[Bug 286532] pkg-static: An error occured while fetching package: No error

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286532

Franco Fichtner <franco@opnsense.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |franco@opnsense.org

--- Comment #1 from Franco Fichtner <franco@opnsense.org> ---
I've been digging into this the past week as well. There's certainly a factor
here now that vuln.xml is fetched from HTTPS, but the problem appears to be
with pkg-static libcurl fetching over TLS as this also pertains to pkg-statice
invokes of pkg-upgrade as further indicated here.

I've dug a bit deeper and this error in libcurl ends up being unhandled by pkg
integration ("No error"):

https://github.com/freebsd/pkg/blob/main/external/curl/lib/vtls/openssl.c#L4427-L4429

The actual error is:

TLS connect error: error:06880006:asn1 encoding routines::EVP lib


Which indicates a deeper issue in OpenSSL's SSL_connect() function returning 1
instead of zero.

Interestingly enough the non-static version of pkg doesn't appear to suffer
from this and pkg-static only suffers from this in 50% of cases, but if it does
it does not allow to establish any SSL connection during its runtime (contrary
to when it works which works for all fetches during its runtime).

So this looks like an issue specifically tied to static linking into
libcurl/OpenSSL although it seems unlikely libcurl is the immediate culprit of
this considering its wide usage elsewhere.


Cheers,
Franco

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.