I think I’ve solved the “22.214.171.124” issue. For reference, here’s the symptom:
$ fossil up
Round-trips: 3 Artifacts sent: 0 received: 2
Pull done, sent: 1326 received: 3599 ip: 126.96.36.199
According to another post on this topic, “188.8.131.52” is some part of the IPv6
header where it overlaps with the destination IP part of the IPv4 header. My
guess is that we’re seeing a sockaddr_in6 being incorrectly cast to sockaddr_in.
Then I had an insight: Fossil allows use of an in-tree version of OpenSSL. On
putting OpenSSL 1.0.2n in compat/openssl and building it with the default
options, the symptom goes away.
…Provided you set SSL_CERT_DIR properly for your platform. For the Raspbian
Stretch box I’m testing this on, that is:
I’ve tried to figure out how to avoid setting that, but my skimming of the
OpenSSL docs, FAQ, and even source doesn’t clue me in, nor do the obvious web
Why doesn’t the OpenSSL config script see that I have a local cert directory
already and use that, and how can I clue it into its location at build time so
I don’t need the environment variable?
Annnnnyway, to get back to the issue, I then queried dpkg for the platform
version of OpenSSL, then went diving into the OpenSSL ChangeLog, looking at
entries made since the 1.1.0f version Raspbian is currently shipping, where I
*) Rewrite of BIO networking library. The BIO library lacked consistent
support of IPv6, and adding it required some more extensive
modifications. This introduces the BIO_ADDR and BIO_ADDRINFO types,
which hold all types of addresses and chains of address information.
It also introduces a new API, with functions like BIO_socket,
BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept.
The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram
have been adapted accordingly.
So, bottom line, it’s a platform bug, for which Fossil has a reasonable
fossil-dev mailing list