MantisBT - NetSurf
View Issue Details
0002583NetSurfAmiga-specificpublic2017-12-10 17:142018-09-10 22:47
ReporterChris Young 
Assigned ToChris Young 
PrioritynormalSeveritymajorReproducibilityalways
StatusconfirmedResolutionopen 
PlatformAmigaOSAmigaOSOS Version3.5
Product Version3.8 
Target Version3.9Fixed in Version 
Fixed in CI build #
Reported in CI build #4250
URL of problem pagehttps://www.howsmyssl.com
Summary0002583: SSL not working in OS3 build
DescriptionSSL is not working in OS3 build since OpenSSL upgrade.
TagsNo tags attached.
Attached Filesdiff openssl.diff (177,615) 2018-07-23 22:01
https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=549&type=bug

Notes
(0001694)
Chris Young   
2017-12-10 17:16   
curl command-line is not working:

curl: (35) error:14195006:SSL routines:tls_construct_cke_ecdhe:EVP lib
(0001699)
Chris Young   
2017-12-11 22:31   
As far as I can tell, this error is being thrown up because evp_pkey_asn1_ctrl() returns <0.
This suggests the problem lies somewhere in the ASN1 code, but I have no idea what I'm looking for.
(0001703)
Chris Young   
2018-01-12 12:41   
Suspect the answer to this might be to upgrade the version of GCC we are using in the toolchain. There is a patched GCC6 here: https://github.com/bebbo/gcc
At the moment, I'm unable to even rebuild the ppc-amigaos toolchain (GCC 5 or 6) due to conflicting autotools dependencies, and m68k-amigaos is stuck on an even older version of binutils, so I'm not going to attempt switching to GCC6 until I at least get it building for ppc-amigaos.
(0001740)
Chris Young   
2018-01-27 17:42   
GCC6 for OS3 here: http://git.netsurf-browser.org/toolchains.git/log/?h=chris/gcc6-os3

Unable to build much as it appears to have some header dependency issue - conflicting gettimeofday in sys/time.h when building libiconv, for example.
(0001743)
Chris Young   
2018-01-29 21:58   
gcc6 build fixed to the extent it now builds working binaries without include errors.

A couple of outstanding issues:
* gcc-ranlib does not delete - this needs to be deleted otherwise libtool tries to use it and it calls our old ranlib with an option that hadn't been invented back then. (rm command in makefile not working)
* locale_t needs fixing - this is a problem with the clib2 includes which Olaf is aware of. (quick fix is to addd typedef void* locale_t to wchar.h)
* openssl e_os.h tries to include netinet/tcp.h - this doesn't exist in clib2, looks like OpenSSL doesn't actually need anything from it anyway. (quick fix is to touch netinet/tcp.h)

Even with this new version of gcc, OpenSSL still doesn't work. New error message is:
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to howsmyssl.com
(0001781)
Chris Young   
2018-07-23 22:01   
Attached diff between our OpenSSL and the one used by AmiSSL (which works), in case the problem is with our patches rather than the compiler.
(0001782)
Chris Young   
2018-07-23 23:10   
Applied a patch which looked important but hasn't resolved this issue (at least from curl; didn't try netsurf). Will need to check file for other patches we might be missing.
(0001783)
Chris Young   
2018-07-24 21:34   
(Last edited: 2018-07-24 21:35)
Can't see anything else important that we're missing :(

(0001844)
Chris Young   
2018-09-09 13:43   
(Last edited: 2018-09-09 13:44)
Turns out that SSL is largely working (netsurf-browser.org domains work with latest CI build), but https://www.howsmyssl.com still gives "unable to fetch document" (as does https://en.wikipedia.org)

So there's something wrong, but it isn't all SSL/TLS as previously thought.

(0001845)
Vincent Sanders   
2018-09-10 21:23   
it is not something as simple as the OS3 port using the default certificate verification prompt code? (which simply says the user refused the certificate)
(0001846)
Chris Young   
2018-09-10 22:47   
I don't think so, as the certificate prompt worked last time I checked and there shouldn't be any reason for those sites to prompt.

Issue History
2017-12-10 17:14Chris YoungNew Issue
2017-12-10 17:14Chris YoungStatusnew => assigned
2017-12-10 17:14Chris YoungAssigned To => Chris Young
2017-12-10 17:16Chris YoungStatusassigned => confirmed
2017-12-10 17:16Chris YoungNote Added: 0001694
2017-12-10 17:16Chris YoungRelationship addedrelated to 0002582
2017-12-10 23:24Chris YoungRelationship deletedrelated to 0002582
2017-12-11 22:31Chris YoungNote Added: 0001699
2018-01-12 12:41Chris YoungNote Added: 0001703
2018-01-27 17:42Chris YoungNote Added: 0001740
2018-01-29 21:58Chris YoungNote Added: 0001743
2018-07-23 22:01Chris YoungFile Added: openssl.diff
2018-07-23 22:01Chris YoungNote Added: 0001781
2018-07-23 23:10Chris YoungNote Added: 0001782
2018-07-24 21:34Chris YoungNote Added: 0001783
2018-07-24 21:35Chris YoungNote Edited: 0001783bug_revision_view_page.php?bugnote_id=1783#r2047
2018-08-28 10:40Vincent SandersTarget Version3.8 => 3.9
2018-09-09 13:43Chris YoungNote Added: 0001844
2018-09-09 13:44Chris YoungNote Edited: 0001844bug_revision_view_page.php?bugnote_id=1844#r2062
2018-09-10 21:23Vincent SandersNote Added: 0001845
2018-09-10 22:47Chris YoungNote Added: 0001846