delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2018/08/05/16:03:40

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:in-reply-to:references:from:date
:message-id:subject:to:content-type:content-transfer-encoding;
q=dns; s=default; b=qAP5z1XmHFqAS4ZrxPRsQHxS2iIYZvoLrjh+5tx9OWw
q9Ry2asvxh8E2ynwwa31Jro1X4OQ7JxP25HYfCMUUhukdxsGpj7GjkC0oo13fOpF
mpALaWu2V/y1bX3yST+i0Dmef8800coDlWQFaA1+0WzI+3PYEq5Rw5WFajhULovo
=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:mime-version:in-reply-to:references:from:date
:message-id:subject:to:content-type:content-transfer-encoding;
s=default; bh=5t8GXyAXf9HTNt9n+SXTPp8Gjfg=; b=mEqUQyus1sDD3ez0c
W/vySwN819lZiX0vxJ+3ag3/gjl0IMyPZGzQvo2VAaoFcvx5Czt/CwskK6oGUb87
bUbCcEq/GCl2Sbpr7nOsENYoKnu2p+rvqucSOkPfWuoHO8Ot2Sk189ScA5SBo+em
aPgNG7H1qmYLf1rWJfoH1dvFEc=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=0.6 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=Scott, alert, STATE, trusted
X-HELO: mail-qt0-f178.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=snje3jEzwAqhkY4EiLNtJjqNFL5K5jfcsC/2Z5IuqFc=; b=JJJgNkdnisa/BfmzKztS/tqkIFJkaxQ09t+2Kskt3hDXN94kVPJVr09JcYZ+znNo4h UpCNvSJ+CnC0YHxkZ3Pj9d/6aR0nWLpLMLPGFq6zq9nUaMpPZ6qTgFE+5xqv2io2o/o6 Pge7/e7YsJ1TMiLV0TB3mBUtIdfTT39/g+CS2HuHCfzAlpdvLIdgZigbEEZ0XFVkD250 PV8EEpdzuQFJYTwU3cgjIryI4HzXkpt+g2zQGBwc3loGn5ZlssjE/W6NABYPva7RX+zD 7LYDOLIugvJdfzWq1RuA1mGRkACu5516xatdGISqk/mXwhn6uJMwdGA/1X1wkAqTENep kzRA==
MIME-Version: 1.0
In-Reply-To: <bd0e6b94-9286-9e42-0efa-6ce8a9e2bd8d@gmail.com>
References: <1964416456 DOT 20180805201253 AT yandex DOT ru> <bd0e6b94-9286-9e42-0efa-6ce8a9e2bd8d AT gmail DOT com>
From: Csaba Raduly <rcsaba AT gmail DOT com>
Date: Sun, 5 Aug 2018 22:03:24 +0200
Message-ID: <CAEhDDbCE6BN+Ok-NnAS9JhxXa6mC5NYqsyFUMhLS+jZuYoe9tw@mail.gmail.com>
Subject: Re: wget does not recognize PKI?
To: cygwin list <cygwin AT cygwin DOT com>
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id w75K3d8W016207 

On Sun, Aug 5, 2018 at 7:36 PM, Marco Atzeri  wrote:
> Am 05.08.2018 um 19:12 schrieb Andrey Repin:
>>
>> Greetings, All!
>>
>> $ wget https://ca.rootdir.org/ca.crl
>> --2018-08-05 20:05:28--  https://ca.rootdir.org/ca.crl
>> Resolving ca.rootdir.org (ca.rootdir.org)... 192.168.1.6
>> Connecting to ca.rootdir.org (ca.rootdir.org)|192.168.1.6|:443...
>> connected.
>> ERROR: The certificate of ‘ca.rootdir.org’ is not trusted.
>> ERROR: The certificate of ‘ca.rootdir.org’ hasn't got a known issuer.
>>
>
>>
>> What's going on?
>>
>
> It seems not a cygwin issue:
>
> "This connection is not secure
>
> The owner of ca.rootdir.org did not properly configure the site. Firefox has
> not affiliated with this site to protect your information from theft."
>

And not just Firefox :

$ curl -v https://ca.rootdir.org/ca.crl
* STATE: INIT => CONNECT handle 0x600057990; line 1404 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x600057990; line 1440 (connection #0)
*   Trying 77.50.25.68...
* TCP_NODELAY set
* STATE: WAITRESOLVE => WAITCONNECT handle 0x600057990; line 1521
(connection #0)
* Connected to ca.rootdir.org (77.50.25.68) port 443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057990; line 1573
(connection #0)
* Marked for [keep alive]: HTTP default
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
  CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057990; line
1587 (connection #0)
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: self signed certificate in certificate chain
* Marked for [closure]: Failed HTTPS connection
* multi_done
* stopped the pause stream!
* Closing connection 0
* The cache now contains 0 members
* Expire cleared
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.



Csaba
-- 
You can get very substantial performance improvements
by not doing the right thing. - Scott Meyers, An Effective C++11/14 Sampler
So if you're looking for a completely portable, 100% standards-conformat way
to get the wrong information: this is what you want. - Scott Meyers (C++TDaWYK)

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019