X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type:content-transfer-encoding; q=dns; s=default; b=qAP5z1XmHFqAS4ZrxPRsQHxS2iIYZvoLrjh+5tx9OWw q9Ry2asvxh8E2ynwwa31Jro1X4OQ7JxP25HYfCMUUhukdxsGpj7GjkC0oo13fOpF mpALaWu2V/y1bX3yST+i0Dmef8800coDlWQFaA1+0WzI+3PYEq5Rw5WFajhULovo = DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type:content-transfer-encoding; s=default; bh=5t8GXyAXf9HTNt9n+SXTPp8Gjfg=; b=mEqUQyus1sDD3ez0c W/vySwN819lZiX0vxJ+3ag3/gjl0IMyPZGzQvo2VAaoFcvx5Czt/CwskK6oGUb87 bUbCcEq/GCl2Sbpr7nOsENYoKnu2p+rvqucSOkPfWuoHO8Ot2Sk189ScA5SBo+em aPgNG7H1qmYLf1rWJfoH1dvFEc= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=0.6 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=Scott, alert, STATE, trusted X-HELO: mail-qt0-f178.google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-transfer-encoding; bh=snje3jEzwAqhkY4EiLNtJjqNFL5K5jfcsC/2Z5IuqFc=; b=JJJgNkdnisa/BfmzKztS/tqkIFJkaxQ09t+2Kskt3hDXN94kVPJVr09JcYZ+znNo4h UpCNvSJ+CnC0YHxkZ3Pj9d/6aR0nWLpLMLPGFq6zq9nUaMpPZ6qTgFE+5xqv2io2o/o6 Pge7/e7YsJ1TMiLV0TB3mBUtIdfTT39/g+CS2HuHCfzAlpdvLIdgZigbEEZ0XFVkD250 PV8EEpdzuQFJYTwU3cgjIryI4HzXkpt+g2zQGBwc3loGn5ZlssjE/W6NABYPva7RX+zD 7LYDOLIugvJdfzWq1RuA1mGRkACu5516xatdGISqk/mXwhn6uJMwdGA/1X1wkAqTENep kzRA== MIME-Version: 1.0 In-Reply-To: References: <1964416456 DOT 20180805201253 AT yandex DOT ru> From: Csaba Raduly Date: Sun, 5 Aug 2018 22:03:24 +0200 Message-ID: Subject: Re: wget does not recognize PKI? To: cygwin list Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id w75K3d8W016207 On Sun, Aug 5, 2018 at 7:36 PM, Marco Atzeri wrote: > Am 05.08.2018 um 19:12 schrieb Andrey Repin: >> >> Greetings, All! >> >> $ wget https://ca.rootdir.org/ca.crl >> --2018-08-05 20:05:28-- https://ca.rootdir.org/ca.crl >> Resolving ca.rootdir.org (ca.rootdir.org)... 192.168.1.6 >> Connecting to ca.rootdir.org (ca.rootdir.org)|192.168.1.6|:443... >> connected. >> ERROR: The certificate of ‘ca.rootdir.org’ is not trusted. >> ERROR: The certificate of ‘ca.rootdir.org’ hasn't got a known issuer. >> > >> >> What's going on? >> > > It seems not a cygwin issue: > > "This connection is not secure > > The owner of ca.rootdir.org did not properly configure the site. Firefox has > not affiliated with this site to protect your information from theft." > And not just Firefox : $ curl -v https://ca.rootdir.org/ca.crl * STATE: INIT => CONNECT handle 0x600057990; line 1404 (connection #-5000) * Added connection 0. The cache now contains 1 members * STATE: CONNECT => WAITRESOLVE handle 0x600057990; line 1440 (connection #0) * Trying 77.50.25.68... * TCP_NODELAY set * STATE: WAITRESOLVE => WAITCONNECT handle 0x600057990; line 1521 (connection #0) * Connected to ca.rootdir.org (77.50.25.68) port 443 (#0) * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057990; line 1573 (connection #0) * Marked for [keep alive]: HTTP default * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057990; line 1587 (connection #0) * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, Server hello (2): * SSL certificate problem: self signed certificate in certificate chain * Marked for [closure]: Failed HTTPS connection * multi_done * stopped the pause stream! * Closing connection 0 * The cache now contains 0 members * Expire cleared curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. Csaba -- You can get very substantial performance improvements by not doing the right thing. - Scott Meyers, An Effective C++11/14 Sampler So if you're looking for a completely portable, 100% standards-conformat way to get the wrong information: this is what you want. - Scott Meyers (C++TDaWYK) -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple