Getting error 60 of curl to cygwin setup
Brian Inglis
Brian.Inglis@systematicsw.ab.ca
Tue Mar 19 17:39:10 GMT 2024
On 2024-03-19 11:00, J M wrote:
> $ file /etc/pki/tls/certs/*
> /etc/pki/tls/certs/ca-bundle.crt: symbolic link to
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> /etc/pki/tls/certs/ca-bundle.trust.crt: symbolic link to
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
>
> $ grep -c '^-----BEGIN.*CERTIFICATE-----$'
> /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:369
> /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem:116
> /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem:295
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:145
>
> $ grep '^#\s\(ISRG\|R3\)' /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X1
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X2
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# R3
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X1
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X2
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# R3
>
> Looks the same except the matched number lines of the grep -c.
>
> $ sum /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
> /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> 22972 630 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> 34027 176 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
> 36930 491 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
> 05844 220 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
The following are a bit more useful:
$ wc -lwmcL /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
11307 14152 664107 664142 65
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
3368 4080 193879 193883 64
/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
8816 10434 512531 512566 65
/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
4236 5094 243623 243627 64
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
27727 33760 1614140 1614218 65 total
$ cksum /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
317625824 664142 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
382586407 193883 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
1244815702 512566 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
1065593997 243627 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
I would also like to see what you get running:
$ curl -Iv https://8.43.85.97/
* Trying 8.43.85.97:443...
* Connected to 8.43.85.97 (8.43.85.97) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: CN=cygwin.com
* start date: Jan 21 03:06:49 2024 GMT
* expire date: Apr 20 03:06:48 2024 GMT
* subjectAltName does not match 8.43.85.97
* SSL: no alternative certificate subject name matches target host name '8.43.85.97'
* Closing connection
* TLSv1.2 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name
'8.43.85.97'
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
and:
$ curl -Iv https://cygwin.com/
* Host cygwin.com:443 was resolved.
* IPv6: 2620:52:3:1:0:246e:9693:128c
* IPv4: 8.43.85.97
* Trying [2620:52:3:1:0:246e:9693:128c]:443...
* Connected to cygwin.com (2620:52:3:1:0:246e:9693:128c) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: CN=cygwin.com
* start date: Jan 21 03:06:49 2024 GMT
* expire date: Apr 20 03:06:48 2024 GMT
* subjectAltName: host "cygwin.com" matched cert's "cygwin.com"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed
using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed
using sha256WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://cygwin.com/
* [HTTP/2] [1] [:method: HEAD]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: cygwin.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> HEAD / HTTP/2
> Host: cygwin.com
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/2 200
HTTP/2 200
< date: Tue, 19 Mar 2024 17:32:27 GMT
date: Tue, 19 Mar 2024 17:32:27 GMT
< server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.74
mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.74
mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
< vary: User-Agent,Accept-Encoding
vary: User-Agent,Accept-Encoding
< accept-ranges: bytes
accept-ranges: bytes
< content-security-policy: default-src 'self' http: https:
content-security-policy: default-src 'self' http: https:
< strict-transport-security: max-age=16070400
strict-transport-security: max-age=16070400
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
<
* Connection #0 to host cygwin.com left intact
Suggest you try to redownload and rerun setup-x86_64,
reinstall the latest ca-certificates-letsencrypt and ca-certificates packages,
check /var/log/setup.log.full, and rerun wc and cksum.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
More information about the Cygwin
mailing list