From owner-freebsd-bugs@FreeBSD.ORG Sat Sep 8 02:40:10 2012 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8B7D1106564A for ; Sat, 8 Sep 2012 02:40:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 75C3F8FC08 for ; Sat, 8 Sep 2012 02:40:10 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q882eAJ0055525 for ; Sat, 8 Sep 2012 02:40:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q882eAgt055511; Sat, 8 Sep 2012 02:40:10 GMT (envelope-from gnats) Date: Sat, 8 Sep 2012 02:40:10 GMT Message-Id: <201209080240.q882eAgt055511@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Mark Johnston Cc: Subject: Re: bin/171402: fetch(1): Authentication error or Segmentation fault on HTTPS:// URLs X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Mark Johnston List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Sep 2012 02:40:10 -0000 The following reply was made to PR bin/171402; it has been noted by GNATS. From: Mark Johnston To: bug-followup@FreeBSD.org, ohartman@zedat.fu-berlin.de Cc: Subject: Re: bin/171402: fetch(1): Authentication error or Segmentation fault on HTTPS:// URLs Date: Fri, 7 Sep 2012 22:33:54 -0400 This is interesting. I was confused when this issue was reported on freebsd-current yesterday, as I couldn't reproduce it - fetch(1)ing https://launchdpad.net works fine for me on -CURRENT. Moreover, no errors from libssl were getting printed: libfetch is supposed to print them when one of the calls in fetch_ssl() fails. I also don't see the segfault, but I do get an authentication error with fetch(1) for the sourceforge page, which I suppose is to be expected. So I think it would be good to add a flag to libfetch which tells openSSL to bypass certificate verification - it would just need to call SSL_set_verify(ctx, SSL_VERIFY_NONE, NULL); at the appropriate spot. Then I saw "CLANG built" above. I tried rebuilding fetch(1)'s libraries using clang and eventually narrowed it down to libmd: if it's built with clang, I get an authentication error for lanchpad.net, and a segfault with lists.sourceforge.net. Haven't looked into what's actually going on though. -Mark