I notice this with wget when I try to go to a https site on armv7. I have no issues on aarch64. Both use the same version of wget 1.21.3-1. I posted to the wget mailing list to see if I could figure out how to help, but this is beyond my capabilities. In the mean time, up till recently, I had a patch that I could apply that allowed wget to use a certificate, but no more.
aarch64:
$this->bbcode_second_pass_code('', '# wget --force-html --spider --connect-timeout=1 --timeout=10 --tries=2 https://www.google.com
Spider mode enabled. Check if remote file exists.
--2023-01-24 17:43:24-- https://www.google.com/
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving www.google.com (www.google.com)... 142.250.190.132, 2607:f8b0:4009:802::2004
Connecting to www.google.com (www.google.com)|142.250.190.132|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Remote file exists and could contain further links,
but recursion is disabled -- not retrieving.
# pacman -Q | grep wget
wget 1.21.3-1
')
armv7
$this->bbcode_second_pass_code('', '# wget --force-html --spider --connect-timeout=1 --timeout=10 --tries=2 https://www.google.com
Spider mode enabled. Check if remote file exists.
--2023-01-24 17:42:38-- https://www.google.com/
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving www.google.com (www.google.com)... 142.250.190.132, 2607:f8b0:4009:802::2004
Connecting to www.google.com (www.google.com)|142.250.190.132|:443... connected.
The certificate has not yet been activated
The certificate has expired
# pacman -Q | grep wget
wget 1.21.3-1')
The time shows as synced on both machines. Back in June 2022, the wget group responded saying there is some sort of 64 bit 32 bit time mismatch in one of the libraries wget uses.
$this->bbcode_second_pass_code('', 'So it will be some glitch between wget sources, wget configure scripts, and Arch toolchain (compiler and libc). It's also possible that toolchains there default to a different ABI with variables (int, time_t, long int, etc.) of different size.')
Back in June, If I used this patch and built wget, I was able to interact with https sites, though this patch was identified as 'works but wrong'
$this->bbcode_second_pass_code('', 'diff -ru wget-1.21.3.org/src/gnutls.c wget-1.21.3/src/gnutls.c
--- wget-1.21.3.org/src/gnutls.c 2022-02-26 15:47:42.000000000 +0100
+++ wget-1.21.3/src/gnutls.c 2022-06-21 20:51:40.244552644 +0200
@@ -1085,7 +1085,7 @@
logprintf (LOG_NOTQUIET, _("The certificate has not yet been activated\n"));
success = false;
}
- if (now >= gnutls_x509_crt_get_expiration_time (cert))
+ if (now >= (unsigned long) gnutls_x509_crt_get_expiration_time (cert))
{
logprintf (LOG_NOTQUIET, _("The certificate has expired\n"));
success = false;')
If I build today with this patch, I get 6 failed tests so I need to build it without running the tests (comment this section of the PKGBUILD) and when I install the resulting binary, wget still does not work with https:
$this->bbcode_second_pass_code('', '# wget --force-html --spider --connect-timeout=1 --timeout=10 --tries=2 https://www.google.com
Spider mode enabled. Check if remote file exists.
--2023-01-24 18:44:56-- https://www.google.com/
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving www.google.com (www.google.com)... 142.250.190.36, 2607:f8b0:4009:802::2004
Connecting to www.google.com (www.google.com)|142.250.190.36|:443... connected.
The certificate has not yet been activated
')
With his patch, I get 'not yet been activated' with the default package, I got this *and* 'expired'...
Confused