Getting error 60 of curl to cygwin setup

J M cesarjorgemartinez@gmail.com
Tue Mar 19 13:00:33 GMT 2024


Hi,

Send data recollected:

- Its strange that, I need to install curl and ca-certificates-letsencrypt,
houldn't they be within the default packages?
- The terminal is the default Cygwin64 Terminal.


Repeated two /usr/bin/curl:

$ which -a curl
/usr/bin/curl
/cygdrive/c/WINDOWS/system32/curl
/usr/bin/curl


$ curl -V
curl 8.6.0 (x86_64-pc-cygwin) libcurl/8.6.0 OpenSSL/3.0.13 zlib/1.3.1
brotli/1.1.0 zstd/1.5.5 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.0
nghttp2/1.60.0 libgsasl/2.2.1 OpenLDAP/2.6.7
Release-Date: 2024-01-31
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs
ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet
tftp
Features: alt-svc AsynchDNS brotli gsasl GSS-API HSTS HTTP2 HTTPS-proxy IDN
IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP
UnixSockets zstd


$ cygcheck -c ca-certificates ca-certificates-letsencrypt curl cygwin \
libbrotlidec1 libcurl4 libgsasl18 libgssapi_krb5_2 libidn2_0 libnghttp2_14 \
libopenldap2 libpsl5 libssh2_1 libssl3 libzstd1 zlib0
Cygwin Package Information
Package                     Version                     Status
ca-certificates             2023.2.62_v7.0.401-2     OK
ca-certificates-letsencrypt 2023.2.62_v7.0.401-2     OK
curl                        8.6.0-1                  OK
cygwin                      3.5.1-1                  OK
libbrotlidec1               1.1.0-1                  OK
libcurl4                    8.6.0-1                  OK
libgsasl18                  2.2.1-1                  OK
libgssapi_krb5_2            1.15.2-2                 OK
libidn2_0                   2.3.7-1                  OK
libnghttp2_14               1.60.0-1                 OK
libopenldap2                2.6.7-1                  OK
libpsl5                     0.21.5-1                 OK
libssh2_1                   1.11.0-1                 OK
libssl3                     3.0.13-1                 OK
libzstd1                    1.5.5-1                  OK
zlib0                       1.3.1-1                  OK


$ cat ca-certificates.sh.done
if [ ! -e "/etc/pki/ca-trust/ca-legacy.conf" ]
then
    /usr/bin/mkdir -p "/etc/pki/ca-trust"
    /usr/bin/cp "/etc/defaults/etc/pki/ca-trust/ca-legacy.conf"
"/etc/pki/ca-trust/ca-legacy.conf"
else
        if [ -f /etc/pki/ca-trust/ca-legacy.conf  -a  -x /usr/bin/diff ]
        then
            /usr/bin/mkdir -p "/var/cache/setup/etc/pki/ca-trust"
            /usr/bin/rm -f
"/var/cache/setup//etc/pki/ca-trust/ca-legacy.conf.diff"
            /usr/bin/diff -wut "/etc/pki/ca-trust/ca-legacy.conf"
"/etc/defaults/etc/pki/ca-trust/ca-legacy.conf" >
"/var/cache/setup//etc/pki/ca-trust/ca-legacy.conf.diff" ||
              echo "Defaults for /etc/pki/ca-trust/ca-legacy.conf differ
from actual file, please check
/var/cache/setup//etc/pki/ca-trust/ca-legacy.conf.diff"
        fi
fi

/usr/bin/ca-legacy install
/usr/bin/update-ca-trust


$ cat ca-certificates-letsencrypt.sh.done
# p11kit / update-ca-trust leaves the directory unwritable
chmod u+w /etc/pki/ca-trust/extracted/pem/directory-hash
/usr/bin/ln -s /usr/share/pki/letsencrypt/isrg-intermediate-r3.pem
/usr/share/pki/ca-trust-source/anchors/
/usr/bin/ln -s /usr/share/pki/letsencrypt/trustid-root-x3.pem
/usr/share/pki/ca-trust-source/blacklist
/usr/bin/update-ca-trust


$ curl -vvvv -O https://cygwin.com/setup-x86_64.exe
  % Total    % Received % Xferd  Average Speed   Time    Time     Time
 Current
                                 Dload  Upload   Total   Spent    Left
 Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
  0* Host cygwin.com:443 was resolved.
* IPv6: (none)
* IPv4: 8.43.85.97
*   Trying 8.43.85.97:443...
* Connected to cygwin.com (8.43.85.97) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
  0{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [70 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [1023 bytes data]
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
} [2 bytes data]
* SSL certificate problem: unable to get local issuer certificate
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
  0
* Closing connection
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.


Regards



<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Libre
de virus.www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

El lun, 18 mar 2024 a las 23:19, Brian Inglis via Cygwin (<cygwin@cygwin.com>)
escribió:

> On 2024-03-18 15:21, J M via Cygwin wrote:
> > With a fresh install of Cygwin then I launch (with package curl
> installed):
> >
> > curl -O https://www.cygwin.com/setup-x86_64.exe
> >
> > Shows a curl 60 error ssl problem.
> > Using -k or --insecure works, but is not recomended.
> > Howto fix it?
>
> WJFFM!
>
> That error implies that the version of curl you are running or the
> certificate
> store you are using does not include the Let's Encrypt CA used by
> Cygwin.com.
>
>  From what shell do you launch curl?
>
> Please run:
>
> which -a curl
>
> and ensure that /usr/bin/curl precedes /cygdrive/c/WINDOWS/system32/curl
> then
> run:
>
> $ curl -V
> curl 8.6.0 (x86_64-pc-cygwin) libcurl/8.6.0 OpenSSL/3.0.13 zlib/1.3.1
> brotli/1.1.0 zstd/1.5.5 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.0
> nghttp2/1.60.0 libgsasl/2.2.1 OpenLDAP/2.6.7
> Release-Date: 2024-01-31
> Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs
> ipns
> ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
> Features: alt-svc AsynchDNS brotli gsasl GSS-API HSTS HTTP2 HTTPS-proxy
> IDN IPv6
> Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets
> zstd
>
> and check you get the same output as above, then run:
>
> cygcheck -c ca-certificates ca-certificates-letsencrypt curl cygwin \
> libbrotlidec1 libcurl4 libgsasl18 libgssapi_krb5_2 libidn2_0 libnghttp2_14
> \
> libopenldap2 libpsl5 libssh2_1 libssl3 libzstd1 zlib0
>
> and ensure all packages show Status OK.
>
> If that is the case, please follow the problem reporting guidelines below,
> and
> attach the output from running
>
> cygcheck -hrsv > cygcheck-hrsv.log
>
> as a text attachment to your reply.
>
> --
> Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada
>
> La perfection est atteinte                   Perfection is achieved
> non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to
> add
> mais lorsqu'il n'y a plus rien à retirer     but when there is no more to
> cut
>                                  -- Antoine de Saint-Exupéry
>
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cygcheck-hrsv.log
Type: application/octet-stream
Size: 35874 bytes
Desc: not available
URL: <https://cygwin.com/pipermail/cygwin/attachments/20240319/8f3d7703/attachment-0001.obj>


More information about the Cygwin mailing list