Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Jul 2012 13:51:22 +0200
From:      Fabian Keil <freebsd-listen@fabiankeil.de>
To:        freebsd-current@freebsd.org
Subject:   Re: fetch(1) fails with https:// - Authentication error
Message-ID:  <20120715135122.541856e3@fabiankeil.de>
In-Reply-To: <500243B1.1010705@FreeBSD.org>
References:  <1SpuD9-0006kw-6D@internal.tormail.org> <500243B1.1010705@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
--Sig_/WvJeCXb8B5lra1AJaoAab6J
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

Doug Barton <dougb@FreeBSD.org> wrote:

> On 07/13/2012 21:21, Jan Beich wrote:
> > It seems recent OpenSSL update broke fetch(1) for me.
> >=20
> >   $ diff -u $SRC_BASE/crypto/openssl/apps/openssl.cnf /etc/ssl/openssl.=
cnf
> >   $ fetch https://foo/bar
> >   fetch: https://foo/bar: Authentication error
> >=20
> > Same error as with the patch for 1.0.0d from a year ago and
> > same workaround - s/SSLv23_client_method/SSLv3_client_method/.
>=20
> FWIW, I have a gcc world and I'm not seeing this problem with r238444:
>=20
> fetch https://www.isc.org/
> fetch: https://www.isc.org/: size of remote file is not known
> fetch.out                                               33 kB  227 kBps

I have a gcc world too, but while https://www.isc.org/ worked for
me as well, using others I got the same behaviour as Jan:

fk@r500 ~ $fetch -o /dev/null https://lists.sourceforge.net
fetch: https://lists.sourceforge.net: Authentication error

For some I got an additional error message:

fk@r500 ~ $fetch -o /dev/null https://www.google.com
34382938280:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature=
:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1811:
fetch: https://www.google.com: Authentication error

Letting libfetch use SSLv3_client_method instead of SSLv23_client_method
as suggested worked around the issue for me as well.

Fabian

--Sig_/WvJeCXb8B5lra1AJaoAab6J
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlACrr4ACgkQBYqIVf93VJ0fLgCePOxk4NNev84Bh2lrLGYmz+l0
NOQAn3SIhlJe/ivcQnn0X0eOFDDrjK9d
=ZzZW
-----END PGP SIGNATURE-----

--Sig_/WvJeCXb8B5lra1AJaoAab6J--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120715135122.541856e3>