[Hamara-devel] Certificate problem in downloading hamara linux iso through command line tools
Amardeep Singh
amardeep at hamaralinux.org
Tue Oct 13 08:33:29 BST 2015
at bottom:-
On Tuesday 13 October 2015 12:52 PM, akshat wrote:
> at bottom:
>
> On Tue, Oct 13, 2015 at 10:11 AM, shirish <shirish at hamaralinux.org
> <mailto:shirish at hamaralinux.org>> wrote:
>
> additional at bottom :-
>
>
> On Tuesday 13 October 2015 10:05 AM, shirish wrote:
>
> Dear Akshat,
>
> It seems that the URL re-directs to some mirror internally.
>
> Do
>
> $ curl -# -O -L -v
> http://downloads.hamaralinux.org/final/hamara_1.0.3_amd64.iso
>
> And you will see it starts to download as well as you see what is
> happening at the back-end a bit.
>
> There is also --trace-ascii which you can also use for debugging
> purposes if needed.
>
> -L is the crucial bit here as per man page
>
> -L, --location
> (HTTP/HTTPS) If the server reports that the
> requested
> page has moved to a different location (indicated with a Location:
> header and a 3XX response code), this option will make
> curl redo
> the request on the new place. If used together with -i,
> --include or -I,
> --head, headers from all requested pages will be shown. When
> authentication is used, curl only sends its credentials to
> the initial
> host. If a redirect takes curl to a different host, it won't
> be able to
> intercept the user+password. See also --location-trusted on how to
> change this. You can limit the amount of redirects to follow
> by using
> the --max-redirs option.
>
> When curl follows a redirect and the request is
> not a
> plain GET (for example POST or PUT), it will do the following
> request
> with a GET if the HTTP response was 301, 302, or 303. If the
> response
> code was any other 3xx code, curl will re-send the following
> request
> using the same unmodified method.
>
> You can tell curl to not change the non-GET request
> method to GET after a 30x response by using the dedicated
> options
> for that: --post301, --post302 and -post303.
>
> Let us know if you still get errors after trying the above
> flag/switch.
>
>
> This is how it looks at my end :-
>
> curl -# -O -L -v
> http://downloads.hamaralinux.org/final/hamara_1.0.3_amd64.iso
> * Trying 81.187.100.26...
> * Connected to downloads.hamaralinux.org
> <http://downloads.hamaralinux.org> (81.187.100.26) port 80 (#0)
> > GET /final/hamara_1.0.3_amd64.iso HTTP/1.1
> > Host: downloads.hamaralinux.org <http://downloads.hamaralinux.org>
> > User-Agent: curl/7.45.0
> > Accept: */*
> >
> < HTTP/1.1 301 Moved Permanently
> < Date: Tue, 13 Oct 2015 04:28:56 GMT
> < Server: Apache
> < Location:
> https://downloads.hamaralinux.org/final/hamara_1.0.3_amd64.iso
> < Content-Length: 270
> < Content-Type: text/html; charset=iso-8859-1
> <
> * Ignoring the response-body
> { [270 bytes data]
> ########################################################################
> 100.0%* Connection #0 to host downloads.hamaralinux.org
> <http://downloads.hamaralinux.org> left intact
> * Issue another request to this URL:
> 'https://downloads.hamaralinux.org/final/hamara_1.0.3_amd64.iso'
> * Found bundle for host downloads.hamaralinux.org
> <http://downloads.hamaralinux.org>: 0x560da04352d0
> * Trying 81.187.100.26...
