SSL cert issue

[bluepuma77]

I tried to install according to instructions (http://rg3.github.io/youtube-dl/download.html) but that resulted in an SSL certificate error.

sudo wget https://yt-dl.org/downloads/2013.09.06.1/youtube-dl -O /usr/local/bin/youtube-dl
--2013-09-07 23:58:51--  https://yt-dl.org/downloads/2013.09.06.1/youtube-dl
Resolving yt-dl.org (yt-dl.org)... 95.143.172.170, 2001:1a50:11:0:5f:8f:acaa:177
Connecting to yt-dl.org (yt-dl.org)|95.143.172.170|:443... connected.
The certificate's owner does not match hostname `yt-dl.org'

It would be good if you can fix the SSL cert issue or put '--no-check-certificate' into the documantation so others don't have the issue

sudo wget --no-check-certificate https://yt-dl.org/downloads/2013.09.06.1/youtube-dl -O /usr/local/bin/youtube-dl

[phihag]

There is a valid SSL certificate for yt-dl.org! There's a very good reason why certificate checking is on by default, and we will certainly not instruct users to disable it.

Can you upload the certificate and youtube-dl binary you got somewhere? Also of interest would be the output of wget --version and a list of the root certificates you trust.

[bluepuma77]

Not sure how to get the SSL cert, but here is the debug info:

# wget https://yt-dl.org/downloads/2013.09.06.1/youtube-dl -O /usr/local/bin/youtube-dl --debug

DEBUG output created by Wget 1.13.4 on linux-gnu.

URI encoding = `UTF-8'
--2013-09-09 14:45:03--  https://yt-dl.org/downloads/2013.09.06.1/youtube-dl
Resolving yt-dl.org (yt-dl.org)... 95.143.172.170, 2001:1a50:11:0:5f:8f:acaa:177
Caching yt-dl.org => 95.143.172.170 2001:1a50:11:0:5f:8f:acaa:177
Connecting to yt-dl.org (yt-dl.org)|95.143.172.170|:443... connected.
Created socket 5.
Releasing 0x0000000001a609e0 (new refcount 1).
The certificate's owner does not match hostname `yt-dl.org'

# cat /etc/*-release
PRETTY_NAME="Debian GNU/Linux 7 (wheezy)"
NAME="Debian GNU/Linux"
VERSION_ID="7"
VERSION="7 (wheezy)"
ID=debian
ANSI_COLOR="1;31"
HOME_URL="http://www.debian.org/"
SUPPORT_URL="http://www.debian.org/support/"
BUG_REPORT_URL="http://bugs.debian.org/"

# uname -r
3.3.8-gcg-201305291443

[phihag]

To get the certificates, type

echo | openssl s_client -connect yt-dl.org:443 -showcerts > yt-dl.certs

Then, simply upload the yt-dl.certs file somewhere, like gist. Can you also upload the youtube-dl binary you have downloaded? I'd like to compare it against the reference, and if it doesn't match, get information on who injects what into our binaries.

[Rudloff]

Doesn't this have to do with wget not using SNI ?

[phihag]

@Rudloff That was my first suspicion, but I thought that was a squeeze issue and should be fixed in wget 1.13. However, it turns out you're right: Update to a current version of wget or use curl to solve this download problem.