2 comments

[ 3.1 ms ] story [ 12.6 ms ] thread
This doesn't look like much of anything. It's certainly not wget "thinking github is a threat." That cert says it's for subdomains of github.com, not the root domain. He isn't accessing a subdomain, so the cert doesn't apply. If he'd used www.github.com, it would have worked.
Actually, the cert does apply, because 'github.com' is explicitly listed in the subjectAltName extension. (Names in that extension are considered valid alternatives to the common name in the subject; see RFC 5280 4.2.1.6.) It really is a wget bug, or more likely an OpenSSL bug.