On 2024-03-19 12:15, J M wrote:
El mar, 19 mar 2024 a las 18:39, Brian Inglis via Cygwin escribió:
On 2024-03-19 11:00, J M wrote:
> $ file /etc/pki/tls/certs/*
> /etc/pki/tls/certs/ca-bundle.crt: symbolic link to
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> /etc/pki/tls/certs/ca-bundle.trust.crt: symbolic link to
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
>
> $ grep -c '^-----BEGIN.*CERTIFICATE-----$'
> /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:369
> /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem:116
> /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem:295
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:145
>
> $ grep '^#\s\(ISRG\|R3\)'
/etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X1
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# ISRG Root X2
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt:# R3
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X1
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# ISRG Root X2
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:# R3
>
> Looks the same except the matched number lines of the grep -c.
>
> $ sum /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
> /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> 22972 630 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> 34027 176 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
> 36930 491 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
> 05844 220 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
The following are a bit more useful:
$ wc -lwmcL /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
11307 14152 664107 664142 65
/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
3368 4080 193879 193883 64
/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
8816 10434 512531 512566 65
/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
4236 5094 243623 243627 64
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
27727 33760 1614140 1614218 65 total
$ cksum /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
317625824 664142 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
382586407 193883 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
1244815702 512566 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
1065593997 243627 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
I would also like to see what you get running:
$ curl -Iv https://8.43.85.97/ <https://8.43.85.97/>
* Trying 8.43.85.97:443...
* Connected to 8.43.85.97 (8.43.85.97) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 /
RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: CN=cygwin.com <http://cygwin.com>
* start date: Jan 21 03:06:49 2024 GMT
* expire date: Apr 20 03:06:48 2024 GMT
* subjectAltName does not match 8.43.85.97
* SSL: no alternative certificate subject name matches target host name
'8.43.85.97'
* Closing connection
* TLSv1.2 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host
name
'8.43.85.97'
More details here: https://curl.se/docs/sslcerts.html
<https://curl.se/docs/sslcerts.html>
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
and:
$ curl -Iv https://cygwin.com/ <https://cygwin.com/>
* Host cygwin.com:443 <http://cygwin.com:443> was resolved.
* IPv6: 2620:52:3:1:0:246e:9693:128c
* IPv4: 8.43.85.97
* Trying [2620:52:3:1:0:246e:9693:128c]:443...
* Connected to cygwin.com <http://cygwin.com> (2620:52:3:1:0:246e:9693:128c)
port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / X25519 /
RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: CN=cygwin.com <http://cygwin.com>
* start date: Jan 21 03:06:49 2024 GMT
* expire date: Apr 20 03:06:48 2024 GMT
* subjectAltName: host "cygwin.com <http://cygwin.com>" matched cert's
"cygwin.com <http://cygwin.com>"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed
using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed
using sha256WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://cygwin.com/ <https://cygwin.com/>
* [HTTP/2] [1] [:method: HEAD]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: cygwin.com <http://cygwin.com>]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> HEAD / HTTP/2
> Host: cygwin.com <http://cygwin.com>
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/2 200
HTTP/2 200
< date: Tue, 19 Mar 2024 17:32:27 GMT
date: Tue, 19 Mar 2024 17:32:27 GMT
< server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k
mod_qos/11.74
mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
server: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1k
mod_qos/11.74
mod_wsgi/4.6.4 Python/3.6 mod_perl/2.0.12 Perl/v5.26.3
< vary: User-Agent,Accept-Encoding
vary: User-Agent,Accept-Encoding
< accept-ranges: bytes
accept-ranges: bytes
< content-security-policy: default-src 'self' http: https:
content-security-policy: default-src 'self' http: https:
< strict-transport-security: max-age=16070400
strict-transport-security: max-age=16070400
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
<
* Connection #0 to host cygwin.com <http://cygwin.com> left intact
Suggest you try to redownload and rerun setup-x86_64,
reinstall the latest ca-certificates-letsencrypt and ca-certificates
packages,
check /var/log/setup.log.full, and rerun wc and cksum.
> Here the results:
>
> $ wc -lwmcL /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
> 10974 13732 644353 644388 65
> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> 3129 3794 179890 179894 64
> /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
> 8633 10214 501775 501810 65
> /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
> 3912 4704 224607 224611 64
> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> 26648 32444 1550625 1550703 65 total
>
> $ cksum /etc/pki/ca-trust/extracted/{openssl/*.crt,pem/*.pem}
> 2281361693 644388 /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> 2122801285 179894 /etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
> 1003749677 501810 /etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
> 3542708521 224611 /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
>
> $ curl -Iv https://8.43.85.97/ <https://8.43.85.97/>
> * Trying 8.43.85.97:443...
> * Connected to 8.43.85.97 (8.43.85.97) port 443
> * ALPN: curl offers h2,http/1.1
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> * CApath: none
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (OUT), TLS alert, unknown CA (560):
> * SSL certificate problem: unable to get local issuer certificate
> * Closing connection
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> More details here: https://curl.se/docs/sslcerts.html
> <https://curl.se/docs/sslcerts.html>
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
>
>
> $ curl -Iv https://cygwin.com/ <https://cygwin.com/>
> * Host cygwin.com:443 <http://cygwin.com:443> was resolved.
> * IPv6: (none)
> * IPv4: 8.43.85.97
> * Trying 8.43.85.97:443...
> * Connected to cygwin.com <http://cygwin.com> (8.43.85.97) port 443
> * ALPN: curl offers h2,http/1.1
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> * CApath: none
> * TLSv1.3 (IN), TLS handshake, Server hello (2):
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (OUT), TLS alert, unknown CA (560):
> * SSL certificate problem: unable to get local issuer certificate
> * Closing connection
> curl: (60) SSL certificate problem: unable to get local issuer certificate
> More details here: https://curl.se/docs/sslcerts.html
> <https://curl.se/docs/sslcerts.html>
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
>
> And the logs are complete:
>
> $ cat /var/log/setup.log.full
> 2024/03/19 19:07:02 Starting cygwin install, version 2.931
> 2024/03/19 19:07:02 User has backup/restore rights
> 2024/03/19 19:07:02 User has symlink creation right
> 2024/03/19 19:07:02 Current Directory: C:\cygwin64\mypackages
> Could not open service McShield for query, start and stop. McAfee may not be
> installed, or we don't have access.
> 2024/03/19 19:07:04 source: network install
> 2024/03/19 19:07:04 root: C:\cygwin64 system
> 2024/03/19 19:07:04 Changing gid to Administrators
> 2024/03/19 19:07:05 Selected local directory: C:\cygwin64\mypackages
> 2024/03/19 19:07:06 net: Preconfig
> Loaded cached mirror list
> User-Agent: default is "Cygwin-Setup/2.931 (Windows NT
> 10.0.22631;Win64;0c0a;SymLinkPriv)"
> Request for URL https://cygwin.com/mirrors.lst
<https://cygwin.com/mirrors.lst>
> satisfied from cache
> Fetched URL: https://cygwin.com/mirrors.lst <https://cygwin.com/mirrors.lst>
> 2024/03/19 19:07:07 site: https://cygwin.mirror.constant.com/
> <https://cygwin.mirror.constant.com/>
> Request for URL https://cygwin.mirror.constant.com/x86_64/setup.zst.sig
> <https://cygwin.mirror.constant.com/x86_64/setup.zst.sig> satisfied from cache
> Fetched URL: https://cygwin.mirror.constant.com/x86_64/setup.zst.sig
> <https://cygwin.mirror.constant.com/x86_64/setup.zst.sig>
> Request for URL https://cygwin.mirror.constant.com/x86_64/setup.zst
> <https://cygwin.mirror.constant.com/x86_64/setup.zst> satisfied from cache
> Fetched URL: https://cygwin.mirror.constant.com/x86_64/setup.zst
> <https://cygwin.mirror.constant.com/x86_64/setup.zst>
> signature: sig_type 0, pk_alg 1, hash_alg 8
> signature: tried key cygwin, returned 0x00000000 Success
> .ini setup_version is 2.931, our setup_version is 2.931
> INSTALLED.DB version 3
> 2024/03/19 19:07:09 solving: 0 tasks, update: yes, use test packages: no
> libsolv: solver started
> libsolv: dosplitprovides=0, noupdateprovide=0, noinfarchcheck=0
> libsolv: allowuninstall=0, allowdowngrade=0, allownamechange=1,
> allowarchchange=0, allowvendorchange=1
> libsolv: dupallowdowngrade=1, dupallownamechange=1, dupallowarchchange=1,
> dupallowvendorchange=1
> libsolv: promoteepoch=0, forbidselfconflicts=0
> libsolv: obsoleteusesprovides=0, implicitobsoleteusesprovides=0,
> obsoleteusescolors=0, implicitobsoleteusescolors=0
> libsolv: dontinstallrecommended=0, addalreadyrecommended=0
> onlynamespacerecommended=0
> libsolv: number of solvables: 55538, memory used: 3037 K
> libsolv: number of ids: 28164 + 55442
> libsolv: string memory used: 110 K array + 480 K data, rel memory used: 649
K array
> libsolv: string hash memory: 256 K, rel hash memory : 512 K
> libsolv: provide ids: 11844
> libsolv: provide space needed: 41607 + 110884
> libsolv: shrunk whatprovidesdata from 41607 to 41542
> libsolv: shrunk whatprovidesauxdata from 41607 to 29760
> libsolv: whatprovides memory used: 330 K id array, 595 K data
> libsolv: whatprovidesaux memory used: 110 K id array, 116 K data
> libsolv: WARNING: pool_addfileprovides was not called, this may result in slow
> operation
> libsolv: lazywhatprovidesq size: 0 entries
> libsolv: createwhatprovides took 0 ms
> libsolv: obsoletes data: 1 entries
> libsolv: added 2281 pkg rules for installed solvables
> libsolv: added 27 pkg rules for updaters of installed solvables
> libsolv: added 0 pkg rules for packages involved in a job
> libsolv: added 0 pkg rules because of weak dependencies
> libsolv: 438 of 27701 installable solvables considered for solving
> libsolv: pruned rules from 2309 to 2309
> libsolv: binary: 1008
> libsolv: normal: 1300, 11666 literals
> libsolv: pkg rule memory used: 54 K
> libsolv: pkg rule creation took 0 ms
> libsolv: choice rule creation took 0 ms
> libsolv: 2308 pkg rules, 2 * 104 update rules, 0 job rules, 0 infarch rules, 0
> dup rules, 0 choice rules, 0 best rules, 0 yumobs rules
> libsolv: 0 black rules, 0 recommends rules, 0 repo priority rules
> libsolv: overall rule memory used: 58 K
> libsolv: solving...
> libsolv: resolving job rules
> libsolv: resolving installed packages
> libsolv: deciding orphaned packages
> libsolv: solver statistics: 0 learned rules, 0 unsolvable, 0 minimization
steps
> libsolv: done solving.
> libsolv: solver took 0 ms
> libsolv: final solver statistics: 0 problems, 0 learned rules, 0 unsolvable
> libsolv: solver_solve took 0 ms
> libsolv:
> libsolv: transaction:
> libsolv:
> libsolv: orphaned packages:
> libsolv: base-0.0-0.any (kept)
> libsolv: _windows-10.0.22631.any (kept)
> libsolv:
> libsolv: ordering transaction
> libsolv: transaction elements: 0
> 2024/03/19 19:07:31 solving: 2 tasks, update: no, use test packages: no
> libsolv: solver started
> libsolv: dosplitprovides=0, noupdateprovide=0, noinfarchcheck=0
> libsolv: allowuninstall=0, allowdowngrade=0, allownamechange=1,
> allowarchchange=0, allowvendorchange=1
> libsolv: dupallowdowngrade=1, dupallownamechange=1, dupallowarchchange=1,
> dupallowvendorchange=1
> libsolv: promoteepoch=0, forbidselfconflicts=0
> libsolv: obsoleteusesprovides=0, implicitobsoleteusesprovides=0,
> obsoleteusescolors=0, implicitobsoleteusescolors=0
> libsolv: dontinstallrecommended=0, addalreadyrecommended=0
> onlynamespacerecommended=0
> libsolv: obsoletes data: 1 entries
> libsolv: added 0 pkg rules for installed solvables
> libsolv: added 0 pkg rules for updaters of installed solvables
> libsolv: added 0 pkg rules for packages involved in a job
> libsolv: added 0 pkg rules because of weak dependencies
> libsolv: 438 of 27701 installable solvables considered for solving
> libsolv: pkg rule memory used: 54 K
> libsolv: pkg rule creation took 0 ms
> libsolv: choice rule creation took 0 ms
> libsolv: 2308 pkg rules, 2 * 104 update rules, 0 job rules, 0 infarch rules, 0
> dup rules, 0 choice rules, 0 best rules, 0 yumobs rules
> libsolv: 0 black rules, 0 recommends rules, 0 repo priority rules
> libsolv: overall rule memory used: 58 K
> libsolv: solving...
> libsolv: resolving job rules
> libsolv: resolving installed packages
> libsolv: deciding orphaned packages
> libsolv: solver statistics: 0 learned rules, 0 unsolvable, 0 minimization
steps
> libsolv: done solving.
> libsolv: solver took 0 ms
> libsolv: final solver statistics: 0 problems, 0 learned rules, 0 unsolvable
> libsolv: solver_solve took 0 ms
> libsolv:
> libsolv: transaction:
> libsolv:
> libsolv: orphaned packages:
> libsolv: base-0.0-0.any (kept)
> libsolv: _windows-10.0.22631.any (kept)
> libsolv:
> libsolv: ordering transaction
> libsolv: transaction elements: 0
> 2024/03/19 19:07:31 Augmented Transaction List:
> 2024/03/19 19:07:31 0 erase ca-certificates
2023.2.62_v7.0.401-2
> 2024/03/19 19:07:31 1 install ca-certificates
2023.2.62_v7.0.401-2
> 2024/03/19 19:07:31 2 erase ca-certificates-letsencrypt
2023.2.62_v7.0.401-2
> 2024/03/19 19:07:31 3 install ca-certificates-letsencrypt
2023.2.62_v7.0.401-2
> Checking SHA512 for
> file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
>
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-2023.2.62_v7.0.401-2.tar.zst
> SHA512 verified OK:
> file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
>
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-2023.2.62_v7.0.401-2.tar.zst
c321fe270a76dab4318eda354e4e067b715b9fca9ea8dfe792132be6665603f6012ff37250b0a2445764433f8918cbfd92bfe8a51ca76f427f2a00cf6fbe8283
> Checking SHA512 for
> file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
>
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-letsencrypt/ca-certificates-letsencrypt-2023.2.62_v7.0.401-2.tar.zst
> SHA512 verified OK:
> file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
>
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-letsencrypt/ca-certificates-letsencrypt-2023.2.62_v7.0.401-2.tar.zst
dd6d200957aac18959e5495490923a752c1c4fc4f5040107620f5472ce5b902b8480096b1b5eb25a44aa2c79ec543f45cf5dfb7c7b76cf7997b8a74343ec5eac
> 2024/03/19 19:07:34 Registry value set:
> HKEY_LOCAL_MACHINE\Software\Cygwin\setup\rootdir = "C:\cygwin64"
> Running preremove script for ca-certificates
> 2024/03/19 19:07:34 running: C:\cygwin64\bin\bash.exe --norc --noprofile
> "/etc/preremove/ca-certificates.sh"
> Running preremove script for ca-certificates-letsencrypt
> 2024/03/19 19:07:35 running: C:\cygwin64\bin\bash.exe --norc --noprofile
> "/etc/preremove/ca-certificates-letsencrypt.sh"
> 2024/03/19 19:07:37 Uninstalling ca-certificates
> unlink C:\cygwin64/etc/defaults/etc/pki/ca-trust/ca-legacy.conf
> unlink C:\cygwin64/etc/pki/ca-trust/extracted/edk2/cacerts.bin
> unlink C:\cygwin64/etc/pki/ca-trust/extracted/edk2/README
> unlink C:\cygwin64/etc/pki/ca-trust/extracted/java/cacerts
> unlink C:\cygwin64/etc/pki/ca-trust/extracted/java/README
> unlink C:\cygwin64/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> unlink C:\cygwin64/etc/pki/ca-trust/extracted/openssl/README
> unlink C:\cygwin64/etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
> unlink C:\cygwin64/etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
> unlink C:\cygwin64/etc/pki/ca-trust/extracted/pem/README
> unlink C:\cygwin64/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> unlink C:\cygwin64/etc/pki/ca-trust/extracted/README
> unlink C:\cygwin64/etc/pki/ca-trust/source/README
> unlink C:\cygwin64\bin/ca-legacy
> unlink C:\cygwin64\bin/update-ca-trust
> unlink C:\cygwin64/usr/share/man/man8/ca-legacy.8.gz
> unlink C:\cygwin64/usr/share/man/man8/update-ca-trust.8.gz
> unlink C:\cygwin64/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt
> unlink C:\cygwin64/usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt
> unlink C:\cygwin64/usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit
> unlink C:\cygwin64/usr/share/pki/ca-trust-source/README
> unlink C:\cygwin64/etc/pki/tls/cert.pem
> unlink C:\cygwin64/etc/pki/tls/certs/ca-bundle.crt
> unlink C:\cygwin64/etc/pki/tls/certs/ca-bundle.trust.crt
> unlink C:\cygwin64/etc/ssl/certs
> unlink C:\cygwin64/usr/libexec/p11-kit/trust-extract-compat
> unlink C:\cygwin64\lib/security/cacerts
> rmdir C:\cygwin64/usr/share/pki/ca-trust-source/blacklist
> rmdir C:\cygwin64/usr/share/pki/ca-trust-source/anchors
> rmdir C:\cygwin64/usr/share/pki/ca-trust-source
> rmdir C:\cygwin64/usr/share/pki/ca-trust-legacy
> rmdir C:\cygwin64\lib/security
> rmdir C:\cygwin64/etc/ssl
> rmdir C:\cygwin64/etc/pki/tls/certs
> rmdir C:\cygwin64/etc/pki/ca-trust/source/blacklist
> rmdir C:\cygwin64/etc/pki/ca-trust/source/anchors
> rmdir C:\cygwin64/etc/pki/ca-trust/extracted/openssl
> rmdir C:\cygwin64/etc/pki/ca-trust/extracted/java
> rmdir C:\cygwin64/etc/pki/ca-trust/extracted/edk2
> rmdir C:\cygwin64/etc/defaults/etc/pki/ca-trust
> 2024/03/19 19:07:37 Uninstalling ca-certificates-letsencrypt
> unlink C:\cygwin64/usr/share/pki/letsencrypt/isrg-intermediate-r3.pem
> unlink C:\cygwin64/usr/share/pki/letsencrypt/isrg-root-x1.pem
> unlink C:\cygwin64/usr/share/pki/letsencrypt/isrg-root-x2.pem
> unlink C:\cygwin64/usr/share/pki/letsencrypt/README
> unlink C:\cygwin64/usr/share/pki/letsencrypt/trustid-root-x3.pem
> rmdir C:\cygwin64/usr/share/pki/letsencrypt
> rmdir C:\cygwin64/usr/share/pki
> 2024/03/19 19:07:37 Extracting from
> file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
>
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-2023.2.62_v7.0.401-2.tar.zst
> Installing file cygfile:///etc/defaults/etc/pki/ca-trust/ca-legacy.conf
> Installing file cygfile:///etc/pki/ca-trust/
> Installing file cygfile:///etc/pki/ca-trust/extracted/
> Installing file cygfile:///etc/pki/ca-trust/extracted/edk2/
> Installing file cygfile:///etc/pki/ca-trust/extracted/edk2/cacerts.bin
> Installing file cygfile:///etc/pki/ca-trust/extracted/edk2/README
> Installing file cygfile:///etc/pki/ca-trust/extracted/java/
> Installing file cygfile:///etc/pki/ca-trust/extracted/java/cacerts
> Installing file cygfile:///etc/pki/ca-trust/extracted/java/README
> Installing file cygfile:///etc/pki/ca-trust/extracted/openssl/
> Installing file
cygfile:///etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
> Installing file cygfile:///etc/pki/ca-trust/extracted/openssl/README
> Installing file cygfile:///etc/pki/ca-trust/extracted/pem/
> Installing file cygfile:///etc/pki/ca-trust/extracted/pem/email-ca-bundle.pem
> Installing file
cygfile:///etc/pki/ca-trust/extracted/pem/objsign-ca-bundle.pem
> Installing file cygfile:///etc/pki/ca-trust/extracted/pem/README
> Installing file cygfile:///etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> Installing file cygfile:///etc/pki/ca-trust/extracted/README
> Installing file cygfile:///etc/pki/ca-trust/source/
> Installing file cygfile:///etc/pki/ca-trust/source/anchors/
> Installing file cygfile:///etc/pki/ca-trust/source/blacklist/
> Installing file cygfile:///etc/pki/ca-trust/source/README
> Installing file cygfile:///etc/postinstall/ca-certificates.sh
> Installing file cygfile:///etc/preremove/ca-certificates.sh
> Installing file cygfile:///usr/bin/ca-legacy
> Installing file cygfile:///usr/bin/update-ca-trust
> Installing file cygfile:///usr/libexec/p11-kit/
> Installing file cygfile:///usr/share/man/man8/ca-legacy.8.gz
> Installing file cygfile:///usr/share/man/man8/update-ca-trust.8.gz
> Installing file cygfile:///usr/share/pki/ca-trust-legacy/
> Installing file
> cygfile:///usr/share/pki/ca-trust-legacy/ca-bundle.legacy.default.crt
> Installing file
> cygfile:///usr/share/pki/ca-trust-legacy/ca-bundle.legacy.disable.crt
> Installing file cygfile:///usr/share/pki/ca-trust-source/
> Installing file cygfile:///usr/share/pki/ca-trust-source/anchors/
> Installing file cygfile:///usr/share/pki/ca-trust-source/blacklist/
> Installing file
cygfile:///usr/share/pki/ca-trust-source/ca-bundle.trust.p11-kit
