| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:subject:to:references:from:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; q=dns; s=default; b=PHolpmfFQivf39be | |
| ixg1/zbBrXsT7kgeffDocX5o+MBnjLGtk2mQOwkIB2+G2JIRuKoFm9Dwn5dzwpZg | |
| ANKZVkgTzgAuQcFyo4mFMtAHSIat62+7Qm0vGJprhOKnzojRw+JEaeuX4o1dJh+G | |
| S5CDyCspz0IQk1NBa/1vafRLjYY= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:reply-to:subject:to:references:from:message-id | |
| :date:mime-version:in-reply-to:content-type | |
| :content-transfer-encoding; s=default; bh=ykKHo9pp7clFHyW91BQT4D | |
| Czd1U=; b=UYUrJD1rC1n/xhSA40kvTLkjoERf5dx7uYKIvIVoxgBffCZx9+RsTa | |
| NnnnCEXWG55oeE9wc31r1uX+8ny4UqMFJ+lWuqoA+uWCMl0EI5fz89BhltUU141y | |
| cHC3RDQIB2Ak8r3EVEWbXfL5EdI4TmaNuB8jKmrI70WfRam8QivZc= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Spam-SWARE-Status: | No, score=-0.5 required=5.0 tests=AWL,BAYES_05,KAM_LAZY_DOMAIN_SECURITY,KAM_SHORT,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=central, brian, Csaba, raduly |
| X-HELO: | smtp-out-no.shaw.ca |
| Reply-To: | Brian DOT Inglis AT SystematicSw DOT ab DOT ca |
| Subject: | Re: wget does not recognize PKI? |
| To: | cygwin AT cygwin DOT com |
| References: | <1964416456 DOT 20180805201253 AT yandex DOT ru> <bd0e6b94-9286-9e42-0efa-6ce8a9e2bd8d AT gmail DOT com> <CAEhDDbCE6BN+Ok-NnAS9JhxXa6mC5NYqsyFUMhLS+jZuYoe9tw AT mail DOT gmail DOT com> |
| From: | Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca> |
| Openpgp: | preference=signencrypt |
| Message-ID: | <d238c024-7412-fdc2-d970-e12265a201aa@SystematicSw.ab.ca> |
| Date: | Mon, 6 Aug 2018 09:25:26 -0600 |
| User-Agent: | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
| MIME-Version: | 1.0 |
| In-Reply-To: | <CAEhDDbCE6BN+Ok-NnAS9JhxXa6mC5NYqsyFUMhLS+jZuYoe9tw@mail.gmail.com> |
| X-IsSubscribed: | yes |
On 2018-08-05 14:03, Csaba Raduly wrote: > On Sun, Aug 5, 2018 at 7:36 PM, Marco Atzeri wrote: >> Am 05.08.2018 um 19:12 schrieb Andrey Repin: >>> $ wget https://ca.rootdir.org/ca.crl >>> --2018-08-05 20:05:28-- https://ca.rootdir.org/ca.crl >>> Resolving ca.rootdir.org (ca.rootdir.org)... 192.168.1.6 >>> Connecting to ca.rootdir.org (ca.rootdir.org)|192.168.1.6|:443... >>> connected. >>> ERROR: The certificate of ‘ca.rootdir.org’ is not trusted. >>> ERROR: The certificate of ‘ca.rootdir.org’ hasn't got a known issuer. >>> What's going on? >> It seems not a cygwin issue: >> "This connection is not secure >> The owner of ca.rootdir.org did not properly configure the site. Firefox has >> not affiliated with this site to protect your information from theft." > And not just Firefox : > $ curl -v https://ca.rootdir.org/ca.crl > * STATE: INIT => CONNECT handle 0x600057990; line 1404 (connection #-5000) > * Added connection 0. The cache now contains 1 members > * STATE: CONNECT => WAITRESOLVE handle 0x600057990; line 1440 (connection #0) > * Trying 77.50.25.68... > * TCP_NODELAY set > * STATE: WAITRESOLVE => WAITCONNECT handle 0x600057990; line 1521 > (connection #0) > * Connected to ca.rootdir.org (77.50.25.68) port 443 (#0) > * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057990; line 1573 > (connection #0) > * Marked for [keep alive]: HTTP default > * ALPN, offering h2 > * ALPN, offering http/1.1 > * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH > * successfully set certificate verify locations: > CAfile: /etc/pki/tls/certs/ca-bundle.crt > CApath: none > * TLSv1.2 (OUT), TLS header, Certificate Status (22): > * TLSv1.2 (OUT), TLS handshake, Client hello (1): > * STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057990; line > 1587 (connection #0) > * TLSv1.2 (IN), TLS handshake, Server hello (2): > * TLSv1.2 (IN), TLS handshake, Certificate (11): > * TLSv1.2 (OUT), TLS alert, Server hello (2): > * SSL certificate problem: self signed certificate in certificate chain > * Marked for [closure]: Failed HTTPS connection > * multi_done > * stopped the pause stream! > * Closing connection 0 > * The cache now contains 0 members > * Expire cleared > curl: (60) SSL certificate problem: self signed certificate in certificate chain > More details here: https://curl.haxx.se/docs/sslcerts.html > curl failed to verify the legitimacy of the server and therefore could not > establish a secure connection to it. To learn more about this situation and > how to fix it, please visit the web page mentioned above. Given that it's his own domain and root cert, not surprising it's not in Mozilla's root CA list. Lots of business gets done using counterparty certs with organization CA roots not in any public or central repos, or just self-signed: avoids accessing or giving CAs any info or money and dealing with fallout from vendor issues. -- Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |