928236 – net-misc/curl: rustls_connection_process_new_packets: invalid peer certificate: BadSignature

Bug 928236 - net-misc/curl: rustls_connection_process_new_packets: invalid peer certificate: BadSignature

Summary: net-misc/curl: rustls_connection_process_new_packets: invalid peer certificat...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Matt Jolly

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-03-30 16:32 UTC by Vincent de Phily
Modified:	2024-04-01 03:59 UTC (History)
CC List:	5 users (show)

See Also:	https://github.com/rustls/rustls-ffi/issues/407 https://github.com/curl/curl/issues/13248
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vincent de Phily 2024-03-30 16:32:12 UTC

When curl is built with rustls, I get the following error when trying to `git pull`:

> fatal: unable to access 'https://github.com/gentoo-mirror/gentoo.git/': rustls_connection_process_new_packets: invalid peer certificate: BadSignature

Rebuilding with `USE="openssl -rustls" CURL_SSL=openssl emerge net-misc/curl` works around the issue.

Reproducible: Always

Steps to Reproduce:
1. USE="-openssl rustls" CURL_SSL=rustls emerge net-misc/curl
2. emerge --sync (or other command that ultimately runs curl on a problematic url)



# emerge --info net-misc/curl dev-vcs/git
Portage 3.0.61 (python 3.11.8-final-0, default/linux/amd64/23.0/desktop/plasma/systemd, gcc-13, glibc-2.38-r10, 6.6.13-gentoo-molto x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-6.6.13-gentoo-molto-x86_64-AMD_Ryzen_7_4700U_with_Radeon_Graphics-with-glibc2.38
KiB Mem:    32234368 total,   2383356 free
KiB Swap:    8388604 total,   8057408 free
Timestamp of repository gentoo: Sat, 30 Mar 2024 14:49:05 +0000
Head commit of repository gentoo: b5123c21d2d209919cb2fa9aacbb1c2e86498310

Timestamp of repository guru: Fri, 29 Mar 2024 19:06:09 +0000
Head commit of repository guru: f74c64b56a7d1c65b14542fe46de2700dfc6427a

sh bash 5.1_p16-r6
ld GNU ld (Gentoo 2.41 p5) 2.41.0
app-misc/pax-utils:        1.3.7::gentoo
app-shells/bash:           5.1_p16-r6::gentoo
dev-build/autoconf:        2.13-r8::gentoo, 2.71-r6::gentoo
dev-build/automake:        1.16.5-r2::gentoo
dev-build/cmake:           3.28.3::gentoo
dev-build/libtool:         2.4.7-r4::gentoo
dev-build/make:            4.4.1-r1::gentoo
dev-build/meson:           1.3.2::gentoo
dev-java/java-config:      2.3.3-r1::gentoo
dev-lang/perl:             5.38.2-r2::gentoo
dev-lang/python:           3.11.8_p1::gentoo, 3.12.2_p1::gentoo
dev-lang/rust:             1.76.0-r1::gentoo
sys-apps/baselayout:       2.14-r2::gentoo
sys-apps/sandbox:          2.38::gentoo
sys-apps/systemd:          255.3-r1::gentoo
sys-devel/binutils:        2.41-r5::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/clang:           17.0.6::gentoo
sys-devel/gcc:             13.2.1_p20240210::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-devel/lld:             17.0.6::gentoo
sys-devel/llvm:            17.0.6::gentoo
sys-kernel/linux-headers:  6.6-r1::gentoo (virtual/os-headers)
sys-libs/glibc:            2.38-r10::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/gentoo.git
    priority: -1000
    volatile: False
    sync-git-verify-commit-signature: yes

guru
    location: /var/db/repos/guru
    sync-type: git
    sync-uri: https://github.com/gentoo-mirror/guru.git
    masters: gentoo
    volatile: False

moltonel
    location: /home/work/c/ebuilds
    masters: gentoo
    volatile: True

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE @FREE linux-fw-redistributable no-source-code LSI-tw_cli no-source-code NOSA AVASYS Mellanox-AS-IS PGP-2 Atmel JSON ipw3945 intel-ucode Texinfo-manual LDP-1 UbuntuFontLicense-1.0 mplus-fonts BAEKMUK myspell-en_CA-KevinAtkinson man-pages-posix-2013 CC-BY-SA-1.0 man-pages vlgothic BitstreamVera MaxMind2 CC-PD wxWinFDL-3 CC-SA-1.0 quake1-textures LDP-1a CC-BY-1.0 CC-BY-2.5 GPL-1+ OPL FDL-1.3 CC-BY-SA-2.0 GPL-3 OFL FDL-1.3+ FDL-1.2 FDL-1.2+ CC-BY-SA-4.0 IPAfont CC-BY-2.0 FDL-1.1 OFL-1.1 CC-BY-3.0 CC-BY-SA-3.0 GPL-2+ Free-Art-1.2 CC-BY-SA-2.5 GPL-1 Free-Art-1.3 GPL-3+ GPL-2 Arphic FDL-1.1+ CC-BY-4.0 MIT-0 CNRI LGPL-3 GPL-1+ POSTGRESQL MirOS BSD ZPL LPPL-1.3c EPL-1.0 LGPL-2.1+ W3C HPND 0BSD AGPL-3 MPL-2.0 GPL-3 LGPL-3+ AFL-3.0 Apache-1.1 IPAfont MIT Artistic-2 CPL-1.0 LGPL-2 AGPL-3+ APL-1.0 LGPL-2+ OFL-1.1 CDDL PHP-3 APSL-2 ISC Apache-2.0 EUPL-1.2 Boost-1.0 EUPL-1.1 OSL-2.1 nethack MPL-1.1 QPL-1.0 UoI-NCSA wxWinLL-3 GPL-2+ Ms-RL Unlicense GPL-1 Unicode-DFS-2016 LGPL-2.1 PHP-3.01 ZLIB ECL-2.0 GPL-3+ GPL-2 UPL-1.0 Sleepycat LPL-1.02 EPL-2.0 Ms-PL CPAL-1.0 PSF-2 BSD-2 Artistic MPL-1.0 IBM CeCILL-C CNRI LPPL-1.2 NPL-1.1 EPL-1.0 Zend-2.0 FraunhoferFDK AFL-3.0 AFL-2.1 Apache-1.1 CPL-1.0 CDDL OSL-1.1 APSL-2 QPL-1.0 EUPL-1.1 LPPL-1.3a OSL-2.1 MPL-1.1 LGPL-3-with-linking-exception GPL-2+-with-eCos-exception-2 LGPL-3 FSFAP libgcc Clarified-Artistic GPL-1+ GPL-2-with-MySQL-FLOSS-exception vim BSD ZPL CC0-1.0 Clear-BSD GPL-2-with-linking-exception GPL-3+-with-autoconf-exception HPND LGPL-2.1+ W3C LGPL-2.1-with-linking-exception LGPL-2-with-linking-exception AGPL-3 MPL-2.0 GPL-3 LGPL-3+ GPL-2-with-exceptions GPL-2+-with-Pyinstaller-Bootloader-exception PSF-2.4 tanuki-community GPL-2+-with-openssl-exception UPX-exception GPL-2-with-font-exception SGI-B-2.0 metapackage Transmission-OpenSSL-exception MIT GPL-3+-with-font-exception Artistic-2 LGPL-2 AGPL-3+ LGPL-2+ GPL-3-with-openssl-exception OPENLDAP Apache-2.0-with-LLVM-exceptions Sleepycat ISC Apache-2.0 UoI-NCSA Boost-1.0 GPL-3-with-font-exception Ruby-BSD Ruby libstdc++ GPL-2+ Nokia-Qt-LGPL-Exception-1.1 PYTHON IJG GPL-1 qwt Unicode-DFS-2016 Unlicense GPL-2-with-classpath-exception LGPL-2.1 ZLIB ECL-2.0 GPL-3+ GPL-2 gcc-runtime-library-exception-3.1 UPL-1.0 CeCILL-2 FTL PSF-2 WTFPL-2 BSD-2 public-domain wxWinLL-3.1 OSL-2.0 Ms-RL BSD-4 Apache-1.0 PHP-3.01 gnuplot CeCILL-B openssl LPL-1.02 EPL-2.0 Ms-PL EUPL-1.2 CPAL-1.0 MPL-1.0 IBM pngnq TeX BEER-WARE Toyoda feh CDDL-Schily freetts psutils CAOSL CPL-0.5 SSLeay openafs-krb5-a wm2 unicode BSD-with-disclosure PCRE noweb MIT-with-advertising FLTK icu CDDL-1.1 LIBGLOSS LPPL-1.3 IDPL sash tcltk par Spencer-99 RtMidi rwpng NCSA-HDF ngrep scanlogd Sendmail Snd Time-modules AMPAS flexmock inner-net ipadic DUMB-0.9.3 Openwall rc HTML-Tidy Info-ZIP libpng sdlsasteroids trio BZIP2 BSD-with-attribution docbook lsof symlinks libtiff xboing iASL PHP-2.02 Sympow-BSD File-MMagic FLEX JOVE Mini-XML JasPer2.0 buddy torque-2.5 JDOM minpack Unicode_Fonts_for_Ancient_Scripts imagemagick coldspringharbor Emacs xbatt AIFFWriter.m mpich2 LLGPL-2.1 w3m gd