To demonstrate: openssl s_client -connect www.google.com:443
A fix, probably not the full or correct one: Index: openssl.c =================================================================== RCS file: /cvs/src/usr.bin/openssl/openssl.c,v retrieving revision 1.19 diff -u -p -u -r1.19 openssl.c --- openssl.c 17 Oct 2015 07:51:10 -0000 1.19 +++ openssl.c 20 Nov 2015 06:06:47 -0000 @@ -438,7 +438,7 @@ main(int argc, char **argv) arg.data = NULL; arg.count = 0; - if (pledge("stdio inet rpath wpath cpath proc flock tty", NULL) == -1) { + if (pledge("stdio inet rpath wpath cpath proc flock tty dns", NULL) == -1) { fprintf(stderr, "openssl: pledge: %s\n", strerror(errno)); exit(1); } Index: s_client.c =================================================================== RCS file: /cvs/src/usr.bin/openssl/s_client.c,v retrieving revision 1.23 diff -u -p -u -r1.23 s_client.c --- s_client.c 17 Oct 2015 15:00:11 -0000 1.23 +++ s_client.c 20 Nov 2015 06:06:47 -0000 @@ -365,7 +365,7 @@ s_client_main(int argc, char **argv) long socket_mtu = 0; if (single_execution) { - if (pledge("stdio inet rpath wpath cpath tty", NULL) == -1) { + if (pledge("stdio inet rpath wpath cpath tty dns", NULL) == -1) { perror("pledge"); exit(1); } -- Todd Fries .. t...@fries.net ____________________________________________ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | PO Box 16169, Oklahoma City, OK 73113-2169 \ sip:freedae...@ekiga.net | "..in support of free software solutions." \ sip:4052279...@ekiga.net \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt