---
Long story short: The mirror I usually use has added a redirect from
http to https. libfetch detects this, but wrongly uses the old url
scheme to determine the port. This subsequently leads to the following
OpenSSL error:
139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331:
Using the new scheme fixes this. This error message comes from trying
to connect to port 80 with TLS, it can also be observed by issuing
$ openssl s_client -connect alpinelinux.org:80
This bug was introduced in commit
7158474 libfetch: keep http auth only if redirect is for the same host
Best,
Martin
libfetch/http.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libfetch/http.c b/libfetch/http.c
index 8239313..e3d8d53 100644
--- a/libfetch/http.c+++ b/libfetch/http.c
@@ -1065,7 +1065,7 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
goto ouch;
}
if (!new->port)
- new->port = fetch_default_port(url->scheme);+ new->port = fetch_default_port(new->scheme); if (!new->user[0] && !new->pwd[0] &&
new->port == url->port &&
strcmp(new->scheme, url->scheme) == 0 &&
--
2.30.2
Hi!
Thanks for chasing the issue down, and providing a fix. Applied!
Timo
On Fri, 12 Mar 2021 17:08:15 +0100
Martin Vahlensieck <git@academicsolutions.ch> wrote: