From owner-freebsd-current@FreeBSD.ORG Sun Jul 15 11:54:02 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EE2F51065672 for ; Sun, 15 Jul 2012 11:54:02 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de [80.67.31.30]) by mx1.freebsd.org (Postfix) with ESMTP id A89328FC0A for ; Sun, 15 Jul 2012 11:54:02 +0000 (UTC) Received: from [87.79.194.63] (helo=fabiankeil.de) by smtprelay03.ispgateway.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from ) id 1SqNMF-0003Pf-4v for freebsd-current@freebsd.org; Sun, 15 Jul 2012 13:51:27 +0200 Date: Sun, 15 Jul 2012 13:51:22 +0200 From: Fabian Keil To: freebsd-current@freebsd.org Message-ID: <20120715135122.541856e3@fabiankeil.de> In-Reply-To: <500243B1.1010705@FreeBSD.org> References: <1SpuD9-0006kw-6D@internal.tormail.org> <500243B1.1010705@FreeBSD.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/WvJeCXb8B5lra1AJaoAab6J"; protocol="application/pgp-signature" X-Df-Sender: Nzc1MDY3 Subject: Re: fetch(1) fails with https:// - Authentication error X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-current@freebsd.org List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jul 2012 11:54:03 -0000 --Sig_/WvJeCXb8B5lra1AJaoAab6J Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Doug Barton wrote: > On 07/13/2012 21:21, Jan Beich wrote: > > It seems recent OpenSSL update broke fetch(1) for me. > >=20 > > $ diff -u $SRC_BASE/crypto/openssl/apps/openssl.cnf /etc/ssl/openssl.= cnf > > $ fetch https://foo/bar > > fetch: https://foo/bar: Authentication error > >=20 > > Same error as with the patch for 1.0.0d from a year ago and > > same workaround - s/SSLv23_client_method/SSLv3_client_method/. >=20 > FWIW, I have a gcc world and I'm not seeing this problem with r238444: >=20 > fetch https://www.isc.org/ > fetch: https://www.isc.org/: size of remote file is not known > fetch.out 33 kB 227 kBps I have a gcc world too, but while https://www.isc.org/ worked for me as well, using others I got the same behaviour as Jan: fk@r500 ~ $fetch -o /dev/null https://lists.sourceforge.net fetch: https://lists.sourceforge.net: Authentication error For some I got an additional error message: fk@r500 ~ $fetch -o /dev/null https://www.google.com 34382938280:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature= :/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1811: fetch: https://www.google.com: Authentication error Letting libfetch use SSLv3_client_method instead of SSLv23_client_method as suggested worked around the issue for me as well. Fabian --Sig_/WvJeCXb8B5lra1AJaoAab6J Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlACrr4ACgkQBYqIVf93VJ0fLgCePOxk4NNev84Bh2lrLGYmz+l0 NOQAn3SIhlJe/ivcQnn0X0eOFDDrjK9d =ZzZW -----END PGP SIGNATURE----- --Sig_/WvJeCXb8B5lra1AJaoAab6J--