~alpine/apk-tools

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[PATCH] Use correct port when redirected

Martin Vahlensieck <git@academicsolutions.ch>
Details
Message ID
<20210312160814.12698-1-git@academicsolutions.ch>
DKIM signature
missing
Download raw message
Patch: +1 -1
---
Long story short:  The mirror I usually use has added a redirect from
http to https.  libfetch detects this, but wrongly uses the old url
scheme to determine the port.  This subsequently leads to the following
OpenSSL error:

139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:

Using the new scheme fixes this.  This error message comes from trying
to connect to port 80 with TLS, it can also be observed by issuing
  $ openssl s_client -connect alpinelinux.org:80

This bug was introduced in commit
7158474 libfetch: keep http auth only if redirect is for the same host

Best,

Martin

 libfetch/http.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libfetch/http.c b/libfetch/http.c
index 8239313..e3d8d53 100644
--- a/libfetch/http.c
+++ b/libfetch/http.c
@@ -1065,7 +1065,7 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
					goto ouch;
				}
				if (!new->port)
					new->port = fetch_default_port(url->scheme);
					new->port = fetch_default_port(new->scheme);
				if (!new->user[0] && !new->pwd[0] &&
				    new->port == url->port &&
				    strcmp(new->scheme, url->scheme) == 0 &&
-- 
2.30.2
Timo Teras <timo.teras@iki.fi>
Details
Message ID
<20210313125413.01d1c625@vostro>
In-Reply-To
<20210312160814.12698-1-git@academicsolutions.ch> (view parent)
DKIM signature
missing
Download raw message
Hi!

Thanks for chasing the issue down, and providing a fix. Applied!

Timo

On Fri, 12 Mar 2021 17:08:15 +0100
Martin Vahlensieck <git@academicsolutions.ch> wrote:

> ---
> Long story short:  The mirror I usually use has added a redirect from
> http to https.  libfetch detects this, but wrongly uses the old url
> scheme to determine the port.  This subsequently leads to the
> following OpenSSL error:
> 
> 139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong
> version number:ssl/record/ssl3_record.c:331:
> 
> Using the new scheme fixes this.  This error message comes from trying
> to connect to port 80 with TLS, it can also be observed by issuing
>   $ openssl s_client -connect alpinelinux.org:80
> 
> This bug was introduced in commit
> 7158474 libfetch: keep http auth only if redirect is for the same host
> 
> Best,
> 
> Martin
> 
>  libfetch/http.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libfetch/http.c b/libfetch/http.c
> index 8239313..e3d8d53 100644
> --- a/libfetch/http.c
> +++ b/libfetch/http.c
> @@ -1065,7 +1065,7 @@ http_request(struct url *URL, const char *op,
> struct url_stat *us, goto ouch;
>  				}
>  				if (!new->port)
> -					new->port =
> fetch_default_port(url->scheme);
> +					new->port =
> fetch_default_port(new->scheme); if (!new->user[0] && !new->pwd[0] &&
>  				    new->port == url->port &&
>  				    strcmp(new->scheme, url->scheme)
> == 0 &&
Reply to thread Export thread (mbox)