Getting error 60 of curl to cygwin setup

ASSI Stromeko@nexgo.de
Tue Mar 19 14:02:05 GMT 2024


J M via Cygwin writes:
> $ curl -vvvv -O https://cygwin.com/setup-x86_64.exe
>   % Total    % Received % Xferd  Average Speed   Time    Time     Time
>  Current
>                                  Dload  Upload   Total   Spent    Left
>  Speed
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>   0* Host cygwin.com:443 was resolved.
> * IPv6: (none)
> * IPv4: 8.43.85.97
> *   Trying 8.43.85.97:443...
> * Connected to cygwin.com (8.43.85.97) port 443
> * ALPN: curl offers h2,http/1.1
> } [5 bytes data]
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> } [512 bytes data]
> *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
> *  CApath: none
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>   0{ [5 bytes data]
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> { [70 bytes data]
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> { [1023 bytes data]
> * TLSv1.2 (OUT), TLS alert, unknown CA (560):
> } [2 bytes data]
> * SSL certificate problem: unable to get local issuer certificate
>   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--
>   0
> * Closing connection
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> More details here: https://curl.se/docs/sslcerts.html
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.

Either your cert store is corrupt or something is breaking up the SSL
connection via MITM.

--8<---------------cut here---------------start------------->8---
# curl -vvvv -O https://cygwin.com/setup-x86_64.exe
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host cygwin.com:443 was resolved.
* IPv6: 2620:52:3:1:0:246e:9693:128c
* IPv4: 8.43.85.97
*   Trying 8.43.85.97:443...
* Connected to cygwin.com (8.43.85.97) port 443
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [106 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4010 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [300 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=cygwin.com
*  start date: Jan 21 03:06:49 2024 GMT
*  expire date: Apr 20 03:06:48 2024 GMT
*  subjectAltName: host "cygwin.com" matched cert's "cygwin.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
{ [5 bytes data]
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://cygwin.com/setup-x86_64.exe
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: cygwin.com]
* [HTTP/2] [1] [:path: /setup-x86_64.exe]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
} [5 bytes data]
> GET /setup-x86_64.exe HTTP/2
> Host: cygwin.com
> User-Agent: curl/8.6.0
> Accept: */*
> 
{ [5 bytes data]
< HTTP/2 200 
< date: Tue, 19 Mar 2024 13:59:14 GMT
< server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.74 mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
< vary: User-Agent
< last-modified: Sat, 24 Feb 2024 16:07:44 GMT
< etag: "157c13-61222e0778290"
< accept-ranges: bytes
< content-length: 1408019
< cache-control: max-age=0
< expires: Tue, 19 Mar 2024 13:59:14 GMT
< content-security-policy: default-src 'self' http: https:
< strict-transport-security: max-age=16070400
< content-type: application/octet-stream
< 
{ [10024 bytes data]
100 1375k  100 1375k    0     0  1034k      0  0:00:01  0:00:01 --:--:-- 1034k
* Connection #0 to host cygwin.com left intact
--8<---------------cut here---------------end--------------->8---

--8<---------------cut here---------------start------------->8---
# openssl s_client -connect cygwin.com:443
CONNECTED(00000004)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = cygwin.com
verify return:1
---
Certificate chain
 0 s:CN = cygwin.com
   i:C = US, O = Let's Encrypt, CN = R3
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 21 03:06:49 2024 GMT; NotAfter: Apr 20 03:06:48 2024 GMT
 1 s:C = US, O = Let's Encrypt, CN = R3
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Sep  4 00:00:00 2020 GMT; NotAfter: Sep 15 16:00:00 2025 GMT
 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jan 20 19:14:03 2021 GMT; NotAfter: Sep 30 18:14:03 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISA7OmFd0W4CNA/f85vnuNcdziMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAxMjEwMzA2NDlaFw0yNDA0MjAwMzA2NDhaMBUxEzARBgNVBAMT
CmN5Z3dpbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdue5L
fj0XFzz2zJ64eeHZXIRoo1Q0ZZq7xhCZwZ0aajH1MUE6B9Qq73iQXhZA3lQ/208W
g852e+CDMi6Fplnsdn6V1yUinL82z4qXrJ0u2dyjoRtKAPeqXIUGJ2AkHCZUPEtO
LMnHC4vhz2e2Wl1oK/M3UXcXq9VqCsGfa/NXjvd4h4BtqHXyJlkOFtCN2SImV8on
mW1ERUjAbX6OQesi1VdM2z0ziIP3xwJMZskk4g5JgUUK2t7SfuZ34XNrU5UE95bS
kS9lArzHYTk8QXcbZRaAdQDhemuW3lwVjp9sEjPf58QIqGF9a0LszrsD+bqYX2OB
YQSAbu5XL09YzyxLAgMBAAGjggJDMIICPzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
FIfIhIqS5I7BxGrFlhRcSmci16L8MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJQOYf
r52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3IzLm8u
bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcvME0G
A1UdEQRGMESCCmN5Z3dpbi5jb22CCmN5Z3dpbi5uZXSCCmN5Z3dpbi5vcmeCDmZ0
cC5jeWd3aW4uY29tgg53d3cuY3lnd2luLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC
ATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AEiw42vapkc0D+VqAvqdMOscUgHL
Vt0sgdm7v6s52IRzAAABjSozHFUAAAQDAEcwRQIhAIJEjUoeILEZv2L8f2beLfdX
SzKPs9RX4FMbIw0SrTPuAiA/gjJYZL9bnFhDqV5fiQpN3rGD0lTEmdpAygmWI9lo
mgB1ADtTd3U+LbmAToswWwb+QDtn2E/D9Me9AA0tcm/h+tQXAAABjSozHFUAAAQD
AEYwRAIgYj9DcDedk9cOgUUrAUyAUgtTSt8nkdblJGXuwFaCh4ACIGOtqUz3C80a
4UYdEC32ZOmdTlXGPdZoUn39/qfjsBY/MA0GCSqGSIb3DQEBCwUAA4IBAQAggr31
HrQXTUB0YwgR4O9cM/o4WMwn49pXQ+xvWWAqo4iEeVb1i+VbgScgPnBDMw99c5tM
Zc/KxqpM9ODJkYCqdyywq9rdyzyHxGvs7UBsfS17m6tpeuO/JejndbQyBoL1WVXA
PpuxJ8Z0GbdYTULAHdyoit0IxJQ9EHiEXSiALIpHScKBQsZUHmsiWN+p/cEUPrLe
ojTdXTNnlcBWdZ+q4KL/GKtQPYZkmHAQ30G/sJzVYxEwReUTb4a0Nl2xI2Rdw2Ww
z9nz85lPE0MoXN+R4qBv/03wgD/HLtHPcSzOqykLa6KgkI0xoBUk9V7yqm/tmkUx
6TUD9ikD8VNkUJd6
-----END CERTIFICATE-----
subject=CN = cygwin.com
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4677 bytes and written 425 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: AEE82272586ADDF7ED17304F360FD0AA7EBBB4DDFE7A817DA1762C18B439C5A4
    Session-ID-ctx: 
    Master-Key: 3F10143968400AFFCB2BD2EE15C8B286C4AC3B48D25C651F5EB79E39D8D90A0413B480C2E643F115BA3C00914452F827
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 39 a4 ed ac 54 23 f1 7c-fd b4 66 ce 4b e3 bd d4   9...T#.|..f.K...
    0010 - 41 0c 26 27 47 89 a5 d6-0a c2 42 2c cb af f7 81   A.&'G.....B,....
    0020 - db 8e d0 2b 79 c6 0d a5-48 ef ab 44 d5 93 f9 a7   ...+y...H..D....
    0030 - fa 27 80 e4 2e b9 93 03-1b a4 4e 3c bf 93 bb 96   .'........N<....
    0040 - 2f 03 10 06 8e 0c 2e cd-65 a5 ff 93 72 2a a0 41   /.......e...r*.A
    0050 - dc 22 6d 71 b6 42 7e 34-8d 07 81 b0 de 3b e8 ef   ."mq.B~4.....;..
    0060 - ef 41 bf 6c 96 35 41 74-5f 3f cf 7a ad b0 9b a5   .A.l.5At_?.z....
    0070 - 33 fa 2c fa f4 3a 59 06-45 80 12 99 0b e1 7c 3a   3.,..:Y.E.....|:
    0080 - ba 99 a8 3e 54 e0 e8 39-8e d2 9c 8e 28 ff 5f a7   ...>T..9....(._.
    0090 - 1d ec 9f b5 6c a7 07 f8-7d d1 c8 e0 df 8a 1d dc   ....l...}.......
    00a0 - 1a 3f 95 80 16 93 7a 72-f3 d3 40 cf 8b 1b 96 ce   .?....zr..@.....
    00b0 - ac d0 ee 69 9a e3 80 b1-da dc a9 04 a7 ca a8 64   ...i...........d
    00c0 - 2d 80 3b 40 2a 30 d5 f6-1e 9e 97 73 98 ef 80 9c   -.;@*0.....s....

    Start Time: 1710856659
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
closed
--8<---------------cut here---------------end--------------->8---


Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Samples for the Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#BlofeldSamplesExtra


More information about the Cygwin mailing list