Currently, root CA certificates of Cygwin are installed via ca-certificates package, and at least libcurl sees it. However, wget on https URL always results in verify error, since wget relies on SSL_CTX_set_default_verify_paths() of OpenSSL, but OpenSSL doesn't see certificates installed via ca-certificate package.
As far as I can see (using strings cygcrypto-1.0.0.dll | grep or something), default store file for OpenSSL is configured as /usr/ssl/cert.pem and directory is /usr/ssl/certs/. Therefore I tried ln -s /usr/ssl/certs/ca-bundle.crt /usr/ssl/cert.pem and it works. Now I can use wget without --no-check-certificate. Is it possible to link ca-bundle.crt to /usr/ssl/cert.pem like above on ca-certificates package installation? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