> Installing file cygfile:///usr/share/pki/ca-trust-source/README
> Installing file cygfile:///etc/pki/tls/cert.pem
> io_stream::mklink
>
(cygfile:///etc/pki/tls/cert.pem->cygfile:///etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem)
> Installing file cygfile:///etc/pki/tls/certs/ca-bundle.crt
> io_stream::mklink
>
(cygfile:///etc/pki/tls/certs/ca-bundle.crt->cygfile:///etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem)
> Installing file cygfile:///etc/pki/tls/certs/ca-bundle.trust.crt
> io_stream::mklink
>
(cygfile:///etc/pki/tls/certs/ca-bundle.trust.crt->cygfile:///etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt)
> Installing file cygfile:///etc/ssl/certs
> io_stream::mklink (cygfile:///etc/ssl/certs->cygfile:///etc/pki/tls/certs)
> Installing file cygfile:///usr/libexec/p11-kit/trust-extract-compat
> io_stream::mklink
>
(cygfile:///usr/libexec/p11-kit/trust-extract-compat->cygfile://../../bin/update-ca-trust)
> Installing file cygfile:///usr/lib/security/cacerts
> io_stream::mklink
>
(cygfile:///usr/lib/security/cacerts->cygfile:///etc/pki/ca-trust/extracted/java/cacerts)
> 2024/03/19 19:07:37 Extracting from
> file://C:\cygwin64\mypackages/https%3a%2f%2fcygwin.mirror.constant.com
>
<http://2fcygwin.mirror.constant.com>%2f/noarch/release/ca-certificates/ca-certificates-letsencrypt/ca-certificates-letsencrypt-2023.2.62_v7.0.401-2.tar.zst
> Installing file cygfile:///etc/postinstall/ca-certificates-letsencrypt.sh
> Installing file cygfile:///etc/preremove/ca-certificates-letsencrypt.sh
> Installing file cygfile:///usr/share/pki/letsencrypt/
> Installing file cygfile:///usr/share/pki/letsencrypt/isrg-intermediate-r3.pem
> Installing file cygfile:///usr/share/pki/letsencrypt/isrg-root-x1.pem
> Installing file cygfile:///usr/share/pki/letsencrypt/isrg-root-x2.pem
> Installing file cygfile:///usr/share/pki/letsencrypt/README
> Installing file cygfile:///usr/share/pki/letsencrypt/trustid-root-x3.pem
> Visited: 102 nodes out of 11806 while creating dependency order.
> Dependency order of packages: terminfo zlib0 libzstd1 libgcc1 libncursesw10
> libreadline7 libintl8 libiconv2 bash cygwin dash _autorebase alternatives
> base-cygwin libattr1 libgmp10 tzdata tzcode coreutils findutils sed base-files
> libbz2_1 bzip2 libffi6 libp11-kit0 p11-kit libtasn1_6 p11-kit-trust
> ca-certificates ca-certificates-letsencrypt crypto-policies libbrotlicommon1
> libbrotlidec1 libgpg-error0 libgcrypt20 libgsasl-common libcom_err2
> libkrb5support0 libk5crypto3 libkrb5_3 libgssapi_krb5_2 libidn12 libntlm0
> libgsasl18 libidn2_0 libnghttp2_14 libcrypt2 libstdc++6 libdb5.3 libssl3
> libssl1.1 libopenldap2_4_2 libsasl2_3 libopenldap2 libunistring5
> publicsuffix-list-dafsa libpsl5 libssh2_1 libcurl4 curl libpopt-common
libpopt0
> cygutils diffutils editrights liblzma5 file libmpfr6 gawk libargp getent
> libpcre2_8_0 grep libuchardet0 groff gzip hostname info ipc-utils libpcre1
less
> libuuid1 libblkid1 libfdisk1 libgdbm6 liblz4_1 libpipeline1 libsmartcols1
login
> util-linux man-db mintty ncurses openssl rebase run xz zstd tar vim-minimal
which
> 2024/03/19 19:07:37 running: C:\cygwin64\bin\dash.exe
> "/etc/postinstall/0p_000_autorebase.dash"
> removing /var/cache/rebase/rebase_dyn
> creating empty /var/cache/rebase/rebase_dyn
> Updating rebase information for dynamic language modules/libraries
> /var/cache/rebase/rebase_dyn.
> removing /var/cache/rebase/rebase_dyn_exe
> creating empty /var/cache/rebase/rebase_dyn_exe
> Updating rebase information for user-defined executables
> /var/cache/rebase/rebase_dyn_exe.
> removing /var/cache/rebase/rebase_pkg
> creating empty /var/cache/rebase/rebase_pkg
> Updating package information in /var/cache/rebase/rebase_pkg.
> from /etc/setup/alternatives.lst.gz
> from /etc/setup/base-cygwin.lst.gz
> from /etc/setup/base-files.lst.gz
> from /etc/setup/bash.lst.gz
> from /etc/setup/bzip2.lst.gz
> from /etc/setup/ca-certificates-letsencrypt.lst.gz
> from /etc/setup/ca-certificates.lst.gz
> from /etc/setup/coreutils.lst.gz
> from /etc/setup/crypto-policies.lst.gz
> from /etc/setup/curl.lst.gz
> from /etc/setup/cygutils.lst.gz
> from /etc/setup/cygwin.lst.gz
> from /etc/setup/dash.lst.gz
> from /etc/setup/diffutils.lst.gz
> from /etc/setup/editrights.lst.gz
> from /etc/setup/file.lst.gz
> from /etc/setup/findutils.lst.gz
> from /etc/setup/gawk.lst.gz
> from /etc/setup/getent.lst.gz
> from /etc/setup/grep.lst.gz
> from /etc/setup/groff.lst.gz
> from /etc/setup/gzip.lst.gz
> from /etc/setup/hostname.lst.gz
> from /etc/setup/info.lst.gz
> from /etc/setup/ipc-utils.lst.gz
> from /etc/setup/less.lst.gz
> from /etc/setup/libargp.lst.gz
> from /etc/setup/libattr1.lst.gz
> from /etc/setup/libblkid1.lst.gz
> from /etc/setup/libbrotlicommon1.lst.gz
> from /etc/setup/libbrotlidec1.lst.gz
> from /etc/setup/libbz2_1.lst.gz
> from /etc/setup/libcom_err2.lst.gz
> from /etc/setup/libcrypt2.lst.gz
> from /etc/setup/libcurl4.lst.gz
> from /etc/setup/libdb5.3.lst.gz
> from /etc/setup/libfdisk1.lst.gz
> from /etc/setup/libffi6.lst.gz
> from /etc/setup/libgcc1.lst.gz
> from /etc/setup/libgcrypt20.lst.gz
> from /etc/setup/libgdbm6.lst.gz
> from /etc/setup/libgmp10.lst.gz
> from /etc/setup/libgpg-error0.lst.gz
> from /etc/setup/libgsasl-common.lst.gz
> from /etc/setup/libgsasl18.lst.gz
> from /etc/setup/libgssapi_krb5_2.lst.gz
> from /etc/setup/libiconv2.lst.gz
> from /etc/setup/libidn12.lst.gz
> from /etc/setup/libidn2_0.lst.gz
> from /etc/setup/libintl8.lst.gz
> from /etc/setup/libk5crypto3.lst.gz
> from /etc/setup/libkrb5support0.lst.gz
> from /etc/setup/libkrb5_3.lst.gz
> from /etc/setup/liblz4_1.lst.gz
> from /etc/setup/liblzma5.lst.gz
> from /etc/setup/libmpfr6.lst.gz
> from /etc/setup/libncursesw10.lst.gz
> from /etc/setup/libnghttp2_14.lst.gz
> from /etc/setup/libntlm0.lst.gz
> from /etc/setup/libopenldap2.lst.gz
> from /etc/setup/libopenldap2_4_2.lst.gz
> from /etc/setup/libp11-kit0.lst.gz
> from /etc/setup/libpcre1.lst.gz
> from /etc/setup/libpcre2_8_0.lst.gz
> from /etc/setup/libpipeline1.lst.gz
> from /etc/setup/libpopt-common.lst.gz
> from /etc/setup/libpopt0.lst.gz
> from /etc/setup/libpsl5.lst.gz
> from /etc/setup/libreadline7.lst.gz
> from /etc/setup/libsasl2_3.lst.gz
> from /etc/setup/libsmartcols1.lst.gz
> from /etc/setup/libssh2_1.lst.gz
> from /etc/setup/libssl1.1.lst.gz
> from /etc/setup/libssl3.lst.gz
> from /etc/setup/libstdc++6.lst.gz
> from /etc/setup/libtasn1_6.lst.gz
> from /etc/setup/libuchardet0.lst.gz
> from /etc/setup/libunistring5.lst.gz
> from /etc/setup/libuuid1.lst.gz
> from /etc/setup/libzstd1.lst.gz
> from /etc/setup/login.lst.gz
> from /etc/setup/man-db.lst.gz
> from /etc/setup/mintty.lst.gz
> from /etc/setup/ncurses.lst.gz
> from /etc/setup/openssl.lst.gz
> from /etc/setup/p11-kit-trust.lst.gz
> from /etc/setup/p11-kit.lst.gz
> from /etc/setup/publicsuffix-list-dafsa.lst.gz
> from /etc/setup/rebase.lst.gz
> from /etc/setup/run.lst.gz
> from /etc/setup/sed.lst.gz
> from /etc/setup/tar.lst.gz
> from /etc/setup/terminfo.lst.gz
> from /etc/setup/tzcode.lst.gz
> from /etc/setup/tzdata.lst.gz
> from /etc/setup/util-linux.lst.gz
> from /etc/setup/vim-minimal.lst.gz
> from /etc/setup/which.lst.gz
> from /etc/setup/xz.lst.gz
> from /etc/setup/zlib0.lst.gz
> from /etc/setup/zstd.lst.gz
> from /etc/setup/_autorebase.lst.gz
> removing /var/cache/rebase/rebase_lst
> creating empty /var/cache/rebase/rebase_lst
> Updating rebase information for installed dynamic objects in
> /var/cache/rebase/rebase_lst.
> Updating rebase information for installed executables in
> /var/cache/rebase/rebase_exe.
> Rebasing with list /var/cache/rebase/rebase_all, built from
> /var/cache/rebase/rebase_dyn /var/cache/rebase/rebase_lst.
> 2024/03/19 19:07:39 running: C:\cygwin64\bin\dash.exe
> "/etc/postinstall/0p_update-info-dir.dash"
> 2024/03/19 19:07:39 running: C:\cygwin64\bin\bash.exe --norc --noprofile
> "/etc/postinstall/ca-certificates.sh"
> 2024/03/19 19:07:41 running: C:\cygwin64\bin\bash.exe --norc --noprofile
> "/etc/postinstall/ca-certificates-letsencrypt.sh"
> 2024/03/19 19:07:43 running: C:\cygwin64\bin\dash.exe
> "/etc/postinstall/zp_man-db-update-index.dash"
> ManDB index not available.
> Program directory for program link: C:\ProgramData\Microsoft\Windows\Start
> Menu\Programs
> Desktop directory for desktop link: C:\Users\Public\Desktop
> Program directory for program link: C:\ProgramData\Microsoft\Windows\Start
> Menu\Programs/Cygwin
> Desktop directory for desktop link: C:\Users\Public\Desktop
> 2024/03/19 19:07:48 note: Installation Complete
> 2024/03/19 19:07:48 Ending cygwin install
What happens when you try Achim's openssl test:
$ openssl s_client -connect cygwin.com:443
and ldd (or cygcheck):
$ ldd /usr/bin/curl
ntdll.dll => /cygdrive/c/WINDOWS/SYSTEM32/ntdll.dll (0x7ffadca50000)
KERNEL32.DLL => /cygdrive/c/WINDOWS/System32/KERNEL32.DLL
(0x7ffadb6d0000)
KERNELBASE.dll => /cygdrive/c/WINDOWS/System32/KERNELBASE.dll
(0x7ffada490000)
cygz.dll => /usr/bin/cygz.dll (0x597fd0000)
cygcurl-4.dll => /usr/bin/cygcurl-4.dll (0x482aa0000)
cygwin1.dll => /usr/bin/cygwin1.dll (0x7ffaca810000)
cygbrotlidec-1.dll => /usr/bin/cygbrotlidec-1.dll (0x42f930000)
cygcrypto-3.dll => /usr/bin/cygcrypto-3.dll (0x5e01a0000)
cyggsasl-18.dll => /usr/bin/cyggsasl-18.dll (0x5d9200000)
cyggssapi_krb5-2.dll => /usr/bin/cyggssapi_krb5-2.dll (0x3d4300000)
cygidn2-0.dll => /usr/bin/cygidn2-0.dll (0x484880000)
cygldap-2.dll => /usr/bin/cygldap-2.dll (0x41c390000)
cyglber-2.dll => /usr/bin/cyglber-2.dll (0x478820000)
cygpsl-5.dll => /usr/bin/cygpsl-5.dll (0x5d5880000)
cygssl-3.dll => /usr/bin/cygssl-3.dll (0x4ad080000)
cygzstd-1.dll => /usr/bin/cygzstd-1.dll (0x3a6b30000)
cygssh2-1.dll => /usr/bin/cygssh2-1.dll (0x458bf0000)
cygbrotlicommon-1.dll => /usr/bin/cygbrotlicommon-1.dll (0x4678a0000)
cygk5crypto-3.dll => /usr/bin/cygk5crypto-3.dll (0x3b8240000)
cyggcrypt-20.dll => /usr/bin/cyggcrypt-20.dll (0x4a4450000)
cygiconv-2.dll => /usr/bin/cygiconv-2.dll (0x38e6a0000)
cygintl-8.dll => /usr/bin/cygintl-8.dll (0x5ee2d0000)
cygkrb5-3.dll => /usr/bin/cygkrb5-3.dll (0x3b80b0000)
cygkrb5support-0.dll => /usr/bin/cygkrb5support-0.dll (0x3b8090000)
cygcom_err-2.dll => /usr/bin/cygcom_err-2.dll (0x3de3c0000)
cygidn-12.dll => /usr/bin/cygidn-12.dll (0x50a910000)
cygntlm-0.dll => /usr/bin/cygntlm-0.dll (0x3b58f0000)
cygunistring-5.dll => /usr/bin/cygunistring-5.dll (0x385080000)
cygcrypto-1.1.dll => /usr/bin/cygcrypto-1.1.dll (0x41c650000)
cyggcc_s-seh-1.dll => /usr/bin/cyggcc_s-seh-1.dll (0x50caa0000)
cyggpg-error-0.dll => /usr/bin/cyggpg-error-0.dll (0x3d55b0000)
cygnghttp2-14.dll => /usr/bin/cygnghttp2-14.dll (0x5ba920000)
cygsasl2-3.dll => /usr/bin/cygsasl2-3.dll (0x3ae480000)
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
