From 16118478e6d18be3fba0fdee3c2bfbcf1eeae73f Mon Sep 17 00:00:00 2001 From: Martin Vahlensieck Date: Fri, 12 Mar 2021 17:08:15 +0100 Subject: Use correct port when redirected If server redirects from http to https, libfetch detects this, but wrongly uses the old url scheme to determine the port. This subsequently leads to the following OpenSSL error: 139741541575496:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:331: Using the new scheme fixes this. This error message comes from trying to connect to port 80 with TLS, it can also be observed by issuing $ openssl s_client -connect alpinelinux.org:80 This bug was introduced in commit: 7158474 libfetch: keep http auth only if redirect is for the same host (cherry picked from commit 63d05ee450c1a810cc33f7dfad9d660f993a9d1c) --- libfetch/http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libfetch/http.c b/libfetch/http.c index 8239313..e3d8d53 100644 --- a/libfetch/http.c +++ b/libfetch/http.c @@ -1065,7 +1065,7 @@ http_request(struct url *URL, const char *op, struct url_stat *us, goto ouch; } if (!new->port) - new->port = fetch_default_port(url->scheme); + new->port = fetch_default_port(new->scheme); if (!new->user[0] && !new->pwd[0] && new->port == url->port && strcmp(new->scheme, url->scheme) == 0 && -- cgit v1.2.3-70-g09d2