X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:content-type:content-transfer-encoding; q=dns; s=default; b=CZj
	rGv/Uaru/StcUalh4NYQ7R7cFnPH4nZrfEHu5SAZBaYUtxHpX8afmJJiouq5SFxZ
	6argbROAzdjJp7X1QZXHLHsL5w45unn3GMAbgUo+6Ye+TSYrmLI5yjCpJyI5TRCE
	RuLqGv7+xYIgDVWm9twRO4ls5H6vdd/6bxSnmesY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:content-type:content-transfer-encoding; s=default; bh=lzmveTb9C
	FQnSen8s+k8MUqHyKI=; b=AJAWCYN9tIKQ2W0yuUW4qMg1h+l4igGKmGqYuB2c7
	3NoUtxhZUELBrqcosjzupguZDTMYgFR0x1tI7bHW35HOaDLZ1M5CGkPLXWoKIDWq
	5VVNXLxdoDxPKFDShvV9rBrUY56a/F6Bub6bH2i9RRA/8q7Uz4MrjuPNN3XFSz/A
	ZE=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM autolearn=no version=3.3.2
X-HELO: mail-pa0-f43.google.com
X-Received: by 10.68.4.197 with SMTP id m5mr1706912pbm.46.1378904616545;        Wed, 11 Sep 2013 06:03:36 -0700 (PDT)
Message-ID: <52306A1F.706@gmail.com>
Date: Wed, 11 Sep 2013 22:03:27 +0900
From: nu774 <honeycomb77 AT gmail DOT com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: wget, OpenSSL and root CA certificates
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

Currently, root CA certificates of Cygwin are installed via
ca-certificates package, and at least libcurl sees it.
However, wget on https URL always results in verify error, since wget
relies on SSL_CTX_set_default_verify_paths() of OpenSSL, but OpenSSL
doesn't see certificates installed via ca-certificate package.

As far as I can see (using strings cygcrypto-1.0.0.dll | grep or
something), default store file for OpenSSL is configured as
/usr/ssl/cert.pem and directory is /usr/ssl/certs/.
Therefore I tried
ln -s /usr/ssl/certs/ca-bundle.crt /usr/ssl/cert.pem
and it works. Now I can use wget without --no-check-certificate.

Is it possible to link ca-bundle.crt to /usr/ssl/cert.pem like above on
ca-certificates package installation?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple