Re: fetch(1) fails with https:// - Authentication error

From: Fabian Keil <freebsd-listen_at_fabiankeil.de>
Date: Sun, 15 Jul 2012 13:51:22 +0200
Doug Barton <dougb_at_FreeBSD.org> wrote:

> On 07/13/2012 21:21, Jan Beich wrote:
> > It seems recent OpenSSL update broke fetch(1) for me.
> > 
> >   $ diff -u $SRC_BASE/crypto/openssl/apps/openssl.cnf /etc/ssl/openssl.cnf
> >   $ fetch https://foo/bar
> >   fetch: https://foo/bar: Authentication error
> > 
> > Same error as with the patch for 1.0.0d from a year ago and
> > same workaround - s/SSLv23_client_method/SSLv3_client_method/.
> 
> FWIW, I have a gcc world and I'm not seeing this problem with r238444:
> 
> fetch https://www.isc.org/
> fetch: https://www.isc.org/: size of remote file is not known
> fetch.out                                               33 kB  227 kBps

I have a gcc world too, but while https://www.isc.org/ worked for
me as well, using others I got the same behaviour as Jan:

fk_at_r500 ~ $fetch -o /dev/null https://lists.sourceforge.net
fetch: https://lists.sourceforge.net: Authentication error

For some I got an additional error message:

fk_at_r500 ~ $fetch -o /dev/null https://www.google.com
34382938280:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1811:
fetch: https://www.google.com: Authentication error

Letting libfetch use SSLv3_client_method instead of SSLv23_client_method
as suggested worked around the issue for me as well.

Fabian

Received on Sun Jul 15 2012 - 09:54:02 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:29 UTC