Re: wget does not recognize PKI?
- Date: Sun, 5 Aug 2018 22:03:24 +0200
- From: Csaba Raduly <rcsaba@xxxxxxxxx>
- Subject: Re: wget does not recognize PKI?
On Sun, Aug 5, 2018 at 7:36 PM, Marco Atzeri wrote:
> Am 05.08.2018 um 19:12 schrieb Andrey Repin:
>> Greetings, All!
>> $ wget https://ca.rootdir.org/ca.crl
>> --2018-08-05 20:05:28-- https://ca.rootdir.org/ca.crl
>> Resolving ca.rootdir.org (ca.rootdir.org)... 192.168.1.6
>> Connecting to ca.rootdir.org (ca.rootdir.org)|192.168.1.6|:443...
>> ERROR: The certificate of ‘ca.rootdir.org’ is not trusted.
>> ERROR: The certificate of ‘ca.rootdir.org’ hasn't got a known issuer.
>> What's going on?
> It seems not a cygwin issue:
> "This connection is not secure
> The owner of ca.rootdir.org did not properly configure the site. Firefox has
> not affiliated with this site to protect your information from theft."
And not just Firefox :
$ curl -v https://ca.rootdir.org/ca.crl
* STATE: INIT => CONNECT handle 0x600057990; line 1404 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x600057990; line 1440 (connection #0)
* Trying 18.104.22.168...
* TCP_NODELAY set
* STATE: WAITRESOLVE => WAITCONNECT handle 0x600057990; line 1521
* Connected to ca.rootdir.org (22.214.171.124) port 443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057990; line 1573
* Marked for [keep alive]: HTTP default
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057990; line
1587 (connection #0)
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: self signed certificate in certificate chain
* Marked for [closure]: Failed HTTPS connection
* stopped the pause stream!
* Closing connection 0
* The cache now contains 0 members
* Expire cleared
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
You can get very substantial performance improvements
by not doing the right thing. - Scott Meyers, An Effective C++11/14 Sampler
So if you're looking for a completely portable, 100% standards-conformat way
to get the wrong information: this is what you want. - Scott Meyers (C++TDaWYK)
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple