Re: Getting error 60 of curl to cygwin setup

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Brian Inglis <Brian.Inglis@SystematicSW.ab.ca>
To: cygwin@cygwin.com
Subject: Re: Getting error 60 of curl to cygwin setup
Date: Tue, 19 Mar 2024 10:35:06 -0600	[thread overview]
Message-ID: <b974409a-308f-4ed8-b344-7a94fcc22601@SystematicSW.ab.ca> (raw)
In-Reply-To: <87msquxqua.fsf@>

On 2024-03-19 08:02, ASSI via Cygwin wrote:
> J M via Cygwin writes:
>> $ curl -vvvv -O https://cygwin.com/setup-x86_64.exe
>>    % Total    % Received % Xferd  Average Speed   Time    Time     Time
>>   Current
>>                                   Dload  Upload   Total   Spent    Left
>>   Speed
>>    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>>    0* Host cygwin.com:443 was resolved.
>> * IPv6: (none)
>> * IPv4: 8.43.85.97
>> *   Trying 8.43.85.97:443...
>> * Connected to cygwin.com (8.43.85.97) port 443
>> * ALPN: curl offers h2,http/1.1
>> } [5 bytes data]
>> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>> } [512 bytes data]
>> *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
>> *  CApath: none
>>    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>>    0{ [5 bytes data]
>> * TLSv1.3 (IN), TLS handshake, Server hello (2):
>> { [70 bytes data]
>> * TLSv1.2 (IN), TLS handshake, Certificate (11):
>> { [1023 bytes data]
>> * TLSv1.2 (OUT), TLS alert, unknown CA (560):
>> } [2 bytes data]
>> * SSL certificate problem: unable to get local issuer certificate
>>    0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>>    0
>> * Closing connection
>> curl: (60) SSL certificate problem: unable to get local issuer certificate
>> More details here: https://curl.se/docs/sslcerts.html
>>
>> curl failed to verify the legitimacy of the server and therefore could not
>> establish a secure connection to it. To learn more about this situation and
>> how to fix it, please visit the web page mentioned above.
> 
> Either your cert store is corrupt or something is breaking up the SSL
> connection via MITM.

What do you see when you run these commands:

$ file /etc/pki/tls/certs/*
/etc/pki/tls/certs/ca-bundle.crt:       symbolic link to 
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
/etc/pki/tls/certs/ca-bundle.trust.crt: symbolic link to 
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
$ grep -c '^-----BEGIN.*CERTIFICATE-----$' 
/etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:380
/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem:124
/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem:301
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:156
$ grep '^#\s\(ISRG\|R3\)' /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X1
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X2
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# R3
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X1
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X2
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# R3

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry

next prev parent reply	other threads:[~2024-03-19 16:35 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-18 21:21 J M
2024-03-18 22:19 ` Brian Inglis
2024-03-19 13:00   ` J M
2024-03-19 14:02     ` ASSI
2024-03-19 16:35       ` Brian Inglis [this message]
     [not found]         ` <CAL8MddXD4r6UgM=TGk2DnMGYhi4_knTGc2qwGAPM+SCnrPO9sA@mail.gmail.com>
2024-03-19 17:39           ` Brian Inglis
     [not found]             ` <CAL8MddVR8iubKwiCCZEDvePdPPVfjkF0S-wHgAJuya5nkX=8Tg@mail.gmail.com>
2024-03-19 20:00               ` Brian Inglis
     [not found]                 ` <CAL8MddX3z3iqpB-_YbbAH9O+u__0y4udc84OL4HkAKAfCGpefA@mail.gmail.com>
2024-03-20  0:01                   ` Brian Inglis
2024-03-22 15:49                     ` J M
2024-03-22 16:13                       ` Brian Inglis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b974409a-308f-4ed8-b344-7a94fcc22601@SystematicSW.ab.ca \
    --to=brian.inglis@systematicsw.ab.ca \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).