X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DFFAC3858CDB DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1710856971; bh=lYtXd31jQcWpiZ9e2DrvqexDm5k632RSlt1HCknHIA8=; h=To:Subject:In-Reply-To:References:Date:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=iPkUYLZTFigB9Vj40kr+oev5LHvFsVN4ITuvYiYvgO5+lls1k2gAjU9asvIZ/vHGb Qlc7idkrBQUnYuZThK/ft06R7e5pqDxyrIeOHNFeadJl9JeY62EwxaJd2b+zjh/VlE mt7Nb18JWdgRkOiB1LBGiRmgpfCedrawBjpsae3c= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 49D2D3858D1E ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 49D2D3858D1E ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710856949; cv=none; b=f2LKbWLZtiwCXG5TDYf7DF14HWGhtwxU3nsdYAJehpLKjN3pelhMX0+2qNDimf3wVjnQcqSJxkmaP8DmfI3d6Rmm6RXok5UM9p2DeQJ7AslTwOgtiNglzd6WvCRth82TkFCXgL7Ujj1INODqwvd646+YtjARIuCjRUUpRV22/oo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710856949; c=relaxed/simple; bh=M2Wg4OkDYtYPkwO61t1ejnjMyTgntpoUnn19OIZXAdg=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=aUTTQFFicqFI3ciMT8nWwymj/PEwIyLxBu114DDxWRo0w8elnpY341V3A5bcBehYyZYL5mOxuQsm+hSX07QM8WoQm/Nf42O2wdTdSiavJ+GYFxVuSNInwBlzEVJ5owaUAft9hVJEAmUNvMGFVCF4aAynga0kZG9zUvId9PkVBpg= ARC-Authentication-Results: i=1; server2.sourceware.org To: cygwin AT cygwin DOT com Subject: Re: Getting error 60 of curl to cygwin setup In-Reply-To: (J. M. via Cygwin's message of "Tue, 19 Mar 2024 14:00:33 +0100") References:

Date: Tue, 19 Mar 2024 15:02:05 +0100 Message-ID: <87msquxqua.fsf@> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 X-purgate-type: clean X-purgate: clean X-purgate-size: 10061 X-purgate-ID: 155817::1710856933-D4FF7A4B-BC825526/0/0 X-Spam-Status: No, score=-3030.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, INVALID_MSGID, KAM_EXEURI, KAM_SHORT, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: ASSI via Cygwin Reply-To: ASSI Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cygwin-bounces+archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" J M via Cygwin writes: > $ curl -vvvv -O https://cygwin.com/setup-x86_64.exe > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left > Speed > 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > 0* Host cygwin.com:443 was resolved. > * IPv6: (none) > * IPv4: 8.43.85.97 > * Trying 8.43.85.97:443... > * Connected to cygwin.com (8.43.85.97) port 443 > * ALPN: curl offers h2,http/1.1 > } [5 bytes data] > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > } [512 bytes data] > * CAfile: /etc/pki/tls/certs/ca-bundle.crt > * CApath: none > 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > 0{ [5 bytes data] > * TLSv1.3 (IN), TLS handshake, Server hello (2): > { [70 bytes data] > * TLSv1.2 (IN), TLS handshake, Certificate (11): > { [1023 bytes data] > * TLSv1.2 (OUT), TLS alert, unknown CA (560): > } [2 bytes data] > * SSL certificate problem: unable to get local issuer certificate > 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > 0 > * Closing connection > curl: (60) SSL certificate problem: unable to get local issuer certificate > More details here: https://curl.se/docs/sslcerts.html > > curl failed to verify the legitimacy of the server and therefore could not > establish a secure connection to it. To learn more about this situation and > how to fix it, please visit the web page mentioned above. Either your cert store is corrupt or something is breaking up the SSL connection via MITM. --8<---------------cut here---------------start------------->8--- # curl -vvvv -O https://cygwin.com/setup-x86_64.exe % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Host cygwin.com:443 was resolved. * IPv6: 2620:52:3:1:0:246e:9693:128c * IPv4: 8.43.85.97 * Trying 8.43.85.97:443... * Connected to cygwin.com (8.43.85.97) port 443 * ALPN: curl offers h2,http/1.1 } [5 bytes data] * TLSv1.3 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none { [5 bytes data] * TLSv1.3 (IN), TLS handshake, Server hello (2): { [106 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [4010 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [300 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [37 bytes data] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 / RSASSA-PSS * ALPN: server accepted h2 * Server certificate: * subject: CN=cygwin.com * start date: Jan 21 03:06:49 2024 GMT * expire date: Apr 20 03:06:48 2024 GMT * subjectAltName: host "cygwin.com" matched cert's "cygwin.com" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. * Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption { [5 bytes data] * using HTTP/2 * [HTTP/2] [1] OPENED stream for https://cygwin.com/setup-x86_64.exe * [HTTP/2] [1] [:method: GET] * [HTTP/2] [1] [:scheme: https] * [HTTP/2] [1] [:authority: cygwin.com] * [HTTP/2] [1] [:path: /setup-x86_64.exe] * [HTTP/2] [1] [user-agent: curl/8.6.0] * [HTTP/2] [1] [accept: */*] } [5 bytes data] > GET /setup-x86_64.exe HTTP/2 > Host: cygwin.com > User-Agent: curl/8.6.0 > Accept: */* > { [5 bytes data] < HTTP/2 200 < date: Tue, 19 Mar 2024 13:59:14 GMT < server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.74 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3 < vary: User-Agent < last-modified: Sat, 24 Feb 2024 16:07:44 GMT < etag: "157c13-61222e0778290" < accept-ranges: bytes < content-length: 1408019 < cache-control: max-age=0 < expires: Tue, 19 Mar 2024 13:59:14 GMT < content-security-policy: default-src 'self' http: https: < strict-transport-security: max-age=16070400 < content-type: application/octet-stream < { [10024 bytes data] 100 1375k 100 1375k 0 0 1034k 0 0:00:01 0:00:01 --:--:-- 1034k * Connection #0 to host cygwin.com left intact --8<---------------cut here---------------end--------------->8--- --8<---------------cut here---------------start------------->8--- # openssl s_client -connect cygwin.com:443 CONNECTED(00000004) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = cygwin.com verify return:1 --- Certificate chain 0 s:CN = cygwin.com i:C = US, O = Let's Encrypt, CN = R3 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 21 03:06:49 2024 GMT; NotAfter: Apr 20 03:06:48 2024 GMT 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Sep 4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256 v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT --- Server certificate -----BEGIN CERTIFICATE----- MIIFGDCCBACgAwIBAgISA7OmFd0W4CNA/f85vnuNcdziMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yNDAxMjEwMzA2NDlaFw0yNDA0MjAwMzA2NDhaMBUxEzARBgNVBAMT CmN5Z3dpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdue5L