| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:in-reply-to:references:from:date | |
| :message-id:subject:to:content-type:content-transfer-encoding; | |
| q=dns; s=default; b=pX5nA9/CtLZdQyxQwuPzk8jGQvxWmtrjDwZAJQYuYUC | |
| 4XzEktycHuVjKYINw1jFzYDwO3VclxPY6RV20mWDlg+qpCuE0o5lJS0PcIFxzHv1 | |
| GY8a+0gywKbBn2enFnAv8kHPHe2k+9LPrSecPmvLHA5Tc2ZIcgvaSc+RBfeLUz08 | |
| = | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:mime-version:in-reply-to:references:from:date | |
| :message-id:subject:to:content-type:content-transfer-encoding; | |
| s=default; bh=zZrMTh4P6aP62kJII8FmT034EG4=; b=kMiUA4Q9UwcFR/MGT | |
| NWKluNr5UxUVjQ0oOrdhaXtgOKi3eeSFVBK+KiD7yetFSzzrhcKmBqsxvvp7S9Wn | |
| e9obYwcJ9Ztrwv1+WONjNaI3dZVcYcGAG1bE4+wYS5/Ai82GW7aR4ZYHMVo/lO+z | |
| SgdMEIiM16dRBF7XC3o8l8FEHk= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | =?ISO-8859-1?Q?No, score=0.8 required=5.0 tests=AWL,BAYES_50,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2 spammy==d0=bc=d0=b0=d1, lee, authorities, english?= |
| X-HELO: | mail-io0-f174.google.com |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=YgFWmn3aPCFEVEPW6YjqtBXC2XXoAETZLDMBWjoHIQk=; b=Zcb8nOekSsl5sqdYFL8XfO31/BcCd92wnwJ+S2OVu+iNWv2XV1dyv/HTk3J4iUAIIw kSYwnKoQo/cE2N9HSaUo7n+qrrBQDhsy8OeaLSNWiN0IKywXZMBGFJY22/pJxMTt3LnS jfKLZUrjBp5zQMdINcPbvUTcwfBWUDvEXtCp0/Uipwhx6ygi95yderpL339oPO5W/J+i w2oavwTfS4ZSNaJAn9B5hM5EtWZ6Xxw8dJKgjBOdYGhIGThqBZTj3qqVj56z+i89gm3r m34SIE07+4t+F9nG+PlMAdc4vlCWh6xA8bD0XWjG7ZTvCngNxy7lF6ySLA9yVLr5v9gn wUVg== |
| MIME-Version: | 1.0 |
| In-Reply-To: | <1964416456.20180805201253@yandex.ru> |
| References: | <1964416456 DOT 20180805201253 AT yandex DOT ru> |
| From: | Lee <ler762 AT gmail DOT com> |
| Date: | Mon, 6 Aug 2018 03:29:07 -0400 |
| Message-ID: | <CAD8GWssOdAt=MgArgPWPKCvyu9rstqCHyLEa=WM+zzp3-OMLWw@mail.gmail.com> |
| Subject: | Re: wget does not recognize PKI? |
| To: | cygwin AT cygwin DOT com |
| X-IsSubscribed: | yes |
| X-MIME-Autoconverted: | from quoted-printable to 8bit by delorie.com id w767TLYE004384 |
On 8/5/18, Andrey Repin wrote:
> Greetings, All!
Greetings, Andrey Repin!
> $ wget https://ca.rootdir.org/ca.crl
> --2018-08-05 20:05:28-- https://ca.rootdir.org/ca.crl
> Resolving ca.rootdir.org (ca.rootdir.org)... 192.168.1.6
> Connecting to ca.rootdir.org (ca.rootdir.org)|192.168.1.6|:443...
> connected.
> ERROR: The certificate of ‘ca.rootdir.org’ is not trusted.
> ERROR: The certificate of ‘ca.rootdir.org’ hasn't got a known issuer.
>
> $ "$( which wget )" --version
> GNU Wget 1.19.1 built on cygwin.
>
> -cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls +ntlm
> +opie +psl +ssl/gnutls
>
> The root CA certificate is correctly installed and hashed.
Apparently not. Does it work if you tell wget to use your root CA cert?
‘--ca-certificate=FILE’
Use FILE as the file with the bundle of certificate authorities
(“CA”) to verify the peers. The certificates must be in PEM
format.
Without this option Wget looks for CA certificates at the
system-specified locations, chosen at OpenSSL installation time.
& you probably have, but to be sure.. you looked at 'info
update-ca-trust' - right?
This might help verify your trust store:
$ cat listcerts.sh
#!/bin/sh
# ref: https://serverfault.com/questions/590870/how-to-view-all-ssl-certificates-in-a-bundle
if [ $# -eq 1 ]; then
# bundle specified
FILE="$1"
if [ ! -r $FILE ]; then
echo "p1 unreadable: $FILE"
exit 1
fi
else
FILE="/usr/ssl/certs/ca-bundle.crt"
# FILE="/etc/pki/tls/certs/ca-bundle.crt"
# FILE="/etc/pki/tls/certs/ca-bundle.trust.crt"
fi
cat $FILE |\
awk -v cmd="openssl x509 -noout -subject " '
/^-----BEGIN/ { c = $0; next }
{ c = c "\n" $0 }
/^-----END/ { print c|cmd; close(cmd); c = "" }
'
# openssl x509 -noout -text
# to see all the certificate info
# oopenssl x509 -noout -subject
# to see just the subject
$
Regards,
Lee
>
> $ ls -l /etc/ssl/certs/
> total 3
> lrwxrwxrwx 1 anrdaemon None 13 мар 31 01:30 a94d09e5.0 -> ca-bundle.crt
> lrwxrwxrwx 1 anrdaemon None 49 мар 12 02:29 ca-bundle.crt ->
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> lrwxrwxrwx 1 anrdaemon None 55 мар 12 02:29 ca-bundle.trust.crt ->
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> lrwxrwxrwx 1 anrdaemon None 18 мар 31 01:30 dd07c56a.0 ->
> Rootdir.org_CA.crt
> drwxr-xr-x+ 1 anrdaemon None 0 апр 22 16:50 demo
> drwxr-xr-x+ 1 anrdaemon None 0 апр 22 16:50 expired
> -rw-r--r-- 1 anrdaemon None 165 апр 3 14:04 README.RootCerts
> lrwxrwxrwx 1 anrdaemon None 29 фев 14 04:41 Rootdir.org_CA.crt ->
> /etc/ssl/ca-20120530-0121.crt
>
> What's going on?
>
>
> --
> With best regards,
> Andrey Repin
> Sunday, August 5, 2018 20:07:02
>
> Sorry for my terrible english...
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright 2019 by DJ Delorie | Updated Jul 2019 |