While trying to help someone on ROS Answers with something related to downloading from packages.ros.org
, I ran into certificate issues trying to use wget
. The following is returned by wget
when I ask it to download a .deb
:
user@machine:/tmp$ wget -4 https://packages.ros.org/ros2/ubuntu/pool/main/p/python3-rospkg-modules/python3-rospkg-modules_1.2.8-1_all.deb
--2020-06-24 20:46:31-- https://packages.ros.org/ros2/ubuntu/pool/main/p/python3-rospkg-modules/python3-rospkg-modules_1.2.8-1_all.deb
Resolving packages.ros.org (packages.ros.org)... 64.50.233.100, 140.211.166.134, 64.50.236.52
Connecting to packages.ros.org (packages.ros.org)|64.50.233.100|:443... connected.
ERROR: no certificate subject alternative name matches
requested host name ‘packages.ros.org’.
To connect to packages.ros.org insecurely, use `--no-check-certificate'.
I’ve explicitly asked wget
to use IPv4 here, as I first thought the issue was with it trying to resolve IPv6 hostnames and not using the correct certificate.
Using sslabs.com
gives a similar warning (here): Certificate name mismatch.
I’ve checked to make sure the machine I’m testing this on is not missing any updates to ca-certificates
and related packages. Other machines give me the same result.
Browsers also complain about the hostname mismatch.
Edit: I know https
is not commonly used to download packages, and obviously http://
doesn’t have these problems.