ok mestre@
On 19:07 Wed 01 Nov , Scott Cheloha wrote:
> Hi,
>
> The following (and similar invocations) gets SIGABRT'd:
>
> openssl s_time -connect openbsd.org:443
>
> BIO_set_conn_hostname(3), or whatever BIO_ctrl(3) is doing
> underneath, tries to resolve your target host and the process
> gets signaled when it enters socket(2).
>
> Adding "dns" to the pledge(2) promise corrects this.
>
> It looks like this has been broken since ~2015 but I have no
> release machines handy to confirm.
>
> --
> Scott Cheloha
>
> Index: usr.bin/openssl/s_time.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/openssl/s_time.c,v
> retrieving revision 1.17
> diff -u -p -r1.17 s_time.c
> --- usr.bin/openssl/s_time.c 20 Jan 2017 08:57:12 -0000 1.17
> +++ usr.bin/openssl/s_time.c 1 Nov 2017 23:30:23 -0000
> @@ -254,7 +254,7 @@ s_time_main(int argc, char **argv)
> int ver;
>
> if (single_execution) {
> - if (pledge("stdio rpath inet", NULL) == -1) {
> + if (pledge("stdio rpath inet dns", NULL) == -1) {
> perror("pledge");
> exit(1);
> }
>