> * Connected to downloads.hamaralinux.org
> <http://downloads.hamaralinux.org> (81.187.100.26) port 443 (#1)
> * found 180 certificates in /etc/ssl/certs/ca-certificates.crt
> * found 724 certificates in /etc/ssl/certs
> * ALPN, offering http/1.1
> * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
> * server certificate verification OK
> * server certificate status verification SKIPPED
> * common name: *.hamaralinux.org <http://hamaralinux.org>
> (matched)
> * server certificate expiration date OK
> * server certificate activation date OK
> * certificate public key: RSA
> * certificate version: #3
> * subject: OU=Domain Control Validated,CN=*.hamaralinux.org
> <http://hamaralinux.org>
> * start date: Tue, 01 Sep 2015 08:23:38 GMT
> * expire date: Thu, 29 Sep 2016 12:40:03 GMT
> * issuer: C=US,ST=Arizona,L=Scottsdale,O=GoDaddy.com\,
> Inc.,OU=http://certs.godaddy.com/repository/,CN=Go Daddy Secure
> Certificate Authority - G2
> * compression: NULL
> * ALPN, server did not agree to a protocol
> > GET /final/hamara_1.0.3_amd64.iso HTTP/1.1
> > Host: downloads.hamaralinux.org <http://downloads.hamaralinux.org>
> > User-Agent: curl/7.45.0
> > Accept: */*
> >
> < HTTP/1.1 200 OK
> < Date: Tue, 13 Oct 2015 04:28:58 GMT
> < Server: Apache
> < Last-Modified: Wed, 30 Sep 2015 10:27:33 GMT
> < ETag: "42800000-520f460e949e8"
> < Accept-Ranges: bytes
> < Content-Length: 1115684864
> < Content-Type: application/x-iso9660-image
> <
> { [8192 bytes data]
> #
> 1.5%
>
> $ ll -h debian-stretch-DI-alpha3-amd64-DVD-1.iso
> -rw-r--r-- 1 shirish shirish 30M Oct 13 10:11
> debian-stretch-DI-alpha3-amd64-DVD-1.iso
>
>
> See you all in the evening :)
>
>
> --
> Regards,
> Shirish Agarwal,
> Community Lead,
> Hamaralinux.org
>
>
>
> Hello Anant and Shirish,
>
> I was trying using the following command:
> $ curl http://downloads.hamaralinux.org/final/hamara_1.0.3_amd64.iso
> -o hamara_1.0.3_amd64.iso
>
> and when I am using same command with ubuntu its downloading the
> ubuntu image but not the hamara iso. Its simply return me to prompt.
>
> Hamara Image:
> *curl http://downloads.hamaralinux.org/final/hamara_1.0.3_amd64.iso -o
> hamara_1.0.3_amd64.iso*
> * % Total % Received % Xferd Average Speed Time Time
> Time Current*
> * Dload Upload Total Spent Left Speed*
> *100 270 100 270 0 0 512 0 --:--:-- --:--:-- --:--:--
> 511*
> *
> *
> But in case of Ubuntu image:
> *curl
> http://releases.ubuntu.com/14.04.3/ubuntu-14.04.3-desktop-amd64.iso -o
> ubuntu-14.04.3-desktop-amd64.iso*
> * % Total % Received % Xferd Average Speed Time Time
> Time Current*
> * Dload Upload Total Spent Left Speed*
> * 0 1006M 0 41354 0 0 19527 0 15:00:20 0:00:02
> 15:00:18 19534*
> *
> *
>
>
> Shirish thanks for the curl command for ignoring certificate problem,
> In wget I used --no-check-certificate and wget was also working with
> this option before Anant has fixed something in webserver. Now, after
> fixing that problem in case of wget download is working without
> -no-check-certificate option but still curl is not able to download
> with default options.
>
> Thanks
>
>
> --
> Akshat Singh
> [PG-8 IIITM-Kerala]
> Pune
>
> Mob.: +91-8806963718
> Webpage: home-akshatsingh.rhcloud.com/aks/
> <http://home-akshatsingh.rhcloud.com/aks/>
>
>
>
> _______________________________________________
> Hamara-devel mailing list
> Hamara-devel at lists.hamaralinux.org
> http://lists.hamaralinux.org/listinfo/hamara-devel
I just tried downloading with curl but using https url.
*curl https://downloads.hamaralinux.org/final/hamara_1.0.3_amd64.iso -o
hamara_1.0.3_amd64.iso*
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
2 1064M 2 25.8M 0 0 1742k 0 0:10:25 0:00:15 0:10:10
1918k^C
It starts straight away.
We don't need to ignore certificate because its from valid authority and
trust chain is vaild.
https://www.sslshopper.com/ssl-checker.html#hostname=downloads.hamaralinux.org
Thanks,
--
AMARDEEP SINGH
Hamara Architect
Team Hamara Linux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.hamaralinux.org/pipermail/hamara-devel/attachments/20151013/fd1f4ef7/attachment.html>
More information about the Hamara-devel
mailing list