Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 05 May 2025 09:02:43 +0000
From:      bugzilla-noreply@freebsd.org
To:        pkg@FreeBSD.org
Subject:   [Bug 286532] pkg-static: An error occured while fetching package: No error
Message-ID:  <bug-286532-32340-AEpzXv63mW@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-286532-32340@https.bugs.freebsd.org/bugzilla/>
References:  <bug-286532-32340@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D286532

Franco Fichtner <franco@opnsense.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |franco@opnsense.org

--- Comment #1 from Franco Fichtner <franco@opnsense.org> ---
I've been digging into this the past week as well. There's certainly a fact=
or
here now that vuln.xml is fetched from HTTPS, but the problem appears to be
with pkg-static libcurl fetching over TLS as this also pertains to pkg-stat=
ice
invokes of pkg-upgrade as further indicated here.

I've dug a bit deeper and this error in libcurl ends up being unhandled by =
pkg
integration ("No error"):

https://github.com/freebsd/pkg/blob/main/external/curl/lib/vtls/openssl.c#L=
4427-L4429

The actual error is:

TLS connect error: error:06880006:asn1 encoding routines::EVP lib


Which indicates a deeper issue in OpenSSL's SSL_connect() function returnin=
g 1
instead of zero.

Interestingly enough the non-static version of pkg doesn't appear to suffer
from this and pkg-static only suffers from this in 50% of cases, but if it =
does
it does not allow to establish any SSL connection during its runtime (contr=
ary
to when it works which works for all fetches during its runtime).

So this looks like an issue specifically tied to static linking into
libcurl/OpenSSL although it seems unlikely libcurl is the immediate culprit=
 of
this considering its wide usage elsewhere.


Cheers,
Franco

--=20
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-286532-32340-AEpzXv63mW>