Re: pkgin doesn't work with https and proxy

[Ryota Ozaki <ozaki-r%netbsd.org@localhost>]

On Fri, Apr 5, 2024 at 7:03 PM Martin Husemann <martin%duskware.de@localhost> wrote:
>
> On Fri, Apr 05, 2024 at 10:50:20AM +0100, Jonathan Perkin wrote:
> > > ftp(1) command can fetch pkg_summary.gz under the same environment:
> >
> > I don't believe ftp checks certificates, at least by default.
>
> The ftp(1) in NetBSD 10.0 does validate the certificates, so the openssl
> setup (and certificates) must be working.
>
> > > The version of pkgin:
> > >
> > >  netbsd10# pkgin -v
> > >  pkgin 23.8.1 (using SQLite 3.26.0)
> >
> > Oh, that's strange.  That version of pkgin doesn't even perform validation.
> > I guess this is a libfetch issue on NetBSD, or the SSL errors above aren't
> > related to verification.
>
> It works for me (on NetBSD 10.0) with pkgin 23.8.1 (using SQLite 3.26.0)
> from the repository at https://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/x86_64/10.0/All

nonaka@n.o has provided me with a patch for libfetch (at the end of the mail).
The patch works for me, though I don't know if it is appropriate or not.

  ozaki-r

Index: net/libfetch/files/http.c
===================================================================
RCS file: /cvsroot/pkgsrc/net/libfetch/files/http.c,v
retrieving revision 1.42
diff -u -p -r1.42 http.c
--- net/libfetch/files/http.c  23 Aug 2022 17:48:53 -0000  1.42
+++ net/libfetch/files/http.c  5 Apr 2024 05:39:39 -0000
@@ -765,10 +765,12 @@ http_connect(struct url *URL, struct url
      goto ouch;
    }
    /* Read and discard the rest of the proxy response */
+#if 0
    if (fetch_getln(conn) < 0) {
      fetch_syserr();
      goto ouch;
    }
+#endif
    do {
      switch ((h = http_next_header(conn, &p))) {
      case hdr_syserror: