Skip to content

Drush make has problems with wget 1.12 and the HTTPS certificate of drupal.org. #74

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
matglas opened this issue Sep 10, 2013 · 4 comments
Closed

Drush make has problems with wget 1.12 and the HTTPS certificate of drupal.org. #74

matglas opened this issue Sep 10, 2013 · 4 comments

Comments

@matglas
Copy link

matglas commented Sep 10, 2013

Problem
When drush make uses patches from drupal.org on a server running 1.12 it returns an because of the https certificate that drupal.org uses. This can happen with other sources too. Ubuntu 10.04 uses 1.12 as its latest package for wget. This problem is fixed with wget 1.13. In Ubuntu 12.04 they use wget 1.13 so there its no problem.

Fix
When you add the flag --no-check-certificate to wget on 1.12 it continues but does not check the certificate.

Proposed solution
It would be great to be able to add --no-check-certificate as a parameter to the wget call when the version is 1.12.

This call to check if wget is available is here. The version could be checked there too. If the version is 1.12 the flag could be added to the exec call. That line would look something like this

  drush_shell_exec("wget -q --timeout=30 --no-check-certificate -O %s %s", $destination_tmp, $url);

References
@weitzman
Copy link
Member

If you submit a PR which conditionally adds the flag we will consider it. I also want an explanation about why disabling this feature is a secure approach.

Some alternatives that I can think of:

  • See Wgetrc
  • Make wget not available or not executable. Drush will fallback to curl
  • Implement your own alternative package handler.

@weitzman
Copy link
Member

No reply. I will reopen this if one appears per my prior comment.

@kenorb
Copy link
Contributor

kenorb commented Mar 28, 2014

wget 1.11.4 fails with the following links:

https://github.com/chipperstudios/libphonenumber-for-php/archive/master.zip
https://github.com/richthegeek/phpsass/archive/master.zip

This version of wget is provided also with drush package for Windows, at: http://drush.ws/drush_windows_installer

It is related to:
https://bugzilla.redhat.com/show_bug.cgi?id=903756
See also:
https://drupal.org/node/2145537
drupal-modules/ads#21

Example fail:

$ wget https://drupal.org/files/ctools-n1925018-12.patch
--2014-03-09 21:41:17--  https://drupal.org/files/ctools-n1925018-12.patch
Resolving drupal.org... 140.211.10.62, 140.211.10.16
Connecting to drupal.org|140.211.10.62|:443... connected.
ERROR: certificate common name `*.drupal.org' doesn't match requested host name `drupal.org'.
To connect to drupal.org insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

$ wget -V
GNU Wget 1.11.4 Red Hat modified

@kenorb kenorb mentioned this issue Mar 28, 2014
Open
@drupol
Copy link
Contributor

drupol commented Feb 2, 2016

Here's a one line solution: echo "check_certificate = off" >> ~/.wgetrc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@weitzman @drupol @kenorb @matglas