fj0XFzz2zJ64eeHZXIRoo1Q0ZZq7xhCZwZ0aajH1MUE6B9Qq73iQXhZA3lQ/208W g852e+CDMi6Fplnsdn6V1yUinL82z4qXrJ0u2dyjoRtKAPeqXIUGJ2AkHCZUPEtO LMnHC4vhz2e2Wl1oK/M3UXcXq9VqCsGfa/NXjvd4h4BtqHXyJlkOFtCN2SImV8on mW1ERUjAbX6OQesi1VdM2z0ziIP3xwJMZskk4g5JgUUK2t7SfuZ34XNrU5UE95bS kS9lArzHYTk8QXcbZRaAdQDhemuW3lwVjp9sEjPf58QIqGF9a0LszrsD+bqYX2OB YQSAbu5XL09YzyxLAgMBAAGjggJDMIICPzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE FIfIhIqS5I7BxGrFlhRcSmci16L8MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYf r52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8u bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvME0G A1UdEQRGMESCCmN5Z3dpbi5jb22CCmN5Z3dpbi5uZXSCCmN5Z3dpbi5vcmeCDmZ0 cC5jeWd3aW4uY29tgg53d3cuY3lnd2luLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC ATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AEiw42vapkc0D+VqAvqdMOscUgHL Vt0sgdm7v6s52IRzAAABjSozHFUAAAQDAEcwRQIhAIJEjUoeILEZv2L8f2beLfdX SzKPs9RX4FMbIw0SrTPuAiA/gjJYZL9bnFhDqV5fiQpN3rGD0lTEmdpAygmWI9lo mgB1ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABjSozHFUAAAQD AEYwRAIgYj9DcDedk9cOgUUrAUyAUgtTSt8nkdblJGXuwFaCh4ACIGOtqUz3C80a 4UYdEC32ZOmdTlXGPdZoUn39/qfjsBY/MA0GCSqGSIb3DQEBCwUAA4IBAQAggr31 HrQXTUB0YwgR4O9cM/o4WMwn49pXQ+xvWWAqo4iEeVb1i+VbgScgPnBDMw99c5tM Zc/KxqpM9ODJkYCqdyywq9rdyzyHxGvs7UBsfS17m6tpeuO/JejndbQyBoL1WVXA PpuxJ8Z0GbdYTULAHdyoit0IxJQ9EHiEXSiALIpHScKBQsZUHmsiWN+p/cEUPrLe ojTdXTNnlcBWdZ+q4KL/GKtQPYZkmHAQ30G/sJzVYxEwReUTb4a0Nl2xI2Rdw2Ww z9nz85lPE0MoXN+R4qBv/03wgD/HLtHPcSzOqykLa6KgkI0xoBUk9V7yqm/tmkUx 6TUD9ikD8VNkUJd6 -----END CERTIFICATE----- subject=CN = cygwin.com issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 4677 bytes and written 425 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: AEE82272586ADDF7ED17304F360FD0AA7EBBB4DDFE7A817DA1762C18B439C5A4 Session-ID-ctx: Master-Key: 3F10143968400AFFCB2BD2EE15C8B286C4AC3B48D25C651F5EB79E39D8D90A0413B480C2E643F115BA3C00914452F827 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 39 a4 ed ac 54 23 f1 7c-fd b4 66 ce 4b e3 bd d4 9...T#.|..f.K... 0010 - 41 0c 26 27 47 89 a5 d6-0a c2 42 2c cb af f7 81 A.&'G.....B,.... 0020 - db 8e d0 2b 79 c6 0d a5-48 ef ab 44 d5 93 f9 a7 ...+y...H..D.... 0030 - fa 27 80 e4 2e b9 93 03-1b a4 4e 3c bf 93 bb 96 .'........N<.... 0040 - 2f 03 10 06 8e 0c 2e cd-65 a5 ff 93 72 2a a0 41 /.......e...r*.A 0050 - dc 22 6d 71 b6 42 7e 34-8d 07 81 b0 de 3b e8 ef ."mq.B~4.....;.. 0060 - ef 41 bf 6c 96 35 41 74-5f 3f cf 7a ad b0 9b a5 .A.l.5At_?.z.... 0070 - 33 fa 2c fa f4 3a 59 06-45 80 12 99 0b e1 7c 3a 3.,..:Y.E.....|: 0080 - ba 99 a8 3e 54 e0 e8 39-8e d2 9c 8e 28 ff 5f a7 ...>T..9....(._. 0090 - 1d ec 9f b5 6c a7 07 f8-7d d1 c8 e0 df 8a 1d dc ....l...}....... 00a0 - 1a 3f 95 80 16 93 7a 72-f3 d3 40 cf 8b 1b 96 ce .?....zr..@..... 00b0 - ac d0 ee 69 9a e3 80 b1-da dc a9 04 a7 ca a8 64 ...i...........d 00c0 - 2d 80 3b 40 2a 30 d5 f6-1e 9e 97 73 98 ef 80 9c -.;@*0.....s.... Start Time: 1710856659 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: yes --- closed --8<---------------cut here---------------end--------------->8--- Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Samples for the Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#BlofeldSamplesExtra -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple