delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2024/03/19/10:02:54

X-Recipient: archive-cygwin AT delorie DOT com
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DFFAC3858CDB
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
s=default; t=1710856971;
bh=lYtXd31jQcWpiZ9e2DrvqexDm5k632RSlt1HCknHIA8=;
h=To:Subject:In-Reply-To:References:Date:List-Id:List-Unsubscribe:
List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
From;
b=iPkUYLZTFigB9Vj40kr+oev5LHvFsVN4ITuvYiYvgO5+lls1k2gAjU9asvIZ/vHGb
Qlc7idkrBQUnYuZThK/ft06R7e5pqDxyrIeOHNFeadJl9JeY62EwxaJd2b+zjh/VlE
mt7Nb18JWdgRkOiB1LBGiRmgpfCedrawBjpsae3c=
X-Original-To: cygwin AT cygwin DOT com
Delivered-To: cygwin AT cygwin DOT com
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 49D2D3858D1E
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 49D2D3858D1E
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710856949; cv=none;
b=f2LKbWLZtiwCXG5TDYf7DF14HWGhtwxU3nsdYAJehpLKjN3pelhMX0+2qNDimf3wVjnQcqSJxkmaP8DmfI3d6Rmm6RXok5UM9p2DeQJ7AslTwOgtiNglzd6WvCRth82TkFCXgL7Ujj1INODqwvd646+YtjARIuCjRUUpRV22/oo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
t=1710856949; c=relaxed/simple;
bh=M2Wg4OkDYtYPkwO61t1ejnjMyTgntpoUnn19OIZXAdg=;
h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
b=aUTTQFFicqFI3ciMT8nWwymj/PEwIyLxBu114DDxWRo0w8elnpY341V3A5bcBehYyZYL5mOxuQsm+hSX07QM8WoQm/Nf42O2wdTdSiavJ+GYFxVuSNInwBlzEVJ5owaUAft9hVJEAmUNvMGFVCF4aAynga0kZG9zUvId9PkVBpg=
ARC-Authentication-Results: i=1; server2.sourceware.org
To: cygwin AT cygwin DOT com
Subject: Re: Getting error 60 of curl to cygwin setup
In-Reply-To: <CAL8MddUQKYhq3Ag12OYTbxFeGX-8VHriacYj5p4jCwe1Rw0COg@mail.gmail.com>
(J. M. via Cygwin's message of "Tue, 19 Mar 2024 14:00:33 +0100")
References: <CAL8MddVRquNVBMfCtzrLGmrthHHGoyUw9Qfkqg_S6f0FOxJXUg AT mail DOT gmail DOT com>
<a56e15dd-1ecf-42f5-ac98-e027d358cf41 AT SystematicSW DOT ab DOT ca>
<CAL8MddUQKYhq3Ag12OYTbxFeGX-8VHriacYj5p4jCwe1Rw0COg AT mail DOT gmail DOT com>
Date: Tue, 19 Mar 2024 15:02:05 +0100
Message-ID: <87msquxqua.fsf@>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
X-purgate-type: clean
X-purgate: clean
X-purgate-size: 10061
X-purgate-ID: 155817::1710856933-D4FF7A4B-BC825526/0/0
X-Spam-Status: No, score=-3030.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, INVALID_MSGID, KAM_EXEURI, KAM_SHORT,
RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
SPF_PASS, TXREP,
T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
server2.sourceware.org
X-BeenThere: cygwin AT cygwin DOT com
X-Mailman-Version: 2.1.30
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From: ASSI via Cygwin <cygwin AT cygwin DOT com>
Reply-To: ASSI <Stromeko AT nexgo DOT de>
Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com
Sender: "Cygwin" <cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com> 

J M via Cygwin writes:
> $ curl -vvvv -O https://cygwin.com/setup-x86_64.exe
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
>  Current
>                                  Dload  Upload   Total   Spent    Left
>  Speed
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>   0* Host cygwin.com:443 was resolved.
> * IPv6: (none)
> * IPv4: 8.43.85.97
> *   Trying 8.43.85.97:443...
> * Connected to cygwin.com (8.43.85.97) port 443
> * ALPN: curl offers h2,http/1.1
> } [5 bytes data]
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> } [512 bytes data]
> *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
> *  CApath: none
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>   0{ [5 bytes data]
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> { [70 bytes data]
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> { [1023 bytes data]
> * TLSv1.2 (OUT), TLS alert, unknown CA (560):
> } [2 bytes data]
> * SSL certificate problem: unable to get local issuer certificate
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>   0
> * Closing connection
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> More details here: https://curl.se/docs/sslcerts.html
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.

Either your cert store is corrupt or something is breaking up the SSL
connection via MITM.

--8<---------------cut here---------------start------------->8---
# curl -vvvv -O https://cygwin.com/setup-x86_64.exe
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host cygwin.com:443 was resolved.
* IPv6: 2620:52:3:1:0:246e:9693:128c
* IPv4: 8.43.85.97
*   Trying 8.43.85.97:443...
* Connected to cygwin.com (8.43.85.97) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [106 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4010 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=cygwin.com
*  start date: Jan 21 03:06:49 2024 GMT
*  expire date: Apr 20 03:06:48 2024 GMT
*  subjectAltName: host "cygwin.com" matched cert's "cygwin.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
{ [5 bytes data]
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://cygwin.com/setup-x86_64.exe
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: cygwin.com]
* [HTTP/2] [1] [:path: /setup-x86_64.exe]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET /setup-x86_64.exe HTTP/2
> Host: cygwin.com
> User-Agent: curl/8.6.0
> Accept: */*
> 
{ [5 bytes data]
< HTTP/2 200 
< date: Tue, 19 Mar 2024 13:59:14 GMT
< server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.74 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
< vary: User-Agent
< last-modified: Sat, 24 Feb 2024 16:07:44 GMT
< etag: "157c13-61222e0778290"
< accept-ranges: bytes
< content-length: 1408019
< cache-control: max-age=0
< expires: Tue, 19 Mar 2024 13:59:14 GMT
< content-security-policy: default-src 'self' http: https:
< strict-transport-security: max-age=16070400
< content-type: application/octet-stream
< 
{ [10024 bytes data]
100 1375k  100 1375k    0     0  1034k      0  0:00:01  0:00:01 --:--:-- 1034k
* Connection #0 to host cygwin.com left intact
--8<---------------cut here---------------end--------------->8---

