Fink provides a wget package that installs Wget. It includes SSL (https) support provided by Mac OS built-in OpenSSL. There’s a problem with that, though: on Mac OS versions earlier than 10.6, Apple’s OpenSSL doesn’t use the trusted root certificates available on the system (the ones listed by Keychain.app), so it is not able to validate SSL certificates on its own. Note that OpenSSL itself (independently of being shipped with Mac OS) isn’t distributed with root certificates by default.
Because of this, on Mac OS versions earlier than 10.6 the command
ERROR: cannot verify fedorahosted.org's certificate, issued by `/C=US/O=Equifax/OU=Equifax Secure Certificate Authority': Unable to locally verify the issuer's authority. To connect to fedorahosted.org insecurely, use `--no-check-certificate'. Unable to establish SSL connection.
There are a couple of options to circumvent this. As the error message says, it’s possible to use –no-check-certificate, which is insecure. Another option is –ca-certificate=file where file is a bundle of trusted certification authority certificates. Fink provides a package called ca-bundle that installs a convenient file containing a bundle of CA certificates commonly used by open source Web browsers. After running
fink install ca-bundle
you should be able to use /sw/etc/ssl/certs/ca-bundle.crt with Wget:
wget --ca-certificate=/sw/etc/ssl/certs/ca-bundle.crt \ https://fedorahosted.org
Fortunately, you may specify that option in one of Wget’s startup files (e.g. $HOME/.wgetrc or /sw/etc/wgetrc) by adding the following line to your startup file of choice:
ca_certificate = /sw/etc/ssl/certs/ca-bundle.crt
And voilà!, you may use wget as usual:
This is particularly useful if you’re using Wget as your DownloadMethod and Fink needs to download a source file from an https URL.