Created attachment 217476 [details] Backported patch from 1.9 development Go 1.15 has changed certificate handling which has broken the certificates syncthing self-generates for each host. Clients running Go 1.15 & Syncthing 1.8.0 will now error for every connecting host: Bad certificate from <client> at [<client-v6-ip>]:22000-[<client-v6-ip>]:22000/tcp-client/TLS1.3-TLS_AES_128_GCM_SHA256: x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0 Upstream have fixed this bug in this issue: https://github.com/syncthing/syncthing/issues/6867 The fix will be a part of the upcoming 1.90 release but in the interim 1.80 is currently broken with Go 1.15 (which are both the current versions in the ports tree). I have backported the fix and it does apply and build cleanly on 1.80. Build log to follow.
Created attachment 217477 [details] Poudriere build log Can also confirm, that the fix does work with 1.8.0
A commit references this bug: Author: swills Date: Mon Aug 24 17:50:39 UTC 2020 New revision: 546103 URL: https://svnweb.freebsd.org/changeset/ports/546103 Log: net/syncthing: fix SSL errors due to Go 1.15 behaviour change PR: 248867 Submitted by: James French <james@french.id.au> Changes: head/net/syncthing/Makefile head/net/syncthing/files/patch-syncthing_lib_api_api.go head/net/syncthing/files/patch-syncthing_lib_api_api__test.go head/net/syncthing/files/patch-syncthing_lib_connections_service.go head/net/syncthing/files/patch-syncthing_lib_tlsutil_tlsutil.go
Committed, thanks!