NetBSD Problem Report #57124
From www@netbsd.org Tue Dec 20 18:19:17 2022
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 4FDBD1A921F
for <gnats-bugs@gnats.NetBSD.org>; Tue, 20 Dec 2022 18:19:17 +0000 (UTC)
Message-Id: <20221220181845.6FB791A9239@mollari.NetBSD.org>
Date: Tue, 20 Dec 2022 18:18:45 +0000 (UTC)
From: nia@pkgsrc.org
Reply-To: nia@pkgsrc.org
To: gnats-bugs@NetBSD.org
Subject: pkg_add in 10.0_BETA prints "Unknown http error" when accessing NetBSD CDN over HTTPS
X-Send-Pr-Version: www-1.0
>Number: 57124
>Category: bin
>Synopsis: pkg_add in 10.0_BETA prints "Unknown http error" when accessing NetBSD CDN over HTTPS
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Dec 20 18:20:00 +0000 2022
>Closed-Date: Sun Dec 10 20:19:51 +0000 2023
>Last-Modified: Sun Dec 10 20:19:51 +0000 2023
>Originator: nia
>Release:
>Organization:
The NetBSD Foundation
>Environment:
>Description:
pkg_add is struggling to load any packages from cdn.netbsd.org over
HTTPS. This is likely caused by a deficiency in the embedded copy of
libfetch that pkg_install users.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
From: mlelstv@serpens.de (Michael van Elst)
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/57124: pkg_add in 10.0_BETA prints "Unknown http error" when accessing NetBSD CDN over HTTPS
Date: Tue, 20 Dec 2022 18:30:58 -0000 (UTC)
nia@pkgsrc.org writes:
>pkg_add is struggling to load any packages from cdn.netbsd.org over
>HTTPS. This is likely caused by a deficiency in the embedded copy of
>libfetch that pkg_install users.
libfetch in base doesn't know about SNI. I have a tiny patch for this,
but it might be better to update libfetch. It lacks other things and
also doesn't validate SSL certs.
From: Joerg Sonnenberger <joerg@bec.de>
To: gnats-bugs@netbsd.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, nia@pkgsrc.org
Subject: Re: bin/57124: pkg_add in 10.0_BETA prints "Unknown http error" when
accessing NetBSD CDN over HTTPS
Date: Wed, 21 Dec 2022 02:49:18 +0100
Am Tue, Dec 20, 2022 at 06:35:02PM +0000 schrieb Michael van Elst:
> The following reply was made to PR bin/57124; it has been noted by GNATS.
>
> From: mlelstv@serpens.de (Michael van Elst)
> To: gnats-bugs@netbsd.org
> Cc:
> Subject: Re: bin/57124: pkg_add in 10.0_BETA prints "Unknown http error" when accessing NetBSD CDN over HTTPS
> Date: Tue, 20 Dec 2022 18:30:58 -0000 (UTC)
>
> nia@pkgsrc.org writes:
>
> >pkg_add is struggling to load any packages from cdn.netbsd.org over
> >HTTPS. This is likely caused by a deficiency in the embedded copy of
> >libfetch that pkg_install users.
>
> libfetch in base doesn't know about SNI. I have a tiny patch for this,
> but it might be better to update libfetch. It lacks other things and
> also doesn't validate SSL certs.
Yeah, just importing the version from pkgsrc should do that. I haven't
commited SSL certificate validation because it would break every NetBSD
system...
Joerg
State-Changed-From-To: open->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sun, 10 Dec 2023 20:19:51 +0000
State-Changed-Why:
fixed by libfetch/common.c 1.3, pullup-10 #95
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.