Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL cert issue #1392

Closed
bluepuma77 opened this issue Sep 7, 2013 · 5 comments
Closed

SSL cert issue #1392

bluepuma77 opened this issue Sep 7, 2013 · 5 comments

Comments

@bluepuma77
Copy link

@bluepuma77 bluepuma77 commented Sep 7, 2013

I tried to install according to instructions (http://rg3.github.io/youtube-dl/download.html) but that resulted in an SSL certificate error.

sudo wget https://yt-dl.org/downloads/2013.09.06.1/youtube-dl -O /usr/local/bin/youtube-dl
--2013-09-07 23:58:51--  https://yt-dl.org/downloads/2013.09.06.1/youtube-dl
Resolving yt-dl.org (yt-dl.org)... 95.143.172.170, 2001:1a50:11:0:5f:8f:acaa:177
Connecting to yt-dl.org (yt-dl.org)|95.143.172.170|:443... connected.
The certificate's owner does not match hostname `yt-dl.org'

It would be good if you can fix the SSL cert issue or put '--no-check-certificate' into the documantation so others don't have the issue

sudo wget --no-check-certificate https://yt-dl.org/downloads/2013.09.06.1/youtube-dl -O /usr/local/bin/youtube-dl
@phihag
Copy link
Contributor

@phihag phihag commented Sep 7, 2013

There is a valid SSL certificate for yt-dl.org! There's a very good reason why certificate checking is on by default, and we will certainly not instruct users to disable it.

Can you upload the certificate and youtube-dl binary you got somewhere? Also of interest would be the output of wget --version and a list of the root certificates you trust.

@bluepuma77
Copy link
Author

@bluepuma77 bluepuma77 commented Sep 9, 2013

Not sure how to get the SSL cert, but here is the debug info:

# wget https://yt-dl.org/downloads/2013.09.06.1/youtube-dl -O /usr/local/bin/youtube-dl --debug

DEBUG output created by Wget 1.13.4 on linux-gnu.

URI encoding = `UTF-8'
--2013-09-09 14:45:03--  https://yt-dl.org/downloads/2013.09.06.1/youtube-dl
Resolving yt-dl.org (yt-dl.org)... 95.143.172.170, 2001:1a50:11:0:5f:8f:acaa:177
Caching yt-dl.org => 95.143.172.170 2001:1a50:11:0:5f:8f:acaa:177
Connecting to yt-dl.org (yt-dl.org)|95.143.172.170|:443... connected.
Created socket 5.
Releasing 0x0000000001a609e0 (new refcount 1).
The certificate's owner does not match hostname `yt-dl.org'
# cat /etc/*-release
PRETTY_NAME="Debian GNU/Linux 7 (wheezy)"
NAME="Debian GNU/Linux"
VERSION_ID="7"
VERSION="7 (wheezy)"
ID=debian
ANSI_COLOR="1;31"
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support/"
BUG_REPORT_URL="http://bugs.debian.org/"
# uname -r
3.3.8-gcg-201305291443
@phihag
Copy link
Contributor

@phihag phihag commented Sep 9, 2013

To get the certificates, type

echo | openssl s_client -connect yt-dl.org:443 -showcerts > yt-dl.certs

Then, simply upload the yt-dl.certs file somewhere, like gist. Can you also upload the youtube-dl binary you have downloaded? I'd like to compare it against the reference, and if it doesn't match, get information on who injects what into our binaries.

@Rudloff
Copy link
Contributor

@Rudloff Rudloff commented Sep 10, 2013

Doesn't this have to do with wget not using SNI ?

@phihag
Copy link
Contributor

@phihag phihag commented Sep 10, 2013

@Rudloff That was my first suspicion, but I thought that was a squeeze issue and should be fixed in wget 1.13. However, it turns out you're right: Update to a current version of wget or use curl to solve this download problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.