Web lists-archives.com

Re: wget does not recognize PKI?




On Sun, Aug 5, 2018 at 7:36 PM, Marco Atzeri  wrote:
> Am 05.08.2018 um 19:12 schrieb Andrey Repin:
>>
>> Greetings, All!
>>
>> $ wget https://ca.rootdir.org/ca.crl
>> --2018-08-05 20:05:28--  https://ca.rootdir.org/ca.crl
>> Resolving ca.rootdir.org (ca.rootdir.org)... 192.168.1.6
>> Connecting to ca.rootdir.org (ca.rootdir.org)|192.168.1.6|:443...
>> connected.
>> ERROR: The certificate of ‘ca.rootdir.org’ is not trusted.
>> ERROR: The certificate of ‘ca.rootdir.org’ hasn't got a known issuer.
>>
>
>>
>> What's going on?
>>
>
> It seems not a cygwin issue:
>
> "This connection is not secure
>
> The owner of ca.rootdir.org did not properly configure the site. Firefox has
> not affiliated with this site to protect your information from theft."
>

And not just Firefox :

$ curl -v https://ca.rootdir.org/ca.crl
* STATE: INIT => CONNECT handle 0x600057990; line 1404 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x600057990; line 1440 (connection #0)
*   Trying 77.50.25.68...
* TCP_NODELAY set
* STATE: WAITRESOLVE => WAITCONNECT handle 0x600057990; line 1521
(connection #0)
* Connected to ca.rootdir.org (77.50.25.68) port 443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057990; line 1573
(connection #0)
* Marked for [keep alive]: HTTP default
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
  CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057990; line
1587 (connection #0)
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, Server hello (2):
* SSL certificate problem: self signed certificate in certificate chain
* Marked for [closure]: Failed HTTPS connection
* multi_done
* stopped the pause stream!
* Closing connection 0
* The cache now contains 0 members
* Expire cleared
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.



Csaba
-- 
You can get very substantial performance improvements
by not doing the right thing. - Scott Meyers, An Effective C++11/14 Sampler
So if you're looking for a completely portable, 100% standards-conformat way
to get the wrong information: this is what you want. - Scott Meyers (C++TDaWYK)

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple