From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by sourceware.org (Postfix) with ESMTPS id 34FA23858D1E for ; Tue, 19 Mar 2024 16:35:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 34FA23858D1E Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=SystematicSW.ab.ca Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=SystematicSW.ab.ca ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 34FA23858D1E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=216.40.44.17 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710866113; cv=none; b=H+6rxWRpf/kYn/tIYdQ4yP06ClKeZn7ZZCIsX9zq/hl5ql3bKadvgxVC3UnWnZ2rJG4b0JDTWy3bDejjCmUKLD46V3k4EqGHrIIyUwFFvq879/snAD/p9ghf3Nd97VNYRB03rAC7jbPAxgJd5CdXsKdhkrc+SFgXynX4TBBAwgA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710866113; c=relaxed/simple; bh=9wC+wsEgosub72y8bXYS86KSNhiJg0vi0G9SW98iurY=; h=Message-ID:Date:MIME-Version:Subject:To:From; b=mtyYbeme3b4i7L6TK++4dfyfTsS850VjpxtKB2YND+fmeCOzna+yhhhZLs/eaKssHQiBSwqlqx0yqIiO59NvF0TkuieA6jy3TrqaU2vLu9aD6iSzaH37H0ReizYOlxWvLMhXuuKrB8nYY4TCy5N+uW4P+pNOL0GAHGpPIbxI+lo= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from omf14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 95AB2A06A4 for ; Tue, 19 Mar 2024 16:35:09 +0000 (UTC) Received: from [HIDDEN] (Authenticated sender: Brian.Inglis@SystematicSW.ab.ca) by omf14.hostedemail.com (Postfix) with ESMTPA id 2062332 for ; Tue, 19 Mar 2024 16:35:07 +0000 (UTC) Message-ID: Date: Tue, 19 Mar 2024 10:35:06 -0600 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Reply-To: cygwin@cygwin.com Subject: Re: Getting error 60 of curl to cygwin setup Content-Language: en-CA To: cygwin@cygwin.com References: <87msquxqua.fsf@> From: Brian Inglis Organization: Systematic Software In-Reply-To: <87msquxqua.fsf@> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 2062332 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,KAM_DMARC_STATUS,KAM_EXEURI,KAM_SHORT,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6 X-Stat-Signature: kfuwtx39rpuqjx69byz7axg5seerph9x X-Rspamd-Server: rspamout04 X-Session-Marker: 427269616E2E496E676C69734053797374656D6174696353572E61622E6361 X-Session-ID: U2FsdGVkX1/+hw4RboebeHTTl/71BmRJJcaz9yWZV7o= X-HE-Tag: 1710866107-693039 X-HE-Meta: U2FsdGVkX1/XdoCvzyZ1SObJAGRS19nkaS2cQa72HH7S48bxtZiIuDLeldqCDsoG4t8jO4wzPtYkcVkSNwArNk7TMSAUqyh1n/ZAqmjWr29QGZWM40wdXF+/fur/ThYWUV4hzBxnxM1XoMYkB4jcTfv2U0/SqMhv0TtQr9/6DxeHEpuecAsOLoyIummTHMh2cUBkRSfIBGm8/rQlIyzrbSGy445quV2khQdk9IUaQ/VraIgnVg5UjRHBK4NFlla4Hl1w23mVBvgIKRziUI90KLc8kpZsXiIqpEGhF8M9DpcbZu39BERdT8j9WHoFyO7WocjQev+Pu4LCgYtFIYql4dktTfEvP+AP9JHCD4XYqqEzYt/GfHnXp6QgPv8gNZt390HHwIEwoFA/cFXhC0+xFvRe3ca/FEelCcGJL7mcysyqq/TTnpM1f9b6mSEG+nAsuO/g6J/P2iCy+zvQkU0goqz0BDcNJihL40dNFxCNW737W82iiOA+VZ5o+AQqifjjskQP1RyK71g= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2024-03-19 08:02, ASSI via Cygwin wrote: > J M via Cygwin writes: >> $ curl -vvvv -O https://cygwin.com/setup-x86_64.exe >> % Total % Received % Xferd Average Speed Time Time Time >> Current >> Dload Upload Total Spent Left >> Speed >> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- >> 0* Host cygwin.com:443 was resolved. >> * IPv6: (none) >> * IPv4: 8.43.85.97 >> * Trying 8.43.85.97:443... >> * Connected to cygwin.com (8.43.85.97) port 443 >> * ALPN: curl offers h2,http/1.1 >> } [5 bytes data] >> * TLSv1.3 (OUT), TLS handshake, Client hello (1): >> } [512 bytes data] >> * CAfile: /etc/pki/tls/certs/ca-bundle.crt >> * CApath: none >> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- >> 0{ [5 bytes data] >> * TLSv1.3 (IN), TLS handshake, Server hello (2): >> { [70 bytes data] >> * TLSv1.2 (IN), TLS handshake, Certificate (11): >> { [1023 bytes data] >> * TLSv1.2 (OUT), TLS alert, unknown CA (560): >> } [2 bytes data] >> * SSL certificate problem: unable to get local issuer certificate >> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- >> 0 >> * Closing connection >> curl: (60) SSL certificate problem: unable to get local issuer certificate >> More details here: https://curl.se/docs/sslcerts.html >> >> curl failed to verify the legitimacy of the server and therefore could not >> establish a secure connection to it. To learn more about this situation and >> how to fix it, please visit the web page mentioned above. > > Either your cert store is corrupt or something is breaking up the SSL > connection via MITM. What do you see when you run these commands: $ file /etc/pki/tls/certs/* /etc/pki/tls/certs/ca-bundle.crt: symbolic link to /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/tls/certs/ca-bundle.trust.crt: symbolic link to /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt $ grep -c '^-----BEGIN.*CERTIFICATE-----$' /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem} /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:380 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem:124 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem:301 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:156 $ grep '^#\s\(ISRG\|R3\)' /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem} /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X1 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X2 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# R3 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X1 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X2 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# R3 -- Take care. Thanks, Brian Inglis Calgary, Alberta, Canada La perfection est atteinte Perfection is achieved non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut -- Antoine de Saint-Exupéry