Hi, It has been reported to landry and me a pledge problem with the following openssl command:
$ /usr/bin/openssl ocsp -issuer bla.sub+ca -cert bla.crt -url http://ocsp.startssl.com/sub/class2/server/ca -header Host ocsp.startssl.com -respout /tmp/ocsp.rv8rDSvf6f abort (core dumped) and dmesg: openssl(15019): syscall 97 "dns" backtrace at https://gist.github.com/kAworu/dc30ead97d3b44b5cabb67b134362820 After testing, the following diff corrects the problem. OK ? -- Sebastien Marie Index: ocsp.c =================================================================== RCS file: /cvs/src/usr.bin/openssl/ocsp.c,v retrieving revision 1.7 diff -u -p -r1.7 ocsp.c --- ocsp.c 17 Oct 2015 15:00:11 -0000 1.7 +++ ocsp.c 26 Apr 2016 09:08:54 -0000 @@ -147,7 +147,7 @@ ocsp_main(int argc, char **argv) const char *errstr = NULL; if (single_execution) { - if (pledge("stdio inet rpath wpath cpath", NULL) == -1) { + if (pledge("stdio inet dns rpath wpath cpath", NULL) == -1) { perror("pledge"); exit(1); }
