From: Brian Inglis <Brian.Inglis@SystematicSW.ab.ca>
To: cygwin@cygwin.com
Subject: Re: Getting error 60 of curl to cygwin setup
Date: Tue, 19 Mar 2024 10:35:06 -0600 [thread overview]
Message-ID: <b974409a-308f-4ed8-b344-7a94fcc22601@SystematicSW.ab.ca> (raw)
In-Reply-To: <87msquxqua.fsf@>
On 2024-03-19 08:02, ASSI via Cygwin wrote:
> J M via Cygwin writes:
>> $ curl -vvvv -O https://cygwin.com/setup-x86_64.exe
>> % Total % Received % Xferd Average Speed Time Time Time
>> Current
>> Dload Upload Total Spent Left
>> Speed
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
>> 0* Host cygwin.com:443 was resolved.
>> * IPv6: (none)
>> * IPv4: 8.43.85.97
>> * Trying 8.43.85.97:443...
>> * Connected to cygwin.com (8.43.85.97) port 443
>> * ALPN: curl offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> * CApath: none
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
>> 0{ [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [70 bytes data]
>> * TLSv1.2 (IN), TLS handshake, Certificate (11):
>> { [1023 bytes data]
>> * TLSv1.2 (OUT), TLS alert, unknown CA (560):
>> } [2 bytes data]
>> * SSL certificate problem: unable to get local issuer certificate
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
>> 0
>> * Closing connection
>> curl: (60) SSL certificate problem: unable to get local issuer certificate
>> More details here: https://curl.se/docs/sslcerts.html
>>
>> curl failed to verify the legitimacy of the server and therefore could not
>> establish a secure connection to it. To learn more about this situation and
>> how to fix it, please visit the web page mentioned above.
>
> Either your cert store is corrupt or something is breaking up the SSL
> connection via MITM.
What do you see when you run these commands:
$ file /etc/pki/tls/certs/*
/etc/pki/tls/certs/ca-bundle.crt: symbolic link to
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
/etc/pki/tls/certs/ca-bundle.trust.crt: symbolic link to
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
$ grep -c '^-----BEGIN.*CERTIFICATE-----$'
/etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:380
/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem:124
/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem:301
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:156
$ grep '^#\s\(ISRG\|R3\)' /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X1
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X2
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# R3
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X1
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X2
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# R3
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
next prev parent reply other threads:[~2024-03-19 16:35 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-18 21:21 J M
2024-03-18 22:19 ` Brian Inglis
2024-03-19 13:00 ` J M
2024-03-19 14:02 ` ASSI
2024-03-19 16:35 ` Brian Inglis [this message]
[not found] ` <CAL8MddXD4r6UgM=TGk2DnMGYhi4_knTGc2qwGAPM+SCnrPO9sA@mail.gmail.com>
2024-03-19 17:39 ` Brian Inglis
[not found] ` <CAL8MddVR8iubKwiCCZEDvePdPPVfjkF0S-wHgAJuya5nkX=8Tg@mail.gmail.com>
2024-03-19 20:00 ` Brian Inglis
[not found] ` <CAL8MddX3z3iqpB-_YbbAH9O+u__0y4udc84OL4HkAKAfCGpefA@mail.gmail.com>
2024-03-20 0:01 ` Brian Inglis
2024-03-22 15:49 ` J M
2024-03-22 16:13 ` Brian Inglis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b974409a-308f-4ed8-b344-7a94fcc22601@SystematicSW.ab.ca \
--to=brian.inglis@systematicsw.ab.ca \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).