tablelist FVWM boehm-gc ElementTree gsm Ispell SMAIL TeX-other-free LPPL-1.0 NEWLIB Allegro Xdebug the-Click-license UCAR-Unidata FastCGI repoze alternate tcp_wrappers_license xtrs DES Time-Format photopc ZSH curl pngcrush regexp-UofT Khronos-CLHPP TextMate-bundle BSD-2-with-patent Sendmail-Open-Source libpng2 otter URT libmng Old-MIT ErlPL-1.1 rdisc RSA sunpro XC VTK powell matplotlib NCSA-AMD LambdaMOO BSD-1 NPSL-0.95 dom4j Flashpix bufexplorer.vim mm perforce tm-align canfep Crypt-IDEA netcat Interbase-1.0 Princeton OAL-1.0.1 FDL-1.3+ FDL-1.2 ODC-By-1.0 Free-Art-1.3 MirOS FDL-1.3 FDL-1.2+ FDL-1.1+ CC-BY-3.0 CC-BY-2.5 CC-BY-SA-1.0 CC-BY-SA-3.0 CC0-1.0 CC-BY-SA-4.0 CC-BY-2.0 CC-BY-4.0 CC-BY-SA-2.0 CC-BY-SA-2.5 FDL-1.1 Free-Art-1.2 shmux freedist Broadcom ipw2200-fw bonnie ipw2100-fw RSAREF linux-fw-redistributable bh-luxi MicroChip-SDCC unRAR ISSL NVIDIA-r2 qlogic-fibre-channel-firmware NVIDIA-r1"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O3 -pipe -march=native"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d"
CXXFLAGS="-O3 -pipe -march=native"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--quiet-build=y"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-O3 -pipe -march=native"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O3 -pipe -march=native"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
INSTALL_MASK="/usr/share/locale/ru /usr/share/locale/de /usr/share/locale/es /usr/share/locale/sv /usr/share/locale/pl /usr/share/locale/it /usr/share/locale/zh* /usr/share/locale/tr /usr/share/locale/ca* /usr/share/locale/pt*"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs"
LEX="flex"
MAKEOPTS="-j8"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
RUSTFLAGS="-Copt-level=3 -Ctarget-cpu=znver2"
SHELL="/bin/bash"
USE="X a52 aac acl acpi activities alsa amd64 bash-completion bluetooth branding btrfs bzip2 cairo cdda cdr cet clang crypt cups dbus declarative default-lld dri dts dvdr encode exif flac gdbm gif gpg gpm gtk gui hwaccel iconv icu ipv6 iwd jit jpeg kde kwallet lapack lcms libnotify libtirpc lspclient lto lzma mad mng mp3 mp4 mpeg multilib native-extensions ncurses networkmanager nginx nls ogg opengl openh264 openmp opus pam pango pcre pdf pgo pipewire plasma png policykit ppds print pulseaudio qml qrcode qt5 readline rust screencast sdl seccomp semantic-desktop sound spell ssl startup-notification svg systemd test-rust threads tiff tree-sitter truetype udev udisks unicode upower usb vaapi vdpau verify-sig vorbis vulkan wasm wayland webp widgets wifi x264 xattr xcb xft xml xv xvid zlib zstd" ABI_X86="64" ADA_TARGET="gcc_12" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 pclmul popcnt rdrand sha sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 ntrip navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" INPUT_DEVICES="libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LLVM_TARGETS="AMDGPU BPF WebAssembly X86" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" RUBY_TARGETS="ruby31" VIDEO_CARDS="amdgpu radeon radeonsi" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, SIZE, STRINGS, STRIP, YACC, YFLAGS

=================================================================
                        Package Settings
=================================================================

net-misc/curl-8.7.1::gentoo was built with the following:
USE="adns alt-svc ftp hsts http2 imap openssl pop3 progress-meter psl smtp ssl tftp verify-sig zstd -brotli -gnutls -gopher -idn -kerberos -ldap -mbedtls (-nghttp3) -rtmp -rustls -samba -ssh (-sslv3) -static-libs -telnet -test -websockets" ABI_X86="(64) -32 (-x32)" CURL_SSL="openssl -gnutls -mbedtls -rustls"
FEATURES="merge-sync parallel-fetch binpkg-docompress preserve-libs protect-owned pid-sandbox distlocks fixlafiles news unknown-features-warn sandbox sfperms multilib-strict strict xattr userpriv assume-digests ebuild-locks ipc-sandbox unmerge-logs network-sandbox binpkg-logs config-protect-if-modified buildpkg-live unmerge-orphans binpkg-dostrip userfetch usersandbox pkgdir-index-trusted usersync qa-unresolved-soname-deps"


dev-vcs/git-2.43.2::gentoo was built with the following:
USE="blksha1 curl gpg iconv nls pcre perl safe-directory webdav -cgi -cvs -doc -highlight -keyring -mediawiki -perforce (-selinux) -subversion -test -tk -xinetd" ABI_X86="(64)" PYTHON_SINGLE_TARGET="python3_11 -python3_10 -python3_12"
FEATURES="binpkg-logs unmerge-logs sandbox strict multilib-strict buildpkg-live distlocks fixlafiles protect-owned merge-sync pkgdir-index-trusted preserve-libs qa-unresolved-soname-deps unmerge-orphans userfetch usersync config-protect-if-modified ipc-sandbox parallel-fetch ebuild-locks binpkg-dostrip pid-sandbox userpriv binpkg-docompress xattr news usersandbox network-sandbox sfperms assume-digests unknown-features-warn"

Comment 1 Matt Jolly gentoo-dev

2024-03-30 21:43:57 UTC

Have you tried a non GitHub endpoint?(A git pull or clone should be fine)

I suspect rustls is working as designed and that GH have gone to TLS1.3 only, which rustls does not support.

Comment 2 Vincent de Phily 2024-03-31 00:38:50 UTC

I won't be able to do proper tests for a few days, but rustls should definitely support TLS1.3: https://docs.rs/rustls/latest/rustls/manual/_04_features/index.html

Since when is github TLS1.3-only ? I can't find a mention of that. For me, the issue started after the 23.0 portage profile update this week, I had been using curl with rustls for months before that.

I was initially affected by #919396 which now seems fixed, but maybe the fix introduced a regression ?

Comment 3 Mike Gilbert gentoo-dev

2024-03-31 01:29:29 UTC

Github still has TLS 1.2 turned on.

https://www.ssllabs.com/ssltest/analyze.html?d=github.com

However, checking multiple hosts seems like a good troubleshooting step.

Comment 4 Matt Jolly gentoo-dev

2024-03-31 03:06:13 UTC

(In reply to Mike Gilbert from comment #3)
> Github still has TLS 1.2 turned on.

I checked that but forgot to check in here with the results.

I'll raise something with curl.

> rustls should definitely support TLS1.3

Curl configure indicates otherwise. I'll chase down why, it's probably outdated.

Comment 5 Enne Eziarc 2024-03-31 07:26:58 UTC

I had to give up and go back to openssl a few weeks ago because I was getting a different failure mode with Github repos: large transfers would *begin* successfully, then curl would consistently die with a rustls error after a few seconds, making it impossible to do a fresh git clone on anything more than a few MB.

Those symptoms seemed kind of "500 mile email" to me; I just wrote it off as user error at the time since I couldn't find anyone else complaining, but now I see this and wonder if it's related.

Comment 6 Emanuel Czirai 2024-03-31 14:36:24 UTC

Not sure why, but downgrading curl to a feb 8 xpak resolves the issue, but rebuilding the same version(as the xpak) of curl still has the issue.

So this curl works fine:
```
# emerge -K /var/cache/binpkgs/net-misc/curl/curl-8.6.0-r1-1.xpak
```

which is this:
```
-rw-r--r-- 1 root root 13844763 Feb  8 20:00 /var/cache/binpkgs/net-misc/curl/curl-8.6.0-r1-1.xpak
```


ie. this has no issues:
$ curl https://example.com

but rebuilding curl net-misc/curl-8.6.0-r1::gentoo
```
Calculating dependencies  ... done!
Dependency resolution took 1.83 s (backtrack: 0/300).

[ebuild   R    ] net-misc/curl-8.6.0-r1::gentoo  USE="alt-svc ftp hsts http2 imap progress-meter psl rustls ssl verify-sig zstd -adns -brotli -gnutls -gopher -idn -kerberos -ldap -mbedtls -nghttp3 -openssl -pop3 -rtmp -samba -smtp -ssh (-sslv3) -static-libs -telnet -test -tftp -websockets" CURL_SSL="rustls -gnutls -mbedtls -openssl" 0 KiB

Total: 1 package (1 reinstall), Size of downloads: 0 KiB

>>> Verifying ebuild manifests
>>> Emerging (1 of 1) net-misc/curl-8.6.0-r1::gentoo
>>> Installing (1 of 1) net-misc/curl-8.6.0-r1::gentoo
```

Well, the issue is back:
```
$ curl https://example.com
curl: (60) rustls_connection_process_new_packets: invalid peer certificate: BadSignature
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
````

Both curls use the same net-libs/rustls-ffi-0.10.0-r1::gentoo

Note that net-libs/rustls-ffi-0.10.0-r1::gentoo cannot be recompiled due to:
```
error[E0635]: unknown feature `proc_macro_span_shrink`
  --> /var/tmp/portage/net-libs/rustls-ffi-0.10.0-r1/work/cargo_home/gentoo/proc-macro2-1.0.55/src/lib.rs:92:30
   |
92 |     feature(proc_macro_span, proc_macro_span_shrink)
   |                              ^^^^^^^^^^^^^^^^^^^^^^
```
so that one's from the .xpak , but both curls use it.

Not sure what's going on, but it doesn't seem to be due to newer curl version.

Comment 7 Emanuel Czirai 2024-03-31 15:21:14 UTC

ok I figured out why the same version rebuilt wouldn't work, the ebuild was changed like this:

https://gitweb.gentoo.org/repo/gentoo.git/commit/net-misc/curl/curl-8.6.0-r1.ebuild?id=7046fc5e9c466101184aba00716f9c666c9ca680

so if I revert that, then curl works, ie. this issue isn't present.

ie. this ebuild works: https://gitweb.gentoo.org/repo/gentoo.git/commit/net-misc/curl/curl-8.6.0-r1.ebuild?id=dca9900c72b7091a5bb82b488f57bc2aa07bf90f

So I'm guessing this is the problem:
"${FILESDIR}"/${P}-backport-rustls-detection.patch
I'll double check and let you know

Comment 8 Emanuel Czirai 2024-03-31 15:24:54 UTC

confirmed if I just comment out that patch line from the ebuild, the curl that's rebuilt doesn't have the issue.

Comment 9 Matt Jolly gentoo-dev

2024-03-31 22:46:02 UTC

Thanks for your assistance tracking down the build error logic upstream. Revbumps incoming!

Comment 10 Larry the Git Cow gentoo-dev

2024-04-01 03:59:40 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f771d408960dc347c4e3c6e2de704d1020ab20da

commit f771d408960dc347c4e3c6e2de704d1020ab20da
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-03-31 23:04:50 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-04-01 03:53:43 +0000

    net-misc/curl: apply backported rustls fixes to 8.5.0
    
    Closes: https://bugs.gentoo.org/928236
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 net-misc/curl/curl-8.5.0-r3.ebuild | 1 +
 1 file changed, 1 insertion(+)

Additionally, it has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d477c73f0fb9a7649eefdd96f3c96154153f2bf4

commit d477c73f0fb9a7649eefdd96f3c96154153f2bf4
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-03-31 22:55:27 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-04-01 03:53:43 +0000

    net-misc/curl: add 8.6.0-r2
    
    Revbump to fix some runtime issues resulting from a
    subtle order-of-operations error in rustls detection via
    pkgconfig.
    
    Bug: https://bugs.gentoo.org/928236
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 net-misc/curl/curl-8.6.0-r2.ebuild                | 367 ++++++++++++++++++++++
 net-misc/curl/files/curl-8.6.0-rustls-fixes.patch | 252 +++++++++++++++
 2 files changed, 619 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ebfd9734347ec5157a6eb74524eeaf036d7509f

commit 2ebfd9734347ec5157a6eb74524eeaf036d7509f
Author:     Matt Jolly <kangie@gentoo.org>
AuthorDate: 2024-03-31 22:46:34 +0000
Commit:     Matt Jolly <kangie@gentoo.org>
CommitDate: 2024-04-01 03:53:39 +0000

    net-misc/curl: add 8.7.1-r1
    
    Revbump to fix some runtime issues resulting from a
    subtle order-of-operations error in rustls detection via
    pkgconfig.
    
    Bug: https://bugs.gentoo.org/928236
    Signed-off-by: Matt Jolly <kangie@gentoo.org>

 net-misc/curl/curl-8.7.1-r1.ebuild                | 369 ++++++++++++++++++++++
 net-misc/curl/files/curl-8.7.1-rustls-fixes.patch |  49 +++
 2 files changed, 418 insertions(+)