[Bug 248867] net/syncthing: SSL errors due to Go 1.15 behaviour change

Mon Aug 24 05:36:45 UTC 2020

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=248867

            Bug ID: 248867
           Summary: net/syncthing: SSL errors due to Go 1.15 behaviour
                    change
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: swills at FreeBSD.org
          Reporter: james at french.id.au
             Flags: maintainer-feedback?(swills at FreeBSD.org)
          Assignee: swills at FreeBSD.org

Created attachment 217476
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=217476&action=edit
Backported patch from 1.9 development

Go 1.15 has changed certificate handling which has broken the certificates
syncthing self-generates for each host. Clients running Go 1.15 & Syncthing
1.8.0 will now error for every connecting host:

Bad certificate from <client> at
[<client-v6-ip>]:22000-[<client-v6-ip>]:22000/tcp-client/TLS1.3-TLS_AES_128_GCM_SHA256:
x509: certificate relies on legacy Common Name field, use SANs or temporarily
enable Common Name matching with GODEBUG=x509ignoreCN=0

Upstream have fixed this bug in this issue:
https://github.com/syncthing/syncthing/issues/6867

The fix will be a part of the upcoming 1.90 release but in the interim 1.80 is
currently broken with Go 1.15 (which are both the current versions in the ports
tree). I have backported the fix and it does apply and build cleanly on 1.80.

Build log to follow.

-- 
You are receiving this mail because:
You are the assignee for the bug.