I have possibly the same problem as that older question; I copied the url to a windows 10 installation. result:

  wget "http://nominatim.openstreetmap.org/reverse?format=xml&limit=1&addressdetails=1&zoom=18&email=&lat=-0.24136&lon=98.48281"
    --21:36:57--  http://nominatim.openstreetmap.org/reverse?format=xml&limit=1&addressdetails=1&zoom=18&email=&lat=-0.24136&lon=98.48281
               => `reverse@format=xml&limit=1&addressdetails=1&zoom=18&email=&lat=-0.24136&lon=98.48281'
    Resolving nominatim.openstreetmap.org... done.
    Connecting to nominatim.openstreetmap.org[130.117.76.9]:80... connected.
    HTTP request sent, awaiting response... 301 Moved Permanently
    Location: https://nominatim.openstreetmap.org/reverse?format=xml&limit=1&addressdetails=1&zoom=18&email=&lat=-0.24136&lon=98.48281 [following]
    --21:36:57--  https://nominatim.openstreetmap.org/reverse?format=xml&limit=1&addressdetails=1&zoom=18&email=&lat=-0.24136&lon=98.48281
               => `reverse@format=xml&limit=1&addressdetails=1&zoom=18&email=&lat=-0.24136&lon=98.48281'
    Connecting to nominatim.openstreetmap.org[130.117.76.9]:443... connected.

    Unable to establish SSL connection.

    Unable to establish SSL connection.

I also tried direct https:

wget "https://nominatim.openstreetmap.org/reverse?format=xml&limit=1&addressdetails=1&zoom=18&email=&lat=-0.24136&lon=98.48281"
--21:39:27--  https://nominatim.openstreetmap.org/reverse?format=xml&limit=1&addressdetails=1&zoom=18&email=&lat=-0.24136&lon=98.48281
           => `reverse@format=xml&limit=1&addressdetails=1&zoom=18&email=&lat=-0.24136&lon=98.48281'
Resolving nominatim.openstreetmap.org... done.
Connecting to nominatim.openstreetmap.org[130.117.76.9]:443... connected.

Unable to establish SSL connection.

Unable to establish SSL connection.

What is the problem here? In a browser on the same machine the same URls succseed.

asked 27 Nov, 20:44

stefanwoe's gravatar image

stefanwoe
462
accept rate: 0%

converted to question 27 Nov, 20:54

aseerel4c26's gravatar image

aseerel4c26 ♦
31.6k15234541

1

The GNU Wget documentation says you can add --debug to the wget command line to get more detailed debugging information. Does this give any useful information? Please edit your question to include the result it shows when you try this.

(28 Nov, 03:43) Krubo

I guess you do not have the same problem. Rather your wget cannot establish the SSL connection - which may be due to a variety of reasons. Default output of wget is already verbose mode, so we cannot get more details of the logging.

I guess the problem may be that your wget does not have the right CA certificate available. In my wget output (on linux) I see an additional line Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'. I would have expected a different error message from wget, though. Can you successfully use wget with other https URLs?

Anyway: Do not use Windows! ;-)

permanent link

answered 27 Nov, 21:04

aseerel4c26's gravatar image

aseerel4c26 ♦
31.6k15234541
accept rate: 18%

edited 27 Nov, 21:10

Hello aseerel4c26, thanks for your answer.

My original goal is it, to get nominatim access from a windows applications, where users can search for places etc. We are doing this since many years quite well with other providers (with google, bing, mapquest etc.) and i wanted to add nominatim as well. This is a c++ application on windows using boost::asio for https / https access. https works well for all other services. But using nominatim i get the same results as using wget.

Any hint what i can do here?

And yes: wget works coorect with other https URLs

(27 Nov, 21:12) stefanwoe

That's nice to add nominatim. Nominatim has a Let's encrypt cert, just to rule out this specialty (in case your CA certs are a bit outdated), try --no-check-certificate as additional parameter for wget.

Side note: Please obey https://operations.osmfoundation.org/policies/nominatim/ .

Just by chance: if you already tried many many times from your IP your access may (although I would expect the block to happen after the establishment of the SSL connection) be blocked due to policy violation. Try to set a useful user agent for wget'S request - maybe your mail address or your application's (unique) name.

(27 Nov, 21:24) aseerel4c26 ♦

i use wget from unixutils (GNU Wget 1.8.2) it does not accept a parameter like --no-check-certificate. Also in our application we do not check any certificates.

I doubt that i was blocked - all calls in the browser succeed without problems.

(27 Nov, 21:56) stefanwoe

wget 1.8.2 is from 2002. Due to its age it can't have support for TLS >= 1.1. All previous TLS/SSL versions are outdated and insecure. Update your software for your own sake.

(28 Nov, 07:23) scai ♦

Ouch! I use GNU Wget 1.19.5 -- your version is (according to https://ftp.gnu.org/gnu/wget/ ) from year 2002. That's quite stone age - in 2002 TLS 1.0 was current and possibly the highest TLS version supported by your wget version. According to ssllabs the nominatim server would still support TLS 1.0. However, please update your wget (and then post the debug log as suggested by Krubo).

(28 Nov, 07:38) aseerel4c26 ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×517
×6

question asked: 27 Nov, 20:44

question was seen: 149 times

last updated: 30 Nov, 07:16

powered by OSQA