Hi, The following (and similar invocations) gets SIGABRT'd:
openssl s_time -connect openbsd.org:443 BIO_set_conn_hostname(3), or whatever BIO_ctrl(3) is doing underneath, tries to resolve your target host and the process gets signaled when it enters socket(2). Adding "dns" to the pledge(2) promise corrects this. It looks like this has been broken since ~2015 but I have no release machines handy to confirm. -- Scott Cheloha Index: usr.bin/openssl/s_time.c =================================================================== RCS file: /cvs/src/usr.bin/openssl/s_time.c,v retrieving revision 1.17 diff -u -p -r1.17 s_time.c --- usr.bin/openssl/s_time.c 20 Jan 2017 08:57:12 -0000 1.17 +++ usr.bin/openssl/s_time.c 1 Nov 2017 23:30:23 -0000 @@ -254,7 +254,7 @@ s_time_main(int argc, char **argv) int ver; if (single_execution) { - if (pledge("stdio rpath inet", NULL) == -1) { + if (pledge("stdio rpath inet dns", NULL) == -1) { perror("pledge"); exit(1); }