Getting error 60 of curl to cygwin setup

Brian Inglis Brian.Inglis@systematicsw.ab.ca
Tue Mar 19 20:00:57 GMT 2024


On 2024-03-19 12:15, J M wrote:
> El mar, 19 mar 2024 a las 18:39, Brian Inglis via Cygwin escribió:
>     On 2024-03-19 11:00, J M wrote:
>      > $ file /etc/pki/tls/certs/*
>      > /etc/pki/tls/certs/ca-bundle.crt:       symbolic link to
>      > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
>      > /etc/pki/tls/certs/ca-bundle.trust.crt: symbolic link to
>      > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
>      >
>      > $ grep -c '^-----BEGIN.*CERTIFICATE-----$'
>      > /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
>      > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:369
>      > /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem:116
>      > /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem:295
>      > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:145
>      >
>      > $ grep '^#\s\(ISRG\|R3\)'
>     /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
>      > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X1
>      > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X2
>      > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# R3
>      > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X1
>      > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X2
>      > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# R3
>      >
>      > Looks the same except the matched number lines of the grep -c.
>      >
>      > $ sum /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
>      > /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
>      > /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
>      > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
>      > 22972   630 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
>      > 34027   176 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
>      > 36930   491 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
>      > 05844   220 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> 
>     The following are a bit more useful:
> 
>     $ wc -lwmcL /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
>         11307   14152  664107  664142      65
>     /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
>          3368    4080  193879  193883      64
>     /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
>          8816   10434  512531  512566      65
>     /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
>          4236    5094  243623  243627      64
>     /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
>         27727   33760 1614140 1614218      65 total
>     $ cksum /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
>     317625824 664142 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
>     382586407 193883 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
>     1244815702 512566 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
>     1065593997 243627 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> 
>     I would also like to see what you get running:
> 
>     $ curl -Iv https://8.43.85.97/ <https://8.43.85.97/>
>     *   Trying 8.43.85.97:443...
>     * Connected to 8.43.85.97 (8.43.85.97) port 443
>     * ALPN: curl offers h2,http/1.1
>     * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>     *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
>     *  CApath: none
>     * TLSv1.3 (IN), TLS handshake, Server hello (2):
>     * TLSv1.2 (IN), TLS handshake, Certificate (11):
>     * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
>     * TLSv1.2 (IN), TLS handshake, Server finished (14):
>     * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
>     * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
>     * TLSv1.2 (OUT), TLS handshake, Finished (20):
>     * TLSv1.2 (IN), TLS handshake, Finished (20):
>     * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 /
>     RSASSA-PSS
>     * ALPN: server accepted h2
>     * Server certificate:
>     *  subject: CN=cygwin.com <http://cygwin.com>
>     *  start date: Jan 21 03:06:49 2024 GMT
>     *  expire date: Apr 20 03:06:48 2024 GMT
>     *  subjectAltName does not match 8.43.85.97
>     * SSL: no alternative certificate subject name matches target host name
>     '8.43.85.97'
>     * Closing connection
>     * TLSv1.2 (OUT), TLS alert, close notify (256):
>     curl: (60) SSL: no alternative certificate subject name matches target host
>     name
>     '8.43.85.97'
>     More details here: https://curl.se/docs/sslcerts.html
>     <https://curl.se/docs/sslcerts.html>
> 
>     curl failed to verify the legitimacy of the server and therefore could not
>     establish a secure connection to it. To learn more about this situation and
>     how to fix it, please visit the web page mentioned above.
> 
>     and:
> 
>     $ curl -Iv https://cygwin.com/ <https://cygwin.com/>
>     * Host cygwin.com:443 <http://cygwin.com:443> was resolved.
>     * IPv6: 2620:52:3:1:0:246e:9693:128c
>     * IPv4: 8.43.85.97
>     *   Trying [2620:52:3:1:0:246e:9693:128c]:443...
>     * Connected to cygwin.com <http://cygwin.com> (2620:52:3:1:0:246e:9693:128c)
>     port 443
>     * ALPN: curl offers h2,http/1.1
>     * TLSv1.3 (OUT), TLS handshake, Client hello (1):
>     *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
>     *  CApath: none
>     * TLSv1.3 (IN), TLS handshake, Server hello (2):
>     * TLSv1.2 (IN), TLS handshake, Certificate (11):
>     * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
>     * TLSv1.2 (IN), TLS handshake, Server finished (14):
>     * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
>     * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
>     * TLSv1.2 (OUT), TLS handshake, Finished (20):
>     * TLSv1.2 (IN), TLS handshake, Finished (20):
>     * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 /
>     RSASSA-PSS
>     * ALPN: server accepted h2
>     * Server certificate:
>     *  subject: CN=cygwin.com <http://cygwin.com>
>     *  start date: Jan 21 03:06:49 2024 GMT
>     *  expire date: Apr 20 03:06:48 2024 GMT
>     *  subjectAltName: host "cygwin.com <http://cygwin.com>" matched cert's
>     "cygwin.com <http://cygwin.com>"
>     *  issuer: C=US; O=Let's Encrypt; CN=R3
>     *  SSL certificate verify ok.
>     *   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed
>     using sha256WithRSAEncryption
>     *   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed
>     using sha256WithRSAEncryption
>     * using HTTP/2
>     * [HTTP/2] [1] OPENED stream for https://cygwin.com/ <https://cygwin.com/>
>     * [HTTP/2] [1] [:method: HEAD]
>     * [HTTP/2] [1] [:scheme: https]
>     * [HTTP/2] [1] [:authority: cygwin.com <http://cygwin.com>]
>     * [HTTP/2] [1] [:path: /]
>     * [HTTP/2] [1] [user-agent: curl/8.6.0]
>     * [HTTP/2] [1] [accept: */*]
>       > HEAD / HTTP/2
>       > Host: cygwin.com <http://cygwin.com>
>       > User-Agent: curl/8.6.0
>       > Accept: */*
>       >
>     < HTTP/2 200
>     HTTP/2 200
>     < date: Tue, 19 Mar 2024 17:32:27 GMT
>     date: Tue, 19 Mar 2024 17:32:27 GMT
>     < server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.74
>     mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
>     server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k mod_qos/11.74
>     mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
>     < vary: User-Agent,Accept-Encoding
>     vary: User-Agent,Accept-Encoding
>     < accept-ranges: bytes
>     accept-ranges: bytes
>     < content-security-policy: default-src 'self' http: https:
>     content-security-policy: default-src 'self' http: https:
>     < strict-transport-security: max-age=16070400
>     strict-transport-security: max-age=16070400
>     < content-type: text/html; charset=UTF-8
>     content-type: text/html; charset=UTF-8
> 
>     <
>     * Connection #0 to host cygwin.com <http://cygwin.com> left intact
> 
> 
>     Suggest you try to redownload and rerun setup-x86_64,
>     reinstall the latest ca-certificates-letsencrypt and ca-certificates packages,
>     check /var/log/setup.log.full, and rerun wc and cksum.

 > Here the results:
 >
 > $ wc -lwmcL /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
 >    10974   13732  644353  644388      65
 > /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
 >     3129    3794  179890  179894      64
 > /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
 >     8633   10214  501775  501810      65
 > /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
 >     3912    4704  224607  224611      64
 > /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 >    26648   32444 1550625 1550703      65 total
 >
 > $ cksum /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
 > 2281361693 644388 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
 > 2122801285 179894 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
 > 1003749677 501810 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
 > 3542708521 224611 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 >
 > $ curl -Iv https://8.43.85.97/ <https://8.43.85.97/>
 > *   Trying 8.43.85.97:443...
 > * Connected to 8.43.85.97 (8.43.85.97) port 443
 > * ALPN: curl offers h2,http/1.1
 > * TLSv1.3 (OUT), TLS handshake, Client hello (1):
 > *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
 > *  CApath: none
 > * TLSv1.3 (IN), TLS handshake, Server hello (2):
 > * TLSv1.2 (IN), TLS handshake, Certificate (11):
 > * TLSv1.2 (OUT), TLS alert, unknown CA (560):
 > * SSL certificate problem: unable to get local issuer certificate
 > * Closing connection
 > curl: (60) SSL certificate problem: unable to get local issuer certificate
 > More details here: https://curl.se/docs/sslcerts.html
 > <https://curl.se/docs/sslcerts.html>
 >
 > curl failed to verify the legitimacy of the server and therefore could not
 > establish a secure connection to it. To learn more about this situation and
 > how to fix it, please visit the web page mentioned above.
 >
 >
 > $ curl -Iv https://cygwin.com/ <https://cygwin.com/>
 > * Host cygwin.com:443 <http://cygwin.com:443> was resolved.
 > * IPv6: (none)
 > * IPv4: 8.43.85.97
 > *   Trying 8.43.85.97:443...
 > * Connected to cygwin.com <http://cygwin.com> (8.43.85.97) port 443
 > * ALPN: curl offers h2,http/1.1
 > * TLSv1.3 (OUT), TLS handshake, Client hello (1):
 > *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
 > *  CApath: none
 > * TLSv1.3 (IN), TLS handshake, Server hello (2):
 > * TLSv1.2 (IN), TLS handshake, Certificate (11):
 > * TLSv1.2 (OUT), TLS alert, unknown CA (560):
 > * SSL certificate problem: unable to get local issuer certificate
 > * Closing connection
 > curl: (60) SSL certificate problem: unable to get local issuer certificate
 > More details here: https://curl.se/docs/sslcerts.html
 > <https://curl.se/docs/sslcerts.html>
 >
 > curl failed to verify the legitimacy of the server and therefore could not
 > establish a secure connection to it. To learn more about this situation and
 > how to fix it, please visit the web page mentioned above.
 >
 > And the logs are complete:
 >
 > $ cat /var/log/setup.log.full
 > 2024/03/19 19:07:02 Starting cygwin install, version 2.931
 > 2024/03/19 19:07:02 User has backup/restore rights
 > 2024/03/19 19:07:02 User has symlink creation right
 > 2024/03/19 19:07:02 Current Directory: C:\cygwin64\mypackages
 > Could not open service McShield for query, start and stop. McAfee may not be
 > installed, or we don't have access.
 > 2024/03/19 19:07:04 source: network install
 > 2024/03/19 19:07:04 root: C:\cygwin64 system
 > 2024/03/19 19:07:04 Changing gid to Administrators
 > 2024/03/19 19:07:05 Selected local directory: C:\cygwin64\mypackages
 > 2024/03/19 19:07:06 net: Preconfig
 > Loaded cached mirror list
 > User-Agent: default is "Cygwin-Setup/2.931 (Windows NT
 > 10.0.22631;Win64;0c0a;SymLinkPriv)"
 > Request for URL https://cygwin.com/mirrors.lst <https://cygwin.com/mirrors.lst>
 > satisfied from cache
 > Fetched URL: https://cygwin.com/mirrors.lst <https://cygwin.com/mirrors.lst>
 > 2024/03/19 19:07:07 site: https://cygwin.mirror.constant.com/
 > <https://cygwin.mirror.constant.com/>
 > Request for URL https://cygwin.mirror.constant.com/x86_64/setup.zst.sig
 > <https://cygwin.mirror.constant.com/x86_64/setup.zst.sig> satisfied from cache
 > Fetched URL: https://cygwin.mirror.constant.com/x86_64/setup.zst.sig
 > <https://cygwin.mirror.constant.com/x86_64/setup.zst.sig>
 > Request for URL https://cygwin.mirror.constant.com/x86_64/setup.zst
 > <https://cygwin.mirror.constant.com/x86_64/setup.zst> satisfied from cache
 > Fetched URL: https://cygwin.mirror.constant.com/x86_64/setup.zst
 > <https://cygwin.mirror.constant.com/x86_64/setup.zst>
 > signature: sig_type 0, pk_alg 1, hash_alg 8
 > signature: tried key cygwin, returned 0x00000000 Success
 > .ini setup_version is 2.931, our setup_version is 2.931
 > INSTALLED.DB version 3
 > 2024/03/19 19:07:09 solving: 0 tasks, update: yes, use test packages: no
 > libsolv: solver started
 > libsolv: dosplitprovides=0, noupdateprovide=0, noinfarchcheck=0
 > libsolv: allowuninstall=0, allowdowngrade=0, allownamechange=1,
 > allowarchchange=0, allowvendorchange=1
 > libsolv: dupallowdowngrade=1, dupallownamechange=1, dupallowarchchange=1,
 > dupallowvendorchange=1
 > libsolv: promoteepoch=0, forbidselfconflicts=0
 > libsolv: obsoleteusesprovides=0, implicitobsoleteusesprovides=0,
 > obsoleteusescolors=0, implicitobsoleteusescolors=0
 > libsolv: dontinstallrecommended=0, addalreadyrecommended=0
 > onlynamespacerecommended=0
 > libsolv: number of solvables: 55538, memory used: 3037 K
 > libsolv: number of ids: 28164 + 55442
 > libsolv: string memory used: 110 K array + 480 K data,  rel memory used: 649 
K array
 > libsolv: string hash memory: 256 K, rel hash memory : 512 K
 > libsolv: provide ids: 11844
 > libsolv: provide space needed: 41607 + 110884
 > libsolv: shrunk whatprovidesdata from 41607 to 41542
 > libsolv: shrunk whatprovidesauxdata from 41607 to 29760
 > libsolv: whatprovides memory used: 330 K id array, 595 K data
 > libsolv: whatprovidesaux memory used: 110 K id array, 116 K data
 > libsolv: WARNING: pool_addfileprovides was not called, this may result in slow
 > operation
 > libsolv: lazywhatprovidesq size: 0 entries
 > libsolv: createwhatprovides took 0 ms
 > libsolv: obsoletes data: 1 entries
 > libsolv: added 2281 pkg rules for installed solvables
 > libsolv: added 27 pkg rules for updaters of installed solvables
 > libsolv: added 0 pkg rules for packages involved in a job
 > libsolv: added 0 pkg rules because of weak dependencies
 > libsolv: 438 of 27701 installable solvables considered for solving
 > libsolv: pruned rules from 2309 to 2309
 > libsolv:   binary: 1008
 > libsolv:   normal: 1300, 11666 literals
 > libsolv: pkg rule memory used: 54 K
 > libsolv: pkg rule creation took 0 ms
 > libsolv: choice rule creation took 0 ms
 > libsolv: 2308 pkg rules, 2 * 104 update rules, 0 job rules, 0 infarch rules, 0
 > dup rules, 0 choice rules, 0 best rules, 0 yumobs rules
 > libsolv: 0 black rules, 0 recommends rules, 0 repo priority rules
 > libsolv: overall rule memory used: 58 K
 > libsolv: solving...
 > libsolv: resolving job rules
 > libsolv: resolving installed packages
 > libsolv: deciding orphaned packages
 > libsolv: solver statistics: 0 learned rules, 0 unsolvable, 0 minimization steps
 > libsolv: done solving.
 > libsolv: solver took 0 ms
 > libsolv: final solver statistics: 0 problems, 0 learned rules, 0 unsolvable
 > libsolv: solver_solve took 0 ms
 > libsolv:
 > libsolv: transaction:
 > libsolv:
 > libsolv: orphaned packages:
 > libsolv:   base-0.0-0.any (kept)
 > libsolv:   _windows-10.0.22631.any (kept)
 > libsolv:
 > libsolv: ordering transaction
 > libsolv: transaction elements: 0
 > 2024/03/19 19:07:31 solving: 2 tasks, update: no, use test packages: no
 > libsolv: solver started
 > libsolv: dosplitprovides=0, noupdateprovide=0, noinfarchcheck=0
 > libsolv: allowuninstall=0, allowdowngrade=0, allownamechange=1,
 > allowarchchange=0, allowvendorchange=1
 > libsolv: dupallowdowngrade=1, dupallownamechange=1, dupallowarchchange=1,
 > dupallowvendorchange=1
 > libsolv: promoteepoch=0, forbidselfconflicts=0
 > libsolv: obsoleteusesprovides=0, implicitobsoleteusesprovides=0,
 > obsoleteusescolors=0, implicitobsoleteusescolors=0
 > libsolv: dontinstallrecommended=0, addalreadyrecommended=0
 > onlynamespacerecommended=0
 > libsolv: obsoletes data: 1 entries
 > libsolv: added 0 pkg rules for installed solvables
 > libsolv: added 0 pkg rules for updaters of installed solvables
 > libsolv: added 0 pkg rules for packages involved in a job
 > libsolv: added 0 pkg rules because of weak dependencies
 > libsolv: 438 of 27701 installable solvables considered for solving
 > libsolv: pkg rule memory used: 54 K
 > libsolv: pkg rule creation took 0 ms
 > libsolv: choice rule creation took 0 ms
 > libsolv: 2308 pkg rules, 2 * 104 update rules, 0 job rules, 0 infarch rules, 0
 > dup rules, 0 choice rules, 0 best rules, 0 yumobs rules
 > libsolv: 0 black rules, 0 recommends rules, 0 repo priority rules
 > libsolv: overall rule memory used: 58 K
 > libsolv: solving...
 > libsolv: resolving job rules
 > libsolv: resolving installed packages
 > libsolv: deciding orphaned packages
 > libsolv: solver statistics: 0 learned rules, 0 unsolvable, 0 minimization steps
 > libsolv: done solving.
 > libsolv: solver took 0 ms
 > libsolv: final solver statistics: 0 problems, 0 learned rules, 0 unsolvable
 > libsolv: solver_solve took 0 ms
 > libsolv:
 > libsolv: transaction:
 > libsolv:
 > libsolv: orphaned packages:
 > libsolv:   base-0.0-0.any (kept)
 > libsolv:   _windows-10.0.22631.any (kept)
 > libsolv:
 > libsolv: ordering transaction
 > libsolv: transaction elements: 0
 > 2024/03/19 19:07:31 Augmented Transaction List:
 > 2024/03/19 19:07:31    0   erase ca-certificates             2023.2.62_v7.0.401-2
 > 2024/03/19 19:07:31    1 install ca-certificates             2023.2.62_v7.0.401-2
 > 2024/03/19 19:07:31    2   erase ca-certificates-letsencrypt 2023.2.62_v7.0.401-2
 > 2024/03/19 19:07:31    3 install ca-certificates-letsencrypt 2023.2.62_v7.0.401-2
 > Checking SHA512 for
 > file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
 > 
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-2023.2.62_v7.0.401-2.tar.zst
 > SHA512 verified OK:
 > file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
 > 
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-2023.2.62_v7.0.401-2.tar.zst 
c321fe270a76dab4318eda354e4e067b715b9fca9ea8dfe792132be6665603f6012ff37250b0a2445764433f8918cbfd92bfe8a51ca76f427f2a00cf6fbe8283
 > Checking SHA512 for
 > file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
 > 
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-letsencrypt/ca-certificates-letsencrypt-2023.2.62_v7.0.401-2.tar.zst
 > SHA512 verified OK:
 > file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
 > 
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-letsencrypt/ca-certificates-letsencrypt-2023.2.62_v7.0.401-2.tar.zst 
dd6d200957aac18959e5495490923a752c1c4fc4f5040107620f5472ce5b902b8480096b1b5eb25a44aa2c79ec543f45cf5dfb7c7b76cf7997b8a74343ec5eac
 > 2024/03/19 19:07:34 Registry value set:
 > HKEY_LOCAL_MACHINE\Software\Cygwin\setup\rootdir = "C:\cygwin64"
 > Running preremove script for ca-certificates
 > 2024/03/19 19:07:34 running: C:\cygwin64\bin\bash.exe --norc --noprofile
 > "/etc/preremove/ca-certificates.sh"
 > Running preremove script for ca-certificates-letsencrypt
 > 2024/03/19 19:07:35 running: C:\cygwin64\bin\bash.exe --norc --noprofile
 > "/etc/preremove/ca-certificates-letsencrypt.sh"
 > 2024/03/19 19:07:37 Uninstalling ca-certificates
 > unlink C:\cygwin64/etc/defaults/etc/pki/ca-trust/ca-legacy.conf
 > unlink C:\cygwin64/etc/pki/ca-trust/extracted/edk2/cacerts.bin
 > unlink C:\cygwin64/etc/pki/ca-trust/extracted/edk2/README
