On 20 Aug 2014, at 11:53 am, David Gwynne <da...@gwynne.id.au> wrote:
> can you fix this? > > Begin forwarded message: > >> From: David Gwynne <da...@gwynne.id.au> >> Subject: ftp, proxies, and https >> Date: 20 August 2014 7:47:27 AEST >> To: guent...@openbsd.org, js...@openbsd.org >> >> ola. do you guys have any idea how i could fix this: >> >> xdlg@eaitbsd56:~$ env >> >> _=/usr/bin/env >> http_proxy=http://proxy.eait.uq.edu.au:8080/ >> HOME=/server/home/xdlg >> PWD=/server/home/xdlg >> ftp_proxy=http://proxy.eait.uq.edu.au:8080/ >> SSH_TTY=/dev/ttyp1 >> SVN_EDITOR=vi >> no_proxy=localhost,.uq.edu.au >> MAIL=/var/mail/xdlg >> SSH_CLIENT=130.102.79.52 39727 22 >> PATH=/opt/local/bin:/opt/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin >> TMUX=/tmp/tmux-1014/default,791,0 >> TMUX_PANE=%0 >> https_proxy=http://proxy.eait.uq.edu.au:8080/ >> TERM=screen >> SHELL=/bin/ksh >> SSH_CONNECTION=130.102.79.52 39727 130.102.76.156 22 >> USER=xdlg >> xdlg@eaitbsd56:~$ ftp >> https://github.com/martine/ninja/archive/v1.5.1/85e13c163d0129216fb382df6a53d11393c4c0c2.tar.gz >> >> Trying 130.102.71.129... >> SSL failure: host `proxy.eait.uq.edu.au' not present in server certificate >> > This patch seems to fix it, with some quick testing (with and without proxy). Index: fetch.c =================================================================== RCS file: /cvs/src/usr.bin/ftp/fetch.c,v retrieving revision 1.126 diff -u -r1.126 fetch.c --- fetch.c 14 Jul 2014 09:26:27 -0000 1.126 +++ fetch.c 20 Aug 2014 02:10:50 -0000 @@ -343,6 +343,12 @@ } path = newline; + } else { +#ifndef SMALL + if (ishttpsurl) { + sslhost = host; + } +#endif /* !SMALL */ } if (isfileurl) { @@ -604,7 +610,7 @@ ressl_error(ssl)); goto cleanup_url_get; } - if (ressl_connect_socket(ssl, s, host) != 0) { + if (ressl_connect_socket(ssl, s, sslhost) != 0) { fprintf(ttyout, "SSL failure: %s\n", ressl_error(ssl)); goto cleanup_url_get; }