Date: Sat, 8 Sep 2012 02:40:10 GMT From: Mark Johnston <markjdb@gmail.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/171402: fetch(1): Authentication error or Segmentation fault on HTTPS:// URLs Message-ID: <201209080240.q882eAgt055511@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/171402; it has been noted by GNATS. From: Mark Johnston <markjdb@gmail.com> To: bug-followup@FreeBSD.org, ohartman@zedat.fu-berlin.de Cc: Subject: Re: bin/171402: fetch(1): Authentication error or Segmentation fault on HTTPS:// URLs Date: Fri, 7 Sep 2012 22:33:54 -0400 This is interesting. I was confused when this issue was reported on freebsd-current yesterday, as I couldn't reproduce it - fetch(1)ing https://launchdpad.net works fine for me on -CURRENT. Moreover, no errors from libssl were getting printed: libfetch is supposed to print them when one of the calls in fetch_ssl() fails. I also don't see the segfault, but I do get an authentication error with fetch(1) for the sourceforge page, which I suppose is to be expected. So I think it would be good to add a flag to libfetch which tells openSSL to bypass certificate verification - it would just need to call SSL_set_verify(ctx, SSL_VERIFY_NONE, NULL); at the appropriate spot. Then I saw "CLANG built" above. I tried rebuilding fetch(1)'s libraries using clang and eventually narrowed it down to libmd: if it's built with clang, I get an authentication error for lanchpad.net, and a segfault with lists.sourceforge.net. Haven't looked into what's actually going on though. -Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209080240.q882eAgt055511>