On Wed, Aug 28, 2024 at 01:25:21PM +0200, a1ex@dismail.de wrote:
Hi Rodrigo,
On Tue, 27 Aug 2024 23:09:42 +0200 Rodrigo Arias <rodarima@gmail.com> wrote:
dillo-dev.auriga.wearlab.narkive.com:443
Is this site just broken/misconfigured?
Cannot reproduce with LibreSSL 3.9.2 on Linux. ... Can you test with the latest LibreSSL 3.9.2?
Is this it happening with the proxy enabled? Also, which user agent are you using in curl and Dillo?
It happens with the stock user agent and no proxy, same with curl. I'm running the latest snapshot of OpenBSD, which would have the latest version of LibreSSL.
I don't care about that site, my only worry is that the error can crash Dillo.
If it happens it is a bug on Dillo side as it is not handling all errors, regardless of the site. I would like to reproduce it to fix it.
Certainly. Ideally this should not crash Dillo, no matter how obscure.
What crashes dillo?
This could be an OpenBSD specific issue which wouldn't show up on Linux.
It could be, but I would first reject that is not due to mismatch of versions.
The last LibreSSL as per https://www.libressl.org/ is:
The latest stable release is 3.9.2
Which should be printed in the first lines when starting Dillo:
TLS library: LibreSSL 3.9.2
If it says 3.9.0, then Dillo is not using the last release.
I don't know why it shows that version number instead of the latest one, this is a fresh install of a recent snapshot.
It's a bit unfortunate, but the development release on current openbsd snapshots still has 3.9.0 as the version number. It's complicated... The short story is that we can't crank to 4.0.0 because it would break the build of some important ports (e.g., rust).
Anyway, I installed 3.9.2 from source and built Dillo against that. Now it reports the correct version, but the crash still happens the same.
I guess we would need to hear from some other OpenBSD users to confirm if this a real issue, or if its something whacky on my end.
I do have an older OpenBSD system which uses LibreSSL 3.6.0, and it does not exhibit the problem. But on 3 newer systems here the problem occurs.
Here is an easy way to confirm using only OpenBSD base tools:
$ ftp https://narkive.com/test Trying 149.248.211.108... TLS handshake failure: handshake failed: unexpected EOF
I don't see this: $ ftp https://narkive.com/test Trying 149.248.211.108... Requesting https://narkive.com/test ftp: Error retrieving https://narkive.com/test: 404 Not Found $ nc -cvz narkive.com 443 Connection to narkive.com (149.248.211.108) 443 port [tcp/https] succeeded! TLS handshake negotiated TLSv1.3/TLS_AES_128_GCM_SHA256 with host narkive.com Peer name: narkive.com Subject: /CN=narkive.com Issuer: /C=US/O=Let's Encrypt/CN=R11 Valid From: Fri Jul 26 06:13:58 2024 Valid Until: Thu Oct 24 06:13:57 2024 Cert Hash: SHA256:456275146f4b2e65c16d2432ff87917a4501ddb41dcb158195255c5995abbbf1 OCSP URL: http://r11.o.lencr.org This looks all good from here.
This doesn't happen on any other site that I have seen.
Maybe I should report this to the OpenBSD/LibreSSL people as well, so I'm CC'ing tb@
What is an example of a site that you can't connect to or even crashes?