From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by sourceware.org (Postfix) with ESMTPS id 79B503858D1E for ; Tue, 19 Mar 2024 17:39:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 79B503858D1E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=systematicsw.ab.ca Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=systematicsw.ab.ca ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 79B503858D1E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=216.40.44.11 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710869956; cv=none; b=E/Fzf596ROHQQsTC7gg6hH7H1VckCo0rAvJRwx6V+q7WIGWGGi0rZ+TVPInAU2ZOuJEAtyxa9Y4CYs3pJGGdaOe6T1YS/PfTlVHYs59aQvSKYGpw/BNvnb+PJD5QX9Lmb68wz9YF0LAK6xE/FTCyz+VaHtTkawjWQZ9LtUl4cNY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710869956; c=relaxed/simple; bh=r6SN182Z2tG9Si/H22cUMbTqTkyL9RcsxtO/auM0IqY=; h=Message-ID:Date:MIME-Version:From:Subject:To; b=IX0Ty3cTN+zuIoyPWmYsnp0rBg6bicZaMhLxTUVPHJcYpGFE2KoWxs8QlF0+50D7xh7gPKEr5oQSoqLmXLFRrYSkUe0Bo98vbaat3qq18q9RCo4RL+bt2bfE553lmodHa4RQWwo7sPTtTXWtx2Oo5N1uojfBbUbyTLedc2Rnu/8= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from omf13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 78E15C1053 for ; Tue, 19 Mar 2024 17:39:13 +0000 (UTC) Received: from [HIDDEN] (Authenticated sender: Brian.Inglis@SystematicSW.ab.ca) by omf13.hostedemail.com (Postfix) with ESMTPA id E3E8920016 for ; Tue, 19 Mar 2024 17:39:10 +0000 (UTC) Message-ID: <262b6dbc-fe19-4453-8546-55985021a567@systematicsw.ab.ca> Date: Tue, 19 Mar 2024 11:39:10 -0600 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Brian Inglis Reply-To: cygwin@cygwin.com Subject: Re: Getting error 60 of curl to cygwin setup Content-Language: en-CA To: cygwin@cygwin.com References: Organization: Systematic Software In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: E3E8920016 X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_00,KAM_BADIPHTTP,KAM_DMARC_STATUS,KAM_SHORT,NORMAL_HTTP_TO_IP,NUMERIC_HTTP_ADDR,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6 X-Stat-Signature: zmn3baop31sbkfwiuk7k4z11jhkx5pb8 X-Rspamd-Server: rspamout04 X-Session-Marker: 427269616E2E496E676C69734053797374656D6174696353572E61622E6361 X-Session-ID: U2FsdGVkX1+ewGcKuDisfAGVjT1YPODTLvTpbe6dvJ8= X-HE-Tag: 1710869950-207009 X-HE-Meta: U2FsdGVkX1/JYpKJGsstOBwN20vtlo3SMGk9dY/wMjqaktAKDkurUNX7SHy2WWDQeoYrd4LXLaWSR8imwVYx8kPB91FF2aZJg+ATbX6ruNtruSkkw8p2RxP7VXZ3ej6zAXfsZA9d1v04XB6Ek8RWvKfau4U2VqAhA/VbAQCpDb6OjFYWrplNntmfc9XaRKI58UvhJp+h0N8dlVAf9QHjwJnHv91u9i0CUfHpr1Y04DFoNyb2+f0Znso+9RxgIcSL8ByxzuKN2eWD/JZU5/XWYvICizueZYMgLnXGfpfrXBJDCB1pWtx4kSIbFZK2LdyYV4Cx6dsWZUoS4LyREhD+h5JLBogp/hjtPAFcDJZo9OJdc5osUSZpj7QlWVmlsp4kLQZqveoo2aGwjxoJUGivWRVxfQDi2gxhAUFvpgDuxViQdzcsrcnPMw1gjM4RNwllwMDMGu8+viMf034wYwYMAqT4RFDV9YbA7faTP/Hm1zU0jRMh9NdjgZcwpKlH2TBdqEOQ744W/Hlvn2zJhLTJ0ZGB7ikQAG1SFn9CmGheCxRJYlDDhLkGgNZKtJgRz0K41MPHFZKRhYqeH/18DtcMz1pBh24JcKXatWpKwxeM4pPkYXsdcg0ldfkzzHuQNzjevqnTkcv3UUdDTF8VFO3prc99IR0Sxn52O30DhrW2wfk= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2024-03-19 11:00, J M wrote: > $ file /etc/pki/tls/certs/* > /etc/pki/tls/certs/ca-bundle.crt:       symbolic link to > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem > /etc/pki/tls/certs/ca-bundle.trust.crt: symbolic link to > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt > > $ grep -c '^-----BEGIN.*CERTIFICATE-----$' > /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem} > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:369 > /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem:116 > /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem:295 > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:145 > > $ grep '^#\s\(ISRG\|R3\)' /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem} > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X1 > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X2 > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# R3 > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X1 > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X2 > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# R3 > > Looks the same except the matched number lines of the grep -c. > > $ sum /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt > /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem > /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem > 22972   630 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt > 34027   176 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem > 36930   491 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem > 05844   220 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem The following are a bit more useful: $ wc -lwmcL /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem} 11307 14152 664107 664142 65 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt 3368 4080 193879 193883 64 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem 8816 10434 512531 512566 65 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem 4236 5094 243623 243627 64 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem 27727 33760 1614140 1614218 65 total $ cksum /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem} 317625824 664142 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt 382586407 193883 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem 1244815702 512566 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem 1065593997 243627 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem I would also like to see what you get running: $ curl -Iv https://8.43.85.97/ * Trying 8.43.85.97:443... * Connected to 8.43.85.97 (8.43.85.97) port 443 * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 / RSASSA-PSS * ALPN: server accepted h2 * Server certificate: * subject: CN=cygwin.com * start date: Jan 21 03:06:49 2024 GMT * expire date: Apr 20 03:06:48 2024 GMT * subjectAltName does not match 8.43.85.97 * SSL: no alternative certificate subject name matches target host name '8.43.85.97' * Closing connection * TLSv1.2 (OUT), TLS alert, close notify (256): curl: (60) SSL: no alternative certificate subject name matches target host name '8.43.85.97' More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. and: $ curl -Iv https://cygwin.com/ * Host cygwin.com:443 was resolved. * IPv6: 2620:52:3:1:0:246e:9693:128c * IPv4: 8.43.85.97 * Trying [2620:52:3:1:0:246e:9693:128c]:443... * Connected to cygwin.com (2620:52:3:1:0:246e:9693:128c) port 443 * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 / RSASSA-PSS * ALPN: server accepted h2 * Server certificate: * subject: CN=cygwin.com * start date: Jan 21 03:06:49 2024 GMT * expire date: Apr 20 03:06:48 2024 GMT * subjectAltName: host "cygwin.com" matched cert's "cygwin.com" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. * Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * using HTTP/2 * [HTTP/2] [1] OPENED stream for https://cygwin.com/ * [HTTP/2] [1] [:method: HEAD] * [HTTP/2] [1] [:scheme: https] * [HTTP/2] [1] [:authority: cygwin.com] * [HTTP/2] [1] [:path: /] * [HTTP/2] [1] [user-agent: curl/8.6.0] * [HTTP/2] [1] [accept: */*] > HEAD / HTTP/2 > Host: cygwin.com > User-Agent: curl/8.6.0 > Accept: */* > < HTTP/2 200 HTTP/2 200 < date: Tue, 19 Mar 2024 17:32:27 GMT date: Tue, 19 Mar 2024 17:32:27 GMT < server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.74 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3 server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.74 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3 < vary: User-Agent,Accept-Encoding vary: User-Agent,Accept-Encoding < accept-ranges: bytes accept-ranges: bytes < content-security-policy: default-src 'self' http: https: content-security-policy: default-src 'self' http: https: < strict-transport-security: max-age=16070400 strict-transport-security: max-age=16070400 < content-type: text/html; charset=UTF-8 content-type: text/html; charset=UTF-8 < * Connection #0 to host cygwin.com left intact Suggest you try to redownload and rerun setup-x86_64, reinstall the latest ca-certificates-letsencrypt and ca-certificates packages, check /var/log/setup.log.full, and rerun wc and cksum. -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry