To demonstrate:
openssl s_client -connect www.google.com:443
A fix, probably not the full or correct one:
Index: openssl.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/openssl.c,v
retrieving revision 1.19
diff -u -p -u -r1.19 openssl.c
--- openssl.c 17 Oct 2015 07:51:10 -0000 1.19
+++ openssl.c 20 Nov 2015 06:06:47 -0000
@@ -438,7 +438,7 @@ main(int argc, char **argv)
arg.data = NULL;
arg.count = 0;
- if (pledge("stdio inet rpath wpath cpath proc flock tty", NULL) == -1) {
+ if (pledge("stdio inet rpath wpath cpath proc flock tty dns", NULL) ==
-1) {
fprintf(stderr, "openssl: pledge: %s\n", strerror(errno));
exit(1);
}
Index: s_client.c
===================================================================
RCS file: /cvs/src/usr.bin/openssl/s_client.c,v
retrieving revision 1.23
diff -u -p -u -r1.23 s_client.c
--- s_client.c 17 Oct 2015 15:00:11 -0000 1.23
+++ s_client.c 20 Nov 2015 06:06:47 -0000
@@ -365,7 +365,7 @@ s_client_main(int argc, char **argv)
long socket_mtu = 0;
if (single_execution) {
- if (pledge("stdio inet rpath wpath cpath tty", NULL) == -1) {
+ if (pledge("stdio inet rpath wpath cpath tty dns", NULL) == -1)
{
perror("pledge");
exit(1);
}
--
Todd Fries .. [email protected]
____________________________________________
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \ 1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113-2169 \ sip:[email protected]
| "..in support of free software solutions." \ sip:[email protected]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt
