fetch(1) fails with https:// - Authentication error
Fabian Keil
freebsd-listen at fabiankeil.de
Sun Jul 15 11:54:03 UTC 2012
Doug Barton <dougb at FreeBSD.org> wrote:
> On 07/13/2012 21:21, Jan Beich wrote:
> > It seems recent OpenSSL update broke fetch(1) for me.
> >
> > $ diff -u $SRC_BASE/crypto/openssl/apps/openssl.cnf /etc/ssl/openssl.cnf
> > $ fetch https://foo/bar
> > fetch: https://foo/bar: Authentication error
> >
> > Same error as with the patch for 1.0.0d from a year ago and
> > same workaround - s/SSLv23_client_method/SSLv3_client_method/.
>
> FWIW, I have a gcc world and I'm not seeing this problem with r238444:
>
> fetch https://www.isc.org/
> fetch: https://www.isc.org/: size of remote file is not known
> fetch.out 33 kB 227 kBps
I have a gcc world too, but while https://www.isc.org/ worked for
me as well, using others I got the same behaviour as Jan:
fk at r500 ~ $fetch -o /dev/null https://lists.sourceforge.net
fetch: https://lists.sourceforge.net: Authentication error
For some I got an additional error message:
fk at r500 ~ $fetch -o /dev/null https://www.google.com
34382938280:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1811:
fetch: https://www.google.com: Authentication error
Letting libfetch use SSLv3_client_method instead of SSLv23_client_method
as suggested worked around the issue for me as well.
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20120715/117f7c62/signature.pgp
More information about the freebsd-current
mailing list