"Todd T. Fries" <t...@fries.net> writes: > To demonstrate: > > openssl s_client -connect www.google.com:443
Heh. > A fix, probably not the full or correct one: ok jca@ do_accept(), in s_socket.c calls gethostbyaddr, then gethostbyname if the former fails... > Index: openssl.c > =================================================================== > RCS file: /cvs/src/usr.bin/openssl/openssl.c,v > retrieving revision 1.19 > diff -u -p -u -r1.19 openssl.c > --- openssl.c 17 Oct 2015 07:51:10 -0000 1.19 > +++ openssl.c 20 Nov 2015 06:06:47 -0000 > @@ -438,7 +438,7 @@ main(int argc, char **argv) > arg.data = NULL; > arg.count = 0; > > - if (pledge("stdio inet rpath wpath cpath proc flock tty", NULL) == -1) { > + if (pledge("stdio inet rpath wpath cpath proc flock tty dns", NULL) == > -1) { > fprintf(stderr, "openssl: pledge: %s\n", strerror(errno)); > exit(1); > } > Index: s_client.c > =================================================================== > RCS file: /cvs/src/usr.bin/openssl/s_client.c,v > retrieving revision 1.23 > diff -u -p -u -r1.23 s_client.c > --- s_client.c 17 Oct 2015 15:00:11 -0000 1.23 > +++ s_client.c 20 Nov 2015 06:06:47 -0000 > @@ -365,7 +365,7 @@ s_client_main(int argc, char **argv) > long socket_mtu = 0; > > if (single_execution) { > - if (pledge("stdio inet rpath wpath cpath tty", NULL) == -1) { > + if (pledge("stdio inet rpath wpath cpath tty dns", NULL) == -1) > { > perror("pledge"); > exit(1); > } -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE