Greetings, Csaba Raduly! > On Sun, Aug 5, 2018 at 7:36 PM, Marco Atzeri wrote: >> Am 05.08.2018 um 19:12 schrieb Andrey Repin: >>> >>> Greetings, All! >>> >>> $ wget https://ca.rootdir.org/ca.crl >>> --2018-08-05 20:05:28-- https://ca.rootdir.org/ca.crl >>> Resolving ca.rootdir.org (ca.rootdir.org)... 192.168.1.6 >>> Connecting to ca.rootdir.org (ca.rootdir.org)|192.168.1.6|:443... >>> connected. >>> ERROR: The certificate of ‘ca.rootdir.org’ is not trusted. >>> ERROR: The certificate of ‘ca.rootdir.org’ hasn't got a known issuer. >>> >> >>> >>> What's going on? >>> >> >> It seems not a cygwin issue: >> >> "This connection is not secure >> >> The owner of ca.rootdir.org did not properly configure the site. Firefox has >> not affiliated with this site to protect your information from theft." >>
As I said, the root CA certificate is properly installed. > And not just Firefox : > $ curl -v https://ca.rootdir.org/ca.crl $ curl -v https://ca.rootdir.org/ca.crl * STATE: INIT => CONNECT handle 0x600057ac0; line 1404 (connection #-5000) * Added connection 0. The cache now contains 1 members * STATE: CONNECT => WAITRESOLVE handle 0x600057ac0; line 1440 (connection #0) * Trying 192.168.1.6... * TCP_NODELAY set * STATE: WAITRESOLVE => WAITCONNECT handle 0x600057ac0; line 1521 (connection #0) * Connected to ca.rootdir.org (192.168.1.6) port 443 (#0) * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057ac0; line 1573 (connection #0) * Marked for [keep alive]: HTTP default * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: /etc/ssl/certs * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057ac0; line 1587 (connection #0) * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=RU; ST=RF; L=Moscow; CN=Rootdir CA webserver * start date: Nov 21 17:47:29 2017 GMT * expire date: Nov 22 17:47:29 2018 GMT * subjectAltName: host "ca.rootdir.org" matched cert's "ca.rootdir.org" * issuer: C=RU; L=Moscow; CN=Andrey Repin; emailAddress=anrdae...@rootdir.org * SSL certificate verify ok. * STATE: PROTOCONNECT => DO handle 0x600057ac0; line 1608 (connection #0) * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x600057ac0) > GET /ca.crl HTTP/2 > Host: ca.rootdir.org > User-Agent: curl/7.59.0 > Accept: */* > * STATE: DO => DO_DONE handle 0x600057ac0; line 1670 (connection #0) * multi changed, check CONNECT_PEND queue! * STATE: DO_DONE => WAITPERFORM handle 0x600057ac0; line 1795 (connection #0) * STATE: WAITPERFORM => PERFORM handle 0x600057ac0; line 1811 (connection #0) * Connection state changed (MAX_CONCURRENT_STREAMS == 128)! * multi changed, check CONNECT_PEND queue! * HTTP/2 found, allow multiplexing < HTTP/2 200 < server: nginx/1.14.0 < date: Mon, 06 Aug 2018 09:41:25 GMT < content-type: application/octet-stream < content-length: 872 < last-modified: Sun, 05 Aug 2018 16:51:59 GMT < etag: "5b672b2f-368" < accept-ranges: bytes < Warning: Binary output can mess up your terminal. Use "--output -" to tell Warning: curl to output it to your terminal anyway, or consider "--output Warning: <FILE>" to save to a file. * Failed writing body (0 != 872) * Kill stream: Transfer returned error * multi_done * Connection #0 to host ca.rootdir.org left intact * Expire cleared [23]anrdaemon@daemon2:xterm:~ $ "$( which curl )" --version curl 7.59.0 (x86_64-unknown-cygwin) libcurl/7.59.0 OpenSSL/1.0.2o zlib/1.2.11 libidn2/2.0.4 libpsl/0.18.0 (+libidn2/2.0.2) libssh2/1.7.0 nghttp2/1.31.0 Release-Date: 2018-03-14 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS Debug IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL Metalink -- With best regards, Andrey Repin Monday, August 6, 2018 12:41:08 Sorry for my terrible english... -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
