Received: from asave01.hostfactory.ch (asave01.hostfactory.ch [185.117.170.1]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 3FDB378187F for <~alpine/apk-tools@lists.alpinelinux.org>; Fri, 12 Mar 2021 16:43:38 +0000 (UTC) Received: from server24.hostfactory.ch ([185.117.169.70]) by asave01.hostfactory.ch with esmtps (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from ) id 1lKkQQ-0007d9-JM for ~alpine/apk-tools@lists.alpinelinux.org; Fri, 12 Mar 2021 17:14:07 +0100 Received: from localhost.localdomain (204.255.2.85.dynamic.wline.res.cust.swisscom.ch [85.2.255.204]) (Authenticated sender: git@academicsolutions.ch) by server24.hostfactory.ch (Postfix) with ESMTPSA id DFAEB1598C8; Fri, 12 Mar 2021 17:14:05 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=academicsolutions.ch; s=default; t=1615565646; bh=9evaHC0WhYeQVfYv3bGpgZ2Bk2IPvw2e/1wPxsIMKUo=; h=From:To:Subject; b=YmTngQGjpXdsMcBIpn5eciTdPknGFqaTetul5HDt1dH6i4dZojeTsFHLcmJnvUobA 6E+VQ/+jVdhuC2POG42gNxbmsuuvKpDvqHlww9Yqpde/wTy54tanjOpYU9KjB6+urg 31ejPDCFZOLn3b6DSIzFRi0Gn1fxLc4WvGS63WTU= From: Martin Vahlensieck To: ~alpine/apk-tools@lists.alpinelinux.org Cc: Martin Vahlensieck Subject: [PATCH] Use correct port when redirected Date: Fri, 12 Mar 2021 17:08:15 +0100 Message-Id: <20210312160814.12698-1-git@academicsolutions.ch> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-PPP-Message-ID: <161556564610.25894.9396440176674480004@server24.hostfactory.ch> X-PPP-Vhost: academicsolutions.ch X-Originating-IP: 185.117.169.70 X-SpamExperts-Domain: outboundprotection.hostfactory.ch X-SpamExperts-Username: 185.117.169.70 Authentication-Results: hostfactory.ch; auth=pass smtp.auth=185.117.169.70@outboundprotection.hostfactory.ch X-SpamExperts-Outgoing-Class: ham X-SpamExperts-Outgoing-Evidence: Combined (0.01) X-Recommended-Action: accept X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT8FWrO3HqdlXnBFlcG+Ilk6PUtbdvnXkggZ 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5xo4X77ebOs+pzH3MCMUlz/F9BjJS9VFT4OUDeiXrBdtGSP RAsdfVBMiyjVaQpVT9Tnx8yeplRO3sLIqUlSH7OGUukd2S+4kDl9tCvpq1JnjAAR1U8NZVeNqG94 Q4F1VDXcyUrIYcOtb6n06kgUtpo+omcYBQWOD+7Sz57zfCmT1abhl3nfFY6HnhCoLl8na5Fx5Lqu AkPj+6G5vKRDV1a8BDqP4+FM1yPT0U9y1IYkq8UNJ3zHia9ev1LELrc7u4MuZhFjf8Av63NVdLQS rrkWvRkWzsAgaWolxIxCj2GHto6atsxaFkWS/KO9ggVt7y11v0HCq9Ij3WgoQoezM+scaWWR7drM d0qbJIo1RVCXie2VXGdtLyog7ui50fJvZPULIGbDAHSHtWpzd0q5uxWPU+KWbwff0x1IVJh39/Qi gotvma6b3EBdJpLcoo+1NldZmKn34aF52Y+iQvwPe+G9R3h6rYa/1N6NSLkvhqucKrzsv6k4z7T+ 02vsixLkgyM4a4yB7L70Y8kDs69uRT3/w3qNhf+deQvJCdEKHScH65hRrOZZqMOoDs1PwmznbNIB IkUL/j1Y48GvmeURQjjElbEByNLuDTuDDDYPrCz4WUoLldE6gvbeQcfbAZNCT7nBOi5DQkX9fIB9 QQIQM7IxRo9kaNuB34RYL/6bXNhzCpoptfnNqCAy6iV3NCsGbTks6Os7DAYjeQq7TkmcOW/uOdYp OQ4l9s9RfSWxuJRfATUY/Fjk+X5OHs+PjF7D2nG3BVCHfLHjvALPk7LdLeYzzueqazIGcIJ6MQjL 2VRTRWemVUeDApVxf5YOi1uPfTGd9Wpl6sUimYGiBY+4OKCAInbsa8+fSh7Xca+VYXr2csOpyKA6 9LF1Ge2GaGfxmfok3HHNBD+Q07NP/6q5MkfjORtr6KNRLojZajkVxIDqLO+lktICveMHMC0YGFkc CxSvI0KHSwxdd65eai0KhaGTQylSOYO7VD1+BV0/up9HXVgHWhk20UexQhrQ0nWBNd141bSpTgYW 5aE/aen1Mc0YUa+pVa9j/xZ58PP779QhLDEvuGslKTrRIXcXpFg5ivY= X-Report-Abuse-To: spam@asave01.hostfactory.ch --- Long story short: The mirror I usually use has added a redirect from http to https. libfetch detects this, but wrongly uses the old url scheme to determine the port. This subsequently leads to the following OpenSSL error: 139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331: Using the new scheme fixes this. This error message comes from trying to connect to port 80 with TLS, it can also be observed by issuing $ openssl s_client -connect alpinelinux.org:80 This bug was introduced in commit 7158474 libfetch: keep http auth only if redirect is for the same host Best, Martin libfetch/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libfetch/http.c b/libfetch/http.c index 8239313..e3d8d53 100644 --- a/libfetch/http.c +++ b/libfetch/http.c @@ -1065,7 +1065,7 @@ http_request(struct url *URL, const char *op, struct url_stat *us, goto ouch; } if (!new->port) - new->port = fetch_default_port(url->scheme); + new->port = fetch_default_port(new->scheme); if (!new->user[0] && !new->pwd[0] && new->port == url->port && strcmp(new->scheme, url->scheme) == 0 && -- 2.30.2