On Sun, Aug 5, 2018 at 7:36 PM, Marco Atzeri wrote: > Am 05.08.2018 um 19:12 schrieb Andrey Repin: >> >> Greetings, All! >> >> $ wget https://ca.rootdir.org/ca.crl >> --2018-08-05 20:05:28-- https://ca.rootdir.org/ca.crl >> Resolving ca.rootdir.org (ca.rootdir.org)... 192.168.1.6 >> Connecting to ca.rootdir.org (ca.rootdir.org)|192.168.1.6|:443... >> connected. >> ERROR: The certificate of ‘ca.rootdir.org’ is not trusted. >> ERROR: The certificate of ‘ca.rootdir.org’ hasn't got a known issuer. >> > >> >> What's going on? >> > > It seems not a cygwin issue: > > "This connection is not secure > > The owner of ca.rootdir.org did not properly configure the site. Firefox has > not affiliated with this site to protect your information from theft." >
And not just Firefox : $ curl -v https://ca.rootdir.org/ca.crl * STATE: INIT => CONNECT handle 0x600057990; line 1404 (connection #-5000) * Added connection 0. The cache now contains 1 members * STATE: CONNECT => WAITRESOLVE handle 0x600057990; line 1440 (connection #0) * Trying 77.50.25.68... * TCP_NODELAY set * STATE: WAITRESOLVE => WAITCONNECT handle 0x600057990; line 1521 (connection #0) * Connected to ca.rootdir.org (77.50.25.68) port 443 (#0) * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057990; line 1573 (connection #0) * Marked for [keep alive]: HTTP default * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057990; line 1587 (connection #0) * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, Server hello (2): * SSL certificate problem: self signed certificate in certificate chain * Marked for [closure]: Failed HTTPS connection * multi_done * stopped the pause stream! * Closing connection 0 * The cache now contains 0 members * Expire cleared curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. Csaba -- You can get very substantial performance improvements by not doing the right thing. - Scott Meyers, An Effective C++11/14 Sampler So if you're looking for a completely portable, 100% standards-conformat way to get the wrong information: this is what you want. - Scott Meyers (C++TDaWYK) -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple