From nobody Fri Mar 29 05:31:33 2024 Received: from asave01.hostfactory.ch (asave01.hostfactory.ch [185.117.170.1]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 3FDB378187F for <~alpine/apk-tools@lists.alpinelinux.org>; Fri, 12 Mar 2021 16:43:38 +0000 (UTC) Received: from server24.hostfactory.ch ([185.117.169.70]) by asave01.hostfactory.ch with esmtps (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from ) id 1lKkQQ-0007d9-JM for ~alpine/apk-tools@lists.alpinelinux.org; Fri, 12 Mar 2021 17:14:07 +0100 Received: from localhost.localdomain (204.255.2.85.dynamic.wline.res.cust.swisscom.ch [85.2.255.204]) (Authenticated sender: git@academicsolutions.ch) by server24.hostfactory.ch (Postfix) with ESMTPSA id DFAEB1598C8; Fri, 12 Mar 2021 17:14:05 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=academicsolutions.ch; s=default; t=1615565646; bh=9evaHC0WhYeQVfYv3bGpgZ2Bk2IPvw2e/1wPxsIMKUo=; h=From:To:Subject; b=YmTngQGjpXdsMcBIpn5eciTdPknGFqaTetul5HDt1dH6i4dZojeTsFHLcmJnvUobA 6E+VQ/+jVdhuC2POG42gNxbmsuuvKpDvqHlww9Yqpde/wTy54tanjOpYU9KjB6+urg 31ejPDCFZOLn3b6DSIzFRi0Gn1fxLc4WvGS63WTU= From: Martin Vahlensieck To: ~alpine/apk-tools@lists.alpinelinux.org Cc: Martin Vahlensieck Subject: [PATCH] Use correct port when redirected Date: Fri, 12 Mar 2021 17:08:15 +0100 Message-Id: <20210312160814.12698-1-git@academicsolutions.ch> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-PPP-Message-ID: <161556564610.25894.9396440176674480004@server24.hostfactory.ch> X-PPP-Vhost: academicsolutions.ch X-Originating-IP: 185.117.169.70 X-SpamExperts-Domain: outboundprotection.hostfactory.ch X-SpamExperts-Username: 185.117.169.70 Authentication-Results: hostfactory.ch; auth=pass smtp.auth=185.117.169.70@outboundprotection.hostfactory.ch X-SpamExperts-Outgoing-Class: ham X-SpamExperts-Outgoing-Evidence: Combined (0.01) X-Recommended-Action: accept X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT8FWrO3HqdlXnBFlcG+Ilk6PUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5xo4X77ebOs+pzH3MCMUlz/F9BjJS9VFT4OUDeiXrBdtGSP RAsdfVBMiyjVaQpVT9Tnx8yeplRO3sLIqUlSH7OGUukd2S+4kDl9tCvpq1JnjAAR1U8NZVeNqG94 Q4F1VDXcyUrIYcOtb6n06kgUtpo+omcYBQWOD+7Sz57zfCmT1abhl3nfFY6HnhCoLl8na5Fx5Lqu AkPj+6G5vKRDV1a8BDqP4+FM1yPT0U9y1IYkq8UNJ3zHia9ev1LELrc7u4MuZhFjf8Av63NVdLQS rrkWvRkWzsAgaWolxIxCj2GHto6atsxaFkWS/KO9ggVt7y11v0HCq9Ij3WgoQoezM+scaWWR7drM d0qbJIo1RVCXie2VXGdtLyog7ui50fJvZPULIGbDAHSHtWpzd0q5uxWPU+KWbwff0x1IVJh39/Qi gotvma6b3EBdJpLcoo+1NldZmKn34aF52Y+iQvwPe+G9R3h6rYa/1N6NSLkvhqucKrzsv6k4z7T+ 02vsixLkgyM4a4yB7L70Y8kDs69uRT3/w3qNhf+deQvJCdEKHScH65hRrOZZqMOoDs1PwmznbNIB IkUL/j1Y48GvmeURQjjElbEByNLuDTuDDDYPrCz4WUoLldE6gvbeQcfbAZNCT7nBOi5DQkX9fIB9 QQIQM7IxRo9kaNuB34RYL/6bXNhzCpoptfnNqCAy6iV3NCsGbTks6Os7DAYjeQq7TkmcOW/uOdYp OQ4l9s9RfSWxuJRfATUY/Fjk+X5OHs+PjF7D2nG3BVCHfLHjvALPk7LdLeYzzueqazIGcIJ6MQjL 2VRTRWemVUeDApVxf5YOi1uPfTGd9Wpl6sUimYGiBY+4OKCAInbsa8+fSh7Xca+VYXr2csOpyKA6 9LF1Ge2GaGfxmfok3HHNBD+Q07NP/6q5MkfjORtr6KNRLojZajkVxIDqLO+lktICveMHMC0YGFkc CxSvI0KHSwxdd65eai0KhaGTQylSOYO7VD1+BV0/up9HXVgHWhk20UexQhrQ0nWBNd141bSpTgYW 5aE/aen1Mc0YUa+pVa9j/xZ58PP779QhLDEvuGslKTrRIXcXpFg5ivY= X-Report-Abuse-To: spam@asave01.hostfactory.ch --- Long story short: The mirror I usually use has added a redirect from http to https. libfetch detects this, but wrongly uses the old url scheme to determine the port. This subsequently leads to the following OpenSSL error: 139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331: Using the new scheme fixes this. This error message comes from trying to connect to port 80 with TLS, it can also be observed by issuing $ openssl s_client -connect alpinelinux.org:80 This bug was introduced in commit 7158474 libfetch: keep http auth only if redirect is for the same host Best, Martin libfetch/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libfetch/http.c b/libfetch/http.c index 8239313..e3d8d53 100644 --- a/libfetch/http.c +++ b/libfetch/http.c @@ -1065,7 +1065,7 @@ http_request(struct url *URL, const char *op, struct url_stat *us, goto ouch; } if (!new->port) - new->port = fetch_default_port(url->scheme); + new->port = fetch_default_port(new->scheme); if (!new->user[0] && !new->pwd[0] && new->port == url->port && strcmp(new->scheme, url->scheme) == 0 && -- 2.30.2 From nobody Fri Mar 29 05:31:33 2024 Received: from mail-lf1-f41.google.com (mail-lf1-f41.google.com [209.85.167.41]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 447E678105B for <~alpine/apk-tools@lists.alpinelinux.org>; Sat, 13 Mar 2021 10:54:17 +0000 (UTC) Received: by mail-lf1-f41.google.com with SMTP id v2so36394060lft.9 for <~alpine/apk-tools@lists.alpinelinux.org>; Sat, 13 Mar 2021 02:54:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FJG/p2WVnAL4798LY3UeiJ7SQAUzvljGyBMK5notgQw=; b=S/Qbz9FfmS8CTxLu+f55WXq/LsmF6RIz6YI6cBxSkkUiHxDVYgE8uWxjVZBkSbHFom RDRD4s9hlLmU2zNL1x1ayBJNikvdcH5BiFIGz+RtlW8DiMWOzzLtVGcOc23y4VMaXQM6 1J+9cBdhpduq17PFGarvllyyPU+DcqBUPUq9iL1GISCPfSVIG08SxjAFULPeha/1mnEk PsAb5GkjvobDW7G0Cx5/5f9nMNdA/Bp2C9PCfvBJQiLWbXjlMVjBSQ4DJGxI2FjcOrqV BOM4JS4h5ybCfAdPnBJPJTJAY62JLXCrSKbIm5KAas4vq/3/Z5ueyUoW8NGFMTtD+p7t TtoA== X-Gm-Message-State: AOAM530SoIHHTp2aiaWho9nfm6KUMNMugueN9ZSSbje6MVeGKg+ECgw4 aYLcoEL5ZX0QSGILDB3A+Jo= X-Google-Smtp-Source: ABdhPJyCuqOjGIlRUOET8KaF1IGWtwAwJqx9QM4b2LW3laJeggoTZqgUlnjl8E+raui4TEgbfLGDig== X-Received: by 2002:ac2:4465:: with SMTP id y5mr2267033lfl.70.1615632856425; Sat, 13 Mar 2021 02:54:16 -0800 (PST) Received: from vostro (87-92-171-188.rev.dnainternet.fi. [87.92.171.188]) by smtp.gmail.com with ESMTPSA id u10sm2008461lfl.111.2021.03.13.02.54.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 13 Mar 2021 02:54:16 -0800 (PST) Date: Sat, 13 Mar 2021 12:54:13 +0200 From: Timo Teras To: Martin Vahlensieck Cc: ~alpine/apk-tools@lists.alpinelinux.org Subject: Re: [PATCH] Use correct port when redirected Message-ID: <20210313125413.01d1c625@vostro> In-Reply-To: <20210312160814.12698-1-git@academicsolutions.ch> References: <20210312160814.12698-1-git@academicsolutions.ch> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-alpine-linux-musl) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi! Thanks for chasing the issue down, and providing a fix. Applied! Timo On Fri, 12 Mar 2021 17:08:15 +0100 Martin Vahlensieck wrote: > --- > Long story short: The mirror I usually use has added a redirect from > http to https. libfetch detects this, but wrongly uses the old url > scheme to determine the port. This subsequently leads to the > following OpenSSL error: > > 139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong > version number:ssl/record/ssl3_record.c:331: > > Using the new scheme fixes this. This error message comes from trying > to connect to port 80 with TLS, it can also be observed by issuing > $ openssl s_client -connect alpinelinux.org:80 > > This bug was introduced in commit > 7158474 libfetch: keep http auth only if redirect is for the same host > > Best, > > Martin > > libfetch/http.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libfetch/http.c b/libfetch/http.c > index 8239313..e3d8d53 100644 > --- a/libfetch/http.c > +++ b/libfetch/http.c > @@ -1065,7 +1065,7 @@ http_request(struct url *URL, const char *op, > struct url_stat *us, goto ouch; > } > if (!new->port) > - new->port = > fetch_default_port(url->scheme); > + new->port = > fetch_default_port(new->scheme); if (!new->user[0] && !new->pwd[0] && > new->port == url->port && > strcmp(new->scheme, url->scheme) > == 0 &&