Bug 248867

Summary: net/syncthing: SSL errors due to Go 1.15 behaviour change
Product: Ports & Packages Reporter: James French <james>
Component: Individual Port(s)Assignee: Steve Wills <swills>
Status: Closed FIXED    
Severity: Affects Many People CC: james
Priority: --- Flags: bugzilla: maintainer-feedback? (swills)
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://github.com/syncthing/syncthing/issues/6867
Attachments:
Description Flags
Backported patch from 1.9 development
none
Poudriere build log none

Description James French 2020-08-24 05:36:44 UTC 
Created attachment 217476 [details]
Backported patch from 1.9 development

Go 1.15 has changed certificate handling which has broken the certificates syncthing self-generates for each host. Clients running Go 1.15 & Syncthing 1.8.0 will now error for every connecting host:

Bad certificate from <client> at [<client-v6-ip>]:22000-[<client-v6-ip>]:22000/tcp-client/TLS1.3-TLS_AES_128_GCM_SHA256: x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0

Upstream have fixed this bug in this issue: https://github.com/syncthing/syncthing/issues/6867

The fix will be a part of the upcoming 1.90 release but in the interim 1.80 is currently broken with Go 1.15 (which are both the current versions in the ports tree). I have backported the fix and it does apply and build cleanly on 1.80.

Build log to follow.
Comment 1 James French 2020-08-24 05:43:10 UTC 
Created attachment 217477 [details]
Poudriere build log

Can also confirm, that the fix does work with 1.8.0
Comment 2 commit-hook freebsd_committer freebsd_triage 2020-08-24 17:51:35 UTC 
A commit references this bug:

Author: swills
Date: Mon Aug 24 17:50:39 UTC 2020
New revision: 546103
URL: https://svnweb.freebsd.org/changeset/ports/546103

Log:
  net/syncthing: fix SSL errors due to Go 1.15 behaviour change

  PR:		248867
  Submitted by:	James French <james@french.id.au>

Changes:
  head/net/syncthing/Makefile
  head/net/syncthing/files/patch-syncthing_lib_api_api.go
  head/net/syncthing/files/patch-syncthing_lib_api_api__test.go
  head/net/syncthing/files/patch-syncthing_lib_connections_service.go
  head/net/syncthing/files/patch-syncthing_lib_tlsutil_tlsutil.go
Comment 3 Steve Wills freebsd_committer freebsd_triage 2020-08-24 18:04:26 UTC 
Committed, thanks!