--8<---------------cut here---------------start------------->8---
# openssl s_client -connect cygwin.com:443
CONNECTED(00000004)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = cygwin.com
verify return:1
---
Certificate chain
 0 s:CN = cygwin.com
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 21 03:06:49 2024 GMT; NotAfter: Apr 20 03:06:48 2024 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISA7OmFd0W4CNA/f85vnuNcdziMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAxMjEwMzA2NDlaFw0yNDA0MjAwMzA2NDhaMBUxEzARBgNVBAMT
CmN5Z3dpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdue5L
fj0XFzz2zJ64eeHZXIRoo1Q0ZZq7xhCZwZ0aajH1MUE6B9Qq73iQXhZA3lQ/208W
g852e+CDMi6Fplnsdn6V1yUinL82z4qXrJ0u2dyjoRtKAPeqXIUGJ2AkHCZUPEtO
LMnHC4vhz2e2Wl1oK/M3UXcXq9VqCsGfa/NXjvd4h4BtqHXyJlkOFtCN2SImV8on
mW1ERUjAbX6OQesi1VdM2z0ziIP3xwJMZskk4g5JgUUK2t7SfuZ34XNrU5UE95bS
kS9lArzHYTk8QXcbZRaAdQDhemuW3lwVjp9sEjPf58QIqGF9a0LszrsD+bqYX2OB
YQSAbu5XL09YzyxLAgMBAAGjggJDMIICPzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FIfIhIqS5I7BxGrFlhRcSmci16L8MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYf
r52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8u
bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvME0G
A1UdEQRGMESCCmN5Z3dpbi5jb22CCmN5Z3dpbi5uZXSCCmN5Z3dpbi5vcmeCDmZ0
cC5jeWd3aW4uY29tgg53d3cuY3lnd2luLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC
ATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AEiw42vapkc0D+VqAvqdMOscUgHL
Vt0sgdm7v6s52IRzAAABjSozHFUAAAQDAEcwRQIhAIJEjUoeILEZv2L8f2beLfdX
SzKPs9RX4FMbIw0SrTPuAiA/gjJYZL9bnFhDqV5fiQpN3rGD0lTEmdpAygmWI9lo
mgB1ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABjSozHFUAAAQD
AEYwRAIgYj9DcDedk9cOgUUrAUyAUgtTSt8nkdblJGXuwFaCh4ACIGOtqUz3C80a
4UYdEC32ZOmdTlXGPdZoUn39/qfjsBY/MA0GCSqGSIb3DQEBCwUAA4IBAQAggr31
HrQXTUB0YwgR4O9cM/o4WMwn49pXQ+xvWWAqo4iEeVb1i+VbgScgPnBDMw99c5tM
Zc/KxqpM9ODJkYCqdyywq9rdyzyHxGvs7UBsfS17m6tpeuO/JejndbQyBoL1WVXA
PpuxJ8Z0GbdYTULAHdyoit0IxJQ9EHiEXSiALIpHScKBQsZUHmsiWN+p/cEUPrLe
ojTdXTNnlcBWdZ+q4KL/GKtQPYZkmHAQ30G/sJzVYxEwReUTb4a0Nl2xI2Rdw2Ww
z9nz85lPE0MoXN+R4qBv/03wgD/HLtHPcSzOqykLa6KgkI0xoBUk9V7yqm/tmkUx
6TUD9ikD8VNkUJd6
-----END CERTIFICATE-----
subject=CN = cygwin.com
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4677 bytes and written 425 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: AEE82272586ADDF7ED17304F360FD0AA7EBBB4DDFE7A817DA1762C18B439C5A4
    Session-ID-ctx: 
    Master-Key: 3F10143968400AFFCB2BD2EE15C8B286C4AC3B48D25C651F5EB79E39D8D90A0413B480C2E643F115BA3C00914452F827
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 39 a4 ed ac 54 23 f1 7c-fd b4 66 ce 4b e3 bd d4   9...T#.|..f.K...
    0010 - 41 0c 26 27 47 89 a5 d6-0a c2 42 2c cb af f7 81   A.&'G.....B,....
    0020 - db 8e d0 2b 79 c6 0d a5-48 ef ab 44 d5 93 f9 a7   ...+y...H..D....
    0030 - fa 27 80 e4 2e b9 93 03-1b a4 4e 3c bf 93 bb 96   .'........N<....
    0040 - 2f 03 10 06 8e 0c 2e cd-65 a5 ff 93 72 2a a0 41   /.......e...r*.A
    0050 - dc 22 6d 71 b6 42 7e 34-8d 07 81 b0 de 3b e8 ef   ."mq.B~4.....;..
    0060 - ef 41 bf 6c 96 35 41 74-5f 3f cf 7a ad b0 9b a5   .A.l.5At_?.z....
    0070 - 33 fa 2c fa f4 3a 59 06-45 80 12 99 0b e1 7c 3a   3.,..:Y.E.....|:
    0080 - ba 99 a8 3e 54 e0 e8 39-8e d2 9c 8e 28 ff 5f a7   ...>T..9....(._.
    0090 - 1d ec 9f b5 6c a7 07 f8-7d d1 c8 e0 df 8a 1d dc   ....l...}.......
    00a0 - 1a 3f 95 80 16 93 7a 72-f3 d3 40 cf 8b 1b 96 ce   .?....zr..@.....
    00b0 - ac d0 ee 69 9a e3 80 b1-da dc a9 04 a7 ca a8 64   ...i...........d
    00c0 - 2d 80 3b 40 2a 30 d5 f6-1e 9e 97 73 98 ef 80 9c   -.;@*0.....s....

    Start Time: 1710856659
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
closed
--8<---------------cut here---------------end--------------->8---


Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Samples for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldSamplesExtra

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019