On 2024-03-19 08:02, ASSI via Cygwin wrote:
J M via Cygwin writes:
$ curl -vvvv -O https://cygwin.com/setup-x86_64.exe
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0* Host cygwin.com:443 was resolved.
* IPv6: (none)
* IPv4: 8.43.85.97
* Trying 8.43.85.97:443...
* Connected to cygwin.com (8.43.85.97) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [70 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [1023 bytes data]
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
} [2 bytes data]
* SSL certificate problem: unable to get local issuer certificate
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0
* Closing connection
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Either your cert store is corrupt or something is breaking up the SSL
connection via MITM.
What do you see when you run these commands:
$ file /etc/pki/tls/certs/*
/etc/pki/tls/certs/ca-bundle.crt: symbolic link to
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
/etc/pki/tls/certs/ca-bundle.trust.crt: symbolic link to
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
$ grep -c '^-----BEGIN.*CERTIFICATE-----$'
/etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:380
/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem:124
/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem:301
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:156
$ grep '^#\s\(ISRG\|R3\)' /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X1
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X2
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# R3
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X1
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X2
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# R3
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