 > unlink C:\cygwin64/etc/pki/ca-trust/extracted/java/cacerts
 > unlink C:\cygwin64/etc/pki/ca-trust/extracted/java/README
 > unlink C:\cygwin64/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
 > unlink C:\cygwin64/etc/pki/ca-trust/extracted/openssl/README
 > unlink C:\cygwin64/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
 > unlink C:\cygwin64/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
 > unlink C:\cygwin64/etc/pki/ca-trust/extracted/pem/README
 > unlink C:\cygwin64/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 > unlink C:\cygwin64/etc/pki/ca-trust/extracted/README
 > unlink C:\cygwin64/etc/pki/ca-trust/source/README
 > unlink C:\cygwin64\bin/ca-legacy
 > unlink C:\cygwin64\bin/update-ca-trust
 > unlink C:\cygwin64/usr/share/man/man8/ca-legacy.8.gz
 > unlink C:\cygwin64/usr/share/man/man8/update-ca-trust.8.gz
 > unlink C:\cygwin64/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt
 > unlink C:\cygwin64/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt
 > unlink C:\cygwin64/usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit
 > unlink C:\cygwin64/usr/share/pki/ca-trust-source/README
 > unlink C:\cygwin64/etc/pki/tls/cert.pem
 > unlink C:\cygwin64/etc/pki/tls/certs/ca-bundle.crt
 > unlink C:\cygwin64/etc/pki/tls/certs/ca-bundle.trust.crt
 > unlink C:\cygwin64/etc/ssl/certs
 > unlink C:\cygwin64/usr/libexec/p11-kit/trust-extract-compat
 > unlink C:\cygwin64\lib/security/cacerts
 > rmdir C:\cygwin64/usr/share/pki/ca-trust-source/blacklist
 > rmdir C:\cygwin64/usr/share/pki/ca-trust-source/anchors
 > rmdir C:\cygwin64/usr/share/pki/ca-trust-source
 > rmdir C:\cygwin64/usr/share/pki/ca-trust-legacy
 > rmdir C:\cygwin64\lib/security
 > rmdir C:\cygwin64/etc/ssl
 > rmdir C:\cygwin64/etc/pki/tls/certs
 > rmdir C:\cygwin64/etc/pki/ca-trust/source/blacklist
 > rmdir C:\cygwin64/etc/pki/ca-trust/source/anchors
 > rmdir C:\cygwin64/etc/pki/ca-trust/extracted/openssl
 > rmdir C:\cygwin64/etc/pki/ca-trust/extracted/java
 > rmdir C:\cygwin64/etc/pki/ca-trust/extracted/edk2
 > rmdir C:\cygwin64/etc/defaults/etc/pki/ca-trust
 > 2024/03/19 19:07:37 Uninstalling ca-certificates-letsencrypt
 > unlink C:\cygwin64/usr/share/pki/letsencrypt/isrg-intermediate-r3.pem
 > unlink C:\cygwin64/usr/share/pki/letsencrypt/isrg-root-x1.pem
 > unlink C:\cygwin64/usr/share/pki/letsencrypt/isrg-root-x2.pem
 > unlink C:\cygwin64/usr/share/pki/letsencrypt/README
 > unlink C:\cygwin64/usr/share/pki/letsencrypt/trustid-root-x3.pem
 > rmdir C:\cygwin64/usr/share/pki/letsencrypt
 > rmdir C:\cygwin64/usr/share/pki
 > 2024/03/19 19:07:37 Extracting from
 > file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
 > 
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-2023.2.62_v7.0.401-2.tar.zst
 > Installing file cygfile:///etc/defaults/etc/pki/ca-trust/ca-legacy.conf
 > Installing file cygfile:///etc/pki/ca-trust/
 > Installing file cygfile:///etc/pki/ca-trust/extracted/
 > Installing file cygfile:///etc/pki/ca-trust/extracted/edk2/
 > Installing file cygfile:///etc/pki/ca-trust/extracted/edk2/cacerts.bin
 > Installing file cygfile:///etc/pki/ca-trust/extracted/edk2/README
 > Installing file cygfile:///etc/pki/ca-trust/extracted/java/
 > Installing file cygfile:///etc/pki/ca-trust/extracted/java/cacerts
 > Installing file cygfile:///etc/pki/ca-trust/extracted/java/README
 > Installing file cygfile:///etc/pki/ca-trust/extracted/openssl/
 > Installing file cygfile:///etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
 > Installing file cygfile:///etc/pki/ca-trust/extracted/openssl/README
 > Installing file cygfile:///etc/pki/ca-trust/extracted/pem/
 > Installing file cygfile:///etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
 > Installing file cygfile:///etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
 > Installing file cygfile:///etc/pki/ca-trust/extracted/pem/README
 > Installing file cygfile:///etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
 > Installing file cygfile:///etc/pki/ca-trust/extracted/README
 > Installing file cygfile:///etc/pki/ca-trust/source/
 > Installing file cygfile:///etc/pki/ca-trust/source/anchors/
 > Installing file cygfile:///etc/pki/ca-trust/source/blacklist/
 > Installing file cygfile:///etc/pki/ca-trust/source/README
 > Installing file cygfile:///etc/postinstall/ca-certificates.sh
 > Installing file cygfile:///etc/preremove/ca-certificates.sh
 > Installing file cygfile:///usr/bin/ca-legacy
 > Installing file cygfile:///usr/bin/update-ca-trust
 > Installing file cygfile:///usr/libexec/p11-kit/
 > Installing file cygfile:///usr/share/man/man8/ca-legacy.8.gz
 > Installing file cygfile:///usr/share/man/man8/update-ca-trust.8.gz
 > Installing file cygfile:///usr/share/pki/ca-trust-legacy/
 > Installing file
 > cygfile:///usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt
 > Installing file
 > cygfile:///usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt
 > Installing file cygfile:///usr/share/pki/ca-trust-source/
 > Installing file cygfile:///usr/share/pki/ca-trust-source/anchors/
 > Installing file cygfile:///usr/share/pki/ca-trust-source/blacklist/
 > Installing file cygfile:///usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit
 > Installing file cygfile:///usr/share/pki/ca-trust-source/README
 > Installing file cygfile:///etc/pki/tls/cert.pem
 > io_stream::mklink
 > 
(cygfile:///etc/pki/tls/cert.pem->cygfile:///etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem)
 > Installing file cygfile:///etc/pki/tls/certs/ca-bundle.crt
 > io_stream::mklink
 > 
(cygfile:///etc/pki/tls/certs/ca-bundle.crt->cygfile:///etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem)
 > Installing file cygfile:///etc/pki/tls/certs/ca-bundle.trust.crt
 > io_stream::mklink
 > 
(cygfile:///etc/pki/tls/certs/ca-bundle.trust.crt->cygfile:///etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt)
 > Installing file cygfile:///etc/ssl/certs
 > io_stream::mklink (cygfile:///etc/ssl/certs->cygfile:///etc/pki/tls/certs)
 > Installing file cygfile:///usr/libexec/p11-kit/trust-extract-compat
 > io_stream::mklink
 > 
(cygfile:///usr/libexec/p11-kit/trust-extract-compat->cygfile://../../bin/update-ca-trust)
 > Installing file cygfile:///usr/lib/security/cacerts
 > io_stream::mklink
 > 
(cygfile:///usr/lib/security/cacerts->cygfile:///etc/pki/ca-trust/extracted/java/cacerts)
 > 2024/03/19 19:07:37 Extracting from
 > file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
 > 
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-letsencrypt/ca-certificates-letsencrypt-2023.2.62_v7.0.401-2.tar.zst
 > Installing file cygfile:///etc/postinstall/ca-certificates-letsencrypt.sh
 > Installing file cygfile:///etc/preremove/ca-certificates-letsencrypt.sh
 > Installing file cygfile:///usr/share/pki/letsencrypt/
 > Installing file cygfile:///usr/share/pki/letsencrypt/isrg-intermediate-r3.pem
 > Installing file cygfile:///usr/share/pki/letsencrypt/isrg-root-x1.pem
 > Installing file cygfile:///usr/share/pki/letsencrypt/isrg-root-x2.pem
 > Installing file cygfile:///usr/share/pki/letsencrypt/README
 > Installing file cygfile:///usr/share/pki/letsencrypt/trustid-root-x3.pem
 > Visited: 102 nodes out of 11806 while creating dependency order.
 > Dependency order of packages: terminfo zlib0 libzstd1 libgcc1 libncursesw10
 > libreadline7 libintl8 libiconv2 bash cygwin dash _autorebase alternatives
 > base-cygwin libattr1 libgmp10 tzdata tzcode coreutils findutils sed base-files
 > libbz2_1 bzip2 libffi6 libp11-kit0 p11-kit libtasn1_6 p11-kit-trust
 > ca-certificates ca-certificates-letsencrypt crypto-policies libbrotlicommon1
 > libbrotlidec1 libgpg-error0 libgcrypt20 libgsasl-common libcom_err2
 > libkrb5support0 libk5crypto3 libkrb5_3 libgssapi_krb5_2 libidn12 libntlm0
 > libgsasl18 libidn2_0 libnghttp2_14 libcrypt2 libstdc++6 libdb5.3 libssl3
 > libssl1.1 libopenldap2_4_2 libsasl2_3 libopenldap2 libunistring5
 > publicsuffix-list-dafsa libpsl5 libssh2_1 libcurl4 curl libpopt-common libpopt0
 > cygutils diffutils editrights liblzma5 file libmpfr6 gawk libargp getent
 > libpcre2_8_0 grep libuchardet0 groff gzip hostname info ipc-utils libpcre1 less
 > libuuid1 libblkid1 libfdisk1 libgdbm6 liblz4_1 libpipeline1 libsmartcols1 login
 > util-linux man-db mintty ncurses openssl rebase run xz zstd tar vim-minimal which
 > 2024/03/19 19:07:37 running: C:\cygwin64\bin\dash.exe
 > "/etc/postinstall/0p_000_autorebase.dash"
 > removing /var/cache/rebase/rebase_dyn
 > creating empty /var/cache/rebase/rebase_dyn
 > Updating rebase information for dynamic language modules/libraries
 > /var/cache/rebase/rebase_dyn.
 > removing /var/cache/rebase/rebase_dyn_exe
 > creating empty /var/cache/rebase/rebase_dyn_exe
 > Updating rebase information for user-defined executables
 > /var/cache/rebase/rebase_dyn_exe.
 > removing /var/cache/rebase/rebase_pkg
 > creating empty /var/cache/rebase/rebase_pkg
 > Updating package information in /var/cache/rebase/rebase_pkg.
 >    from /etc/setup/alternatives.lst.gz
 >    from /etc/setup/base-cygwin.lst.gz
 >    from /etc/setup/base-files.lst.gz
 >    from /etc/setup/bash.lst.gz
 >    from /etc/setup/bzip2.lst.gz
 >    from /etc/setup/ca-certificates-letsencrypt.lst.gz
 >    from /etc/setup/ca-certificates.lst.gz
 >    from /etc/setup/coreutils.lst.gz
 >    from /etc/setup/crypto-policies.lst.gz
 >    from /etc/setup/curl.lst.gz
 >    from /etc/setup/cygutils.lst.gz
 >    from /etc/setup/cygwin.lst.gz
 >    from /etc/setup/dash.lst.gz
 >    from /etc/setup/diffutils.lst.gz
 >    from /etc/setup/editrights.lst.gz
 >    from /etc/setup/file.lst.gz
 >    from /etc/setup/findutils.lst.gz
 >    from /etc/setup/gawk.lst.gz
 >    from /etc/setup/getent.lst.gz
 >    from /etc/setup/grep.lst.gz
 >    from /etc/setup/groff.lst.gz
 >    from /etc/setup/gzip.lst.gz
 >    from /etc/setup/hostname.lst.gz
 >    from /etc/setup/info.lst.gz
 >    from /etc/setup/ipc-utils.lst.gz
 >    from /etc/setup/less.lst.gz
 >    from /etc/setup/libargp.lst.gz
 >    from /etc/setup/libattr1.lst.gz
 >    from /etc/setup/libblkid1.lst.gz
 >    from /etc/setup/libbrotlicommon1.lst.gz
 >    from /etc/setup/libbrotlidec1.lst.gz
 >    from /etc/setup/libbz2_1.lst.gz
 >    from /etc/setup/libcom_err2.lst.gz
 >    from /etc/setup/libcrypt2.lst.gz
 >    from /etc/setup/libcurl4.lst.gz
 >    from /etc/setup/libdb5.3.lst.gz
 >    from /etc/setup/libfdisk1.lst.gz
 >    from /etc/setup/libffi6.lst.gz
 >    from /etc/setup/libgcc1.lst.gz
 >    from /etc/setup/libgcrypt20.lst.gz
 >    from /etc/setup/libgdbm6.lst.gz
 >    from /etc/setup/libgmp10.lst.gz
 >    from /etc/setup/libgpg-error0.lst.gz
 >    from /etc/setup/libgsasl-common.lst.gz
 >    from /etc/setup/libgsasl18.lst.gz
 >    from /etc/setup/libgssapi_krb5_2.lst.gz
 >    from /etc/setup/libiconv2.lst.gz
 >    from /etc/setup/libidn12.lst.gz
 >    from /etc/setup/libidn2_0.lst.gz
 >    from /etc/setup/libintl8.lst.gz
 >    from /etc/setup/libk5crypto3.lst.gz
 >    from /etc/setup/libkrb5support0.lst.gz
 >    from /etc/setup/libkrb5_3.lst.gz
 >    from /etc/setup/liblz4_1.lst.gz
 >    from /etc/setup/liblzma5.lst.gz
 >    from /etc/setup/libmpfr6.lst.gz
 >    from /etc/setup/libncursesw10.lst.gz
 >    from /etc/setup/libnghttp2_14.lst.gz
 >    from /etc/setup/libntlm0.lst.gz
 >    from /etc/setup/libopenldap2.lst.gz
 >    from /etc/setup/libopenldap2_4_2.lst.gz
 >    from /etc/setup/libp11-kit0.lst.gz
 >    from /etc/setup/libpcre1.lst.gz
 >    from /etc/setup/libpcre2_8_0.lst.gz
 >    from /etc/setup/libpipeline1.lst.gz
 >    from /etc/setup/libpopt-common.lst.gz
 >    from /etc/setup/libpopt0.lst.gz
 >    from /etc/setup/libpsl5.lst.gz
 >    from /etc/setup/libreadline7.lst.gz
 >    from /etc/setup/libsasl2_3.lst.gz
 >    from /etc/setup/libsmartcols1.lst.gz
 >    from /etc/setup/libssh2_1.lst.gz
 >    from /etc/setup/libssl1.1.lst.gz
 >    from /etc/setup/libssl3.lst.gz
 >    from /etc/setup/libstdc++6.lst.gz
 >    from /etc/setup/libtasn1_6.lst.gz
 >    from /etc/setup/libuchardet0.lst.gz
 >    from /etc/setup/libunistring5.lst.gz
 >    from /etc/setup/libuuid1.lst.gz
 >    from /etc/setup/libzstd1.lst.gz
 >    from /etc/setup/login.lst.gz
 >    from /etc/setup/man-db.lst.gz
 >    from /etc/setup/mintty.lst.gz
 >    from /etc/setup/ncurses.lst.gz
 >    from /etc/setup/openssl.lst.gz
 >    from /etc/setup/p11-kit-trust.lst.gz
 >    from /etc/setup/p11-kit.lst.gz
 >    from /etc/setup/publicsuffix-list-dafsa.lst.gz
 >    from /etc/setup/rebase.lst.gz
 >    from /etc/setup/run.lst.gz
 >    from /etc/setup/sed.lst.gz
 >    from /etc/setup/tar.lst.gz
 >    from /etc/setup/terminfo.lst.gz
 >    from /etc/setup/tzcode.lst.gz
 >    from /etc/setup/tzdata.lst.gz
 >    from /etc/setup/util-linux.lst.gz
 >    from /etc/setup/vim-minimal.lst.gz
 >    from /etc/setup/which.lst.gz
 >    from /etc/setup/xz.lst.gz
 >    from /etc/setup/zlib0.lst.gz
 >    from /etc/setup/zstd.lst.gz
 >    from /etc/setup/_autorebase.lst.gz
 > removing /var/cache/rebase/rebase_lst
 > creating empty /var/cache/rebase/rebase_lst
 > Updating rebase information for installed dynamic objects in
 > /var/cache/rebase/rebase_lst.
 > Updating rebase information for installed executables in
 > /var/cache/rebase/rebase_exe.
 > Rebasing with list /var/cache/rebase/rebase_all, built from
 > /var/cache/rebase/rebase_dyn /var/cache/rebase/rebase_lst.
 > 2024/03/19 19:07:39 running: C:\cygwin64\bin\dash.exe
 > "/etc/postinstall/0p_update-info-dir.dash"
 > 2024/03/19 19:07:39 running: C:\cygwin64\bin\bash.exe --norc --noprofile
 > "/etc/postinstall/ca-certificates.sh"
 > 2024/03/19 19:07:41 running: C:\cygwin64\bin\bash.exe --norc --noprofile
 > "/etc/postinstall/ca-certificates-letsencrypt.sh"
 > 2024/03/19 19:07:43 running: C:\cygwin64\bin\dash.exe
 > "/etc/postinstall/zp_man-db-update-index.dash"
 >    ManDB index not available.
 > Program directory for program link: C:\ProgramData\Microsoft\Windows\Start
 > Menu\Programs
 > Desktop directory for desktop link: C:\Users\Public\Desktop
 > Program directory for program link: C:\ProgramData\Microsoft\Windows\Start
 > Menu\Programs/Cygwin
 > Desktop directory for desktop link: C:\Users\Public\Desktop
 > 2024/03/19 19:07:48 note: Installation Complete
 > 2024/03/19 19:07:48 Ending cygwin install

What happens when you try Achim's openssl test:

$ openssl s_client -connect cygwin.com:443

and ldd (or cygcheck):

$ ldd /usr/bin/curl
         ntdll.dll => /cygdrive/c/WINDOWS/SYSTEM32/ntdll.dll (0x7ffadca50000)
         KERNEL32.DLL => /cygdrive/c/WINDOWS/System32/KERNEL32.DLL (0x7ffadb6d0000)
         KERNELBASE.dll => /cygdrive/c/WINDOWS/System32/KERNELBASE.dll 
(0x7ffada490000)
         cygz.dll => /usr/bin/cygz.dll (0x597fd0000)
         cygcurl-4.dll => /usr/bin/cygcurl-4.dll (0x482aa0000)
         cygwin1.dll => /usr/bin/cygwin1.dll (0x7ffaca810000)
         cygbrotlidec-1.dll => /usr/bin/cygbrotlidec-1.dll (0x42f930000)
         cygcrypto-3.dll => /usr/bin/cygcrypto-3.dll (0x5e01a0000)
         cyggsasl-18.dll => /usr/bin/cyggsasl-18.dll (0x5d9200000)
         cyggssapi_krb5-2.dll => /usr/bin/cyggssapi_krb5-2.dll (0x3d4300000)
         cygidn2-0.dll => /usr/bin/cygidn2-0.dll (0x484880000)
         cygldap-2.dll => /usr/bin/cygldap-2.dll (0x41c390000)
         cyglber-2.dll => /usr/bin/cyglber-2.dll (0x478820000)
         cygpsl-5.dll => /usr/bin/cygpsl-5.dll (0x5d5880000)
         cygssl-3.dll => /usr/bin/cygssl-3.dll (0x4ad080000)
         cygzstd-1.dll => /usr/bin/cygzstd-1.dll (0x3a6b30000)
         cygssh2-1.dll => /usr/bin/cygssh2-1.dll (0x458bf0000)
         cygbrotlicommon-1.dll => /usr/bin/cygbrotlicommon-1.dll (0x4678a0000)
         cygk5crypto-3.dll => /usr/bin/cygk5crypto-3.dll (0x3b8240000)
         cyggcrypt-20.dll => /usr/bin/cyggcrypt-20.dll (0x4a4450000)
         cygiconv-2.dll => /usr/bin/cygiconv-2.dll (0x38e6a0000)
         cygintl-8.dll => /usr/bin/cygintl-8.dll (0x5ee2d0000)
         cygkrb5-3.dll => /usr/bin/cygkrb5-3.dll (0x3b80b0000)
         cygkrb5support-0.dll => /usr/bin/cygkrb5support-0.dll (0x3b8090000)
         cygcom_err-2.dll => /usr/bin/cygcom_err-2.dll (0x3de3c0000)
         cygidn-12.dll => /usr/bin/cygidn-12.dll (0x50a910000)
         cygntlm-0.dll => /usr/bin/cygntlm-0.dll (0x3b58f0000)
         cygunistring-5.dll => /usr/bin/cygunistring-5.dll (0x385080000)
         cygcrypto-1.1.dll => /usr/bin/cygcrypto-1.1.dll (0x41c650000)
         cyggcc_s-seh-1.dll => /usr/bin/cyggcc_s-seh-1.dll (0x50caa0000)
         cyggpg-error-0.dll => /usr/bin/cyggpg-error-0.dll (0x3d55b0000)
         cygnghttp2-14.dll => /usr/bin/cygnghttp2-14.dll (0x5ba920000)
         cygsasl2-3.dll => /usr/bin/cygsasl2-3.dll (0x3ae480000)

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry


More information about the Cygwin mailing list