSLv3 --save-cookies cookies --keep-session-cookies --save-cookies cookies -O Todos.html https://sede.dgt.gob.es/sede/faces/paginas/testra/testraIframe.xhtml?pagina=consulta.html
Setting --secure-protocol (secureprotocol) to SSLv3
Setting --save-cookies (savecookies) to cookies
Setting --keep-session-cookies (keepsessioncookies) to 1
Setting --save-cookies (savecookies) to cookies
Setting --output-document (outputdocument) to Todos.html
DEBUG output created by Wget 1.14 on linux-gnu.

URI encoding = 'ANSI_X3.4-1968'
--2013-08-13 17:33:16-- https://sede.dgt.gob.es/sede/faces/paginas/testra/testraIframe.xhtml?pagina=consulta.html
Resolving sede.dgt.gob.es (sede.dgt.gob.es)... 213.4.59.219
Caching sede.dgt.gob.es => 213.4.59.219
Connecting to sede.dgt.gob.es (sede.dgt.gob.es)|213.4.59.219|:443... connected.
Created socket 6.
Releasing 0x0000000002072bf0 (new refcount 1).
GnuTLS: No or insufficient priorities were set.
Closed fd 6
Unable to establish SSL connection.
Saving cookies to cookies.
Done saving cookies.

As Tim reported it works with GNUTLS 3.2x and the latest git build I
guess there is a fix in git and will be included in the next wget
release.
--
Noël Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
Loading...