From unknown Fri Aug 15 20:28:01 2025 X-Loop: help-debbugs@gnu.org Subject: bug#18526: Failure to download from github due to TLS fatal alert Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 22 Sep 2014 12:34:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 18526 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 18526@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.141138922323349 (code B ref -1); Mon, 22 Sep 2014 12:34:01 +0000 Received: (at submit) by debbugs.gnu.org; 22 Sep 2014 12:33:43 +0000 Received: from localhost ([127.0.0.1]:48207 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XW2oI-00064W-Dq for submit@debbugs.gnu.org; Mon, 22 Sep 2014 08:33:43 -0400 Received: from eggs.gnu.org ([208.118.235.92]:34800) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XW2oG-00064O-0i for submit@debbugs.gnu.org; Mon, 22 Sep 2014 08:33:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XW2oB-00073R-2Z for submit@debbugs.gnu.org; Mon, 22 Sep 2014 08:33:39 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:57538) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XW2oB-00072D-0F for submit@debbugs.gnu.org; Mon, 22 Sep 2014 08:33:35 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36405) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XW2o1-0002lb-3f for bug-guix@gnu.org; Mon, 22 Sep 2014 08:33:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XW2nw-0006xl-9S for bug-guix@gnu.org; Mon, 22 Sep 2014 08:33:25 -0400 Received: from hera.aquilenet.fr ([2a01:474::1]:53306) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XW2nv-0006vY-VH for bug-guix@gnu.org; Mon, 22 Sep 2014 08:33:20 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id DB4AC3A84 for ; Mon, 22 Sep 2014 14:33:13 +0200 (CEST) Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xPL-rkBnxBp7 for ; Mon, 22 Sep 2014 14:33:13 +0200 (CEST) Received: from pluto (reverse-83.fdn.fr [80.67.176.83]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 5D2D73A69 for ; Mon, 22 Sep 2014 14:33:13 +0200 (CEST) From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 1 =?UTF-8?Q?Vend=C3=A9miaire?= an 223 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0xEA52ECF4 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 83C4 F8E5 10A3 3B4C 5BEA D15D 77DD 95E2 EA52 ECF4 X-OS: x86_64-unknown-linux-gnu Date: Mon, 22 Sep 2014 14:33:13 +0200 Message-ID: <87a95rq1h2.fsf@gnu.org> User-Agent: Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -6.0 (------) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) --=-=-= Content-Type: text/plain >From guix-devel. --=-=-= Content-Type: message/rfc822 Content-Disposition: inline Return-Path: Received: from solo.fdn.fr ([unix socket]) by solo (Cyrus v2.4.16-Debian-2.4.16-4+deb7u2) with LMTPA; Wed, 13 Aug 2014 23:56:54 +0200 X-Sieve: CMU Sieve 2.4 Received: by solo.fdn.fr (Postfix) id C74CBD07CC; Wed, 13 Aug 2014 23:56:54 +0200 (CEST) Delivered-To: ludovic.courtes@fdn.fr Received: from fencepost.gnu.org (fencepost.gnu.org [IPv6:2001:4830:134:3::e]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by solo.fdn.fr (Postfix) with ESMTPS id 84F7DD07C7 for ; Wed, 13 Aug 2014 23:56:54 +0200 (CEST) Received: from eggs.gnu.org ([2001:4830:134:3::10]:33253) by fencepost.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1XHgXN-0005We-Bq for ludo@gnu.org; Wed, 13 Aug 2014 17:56:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XHgXF-0000as-Sc for ludo@gnu.org; Wed, 13 Aug 2014 17:56:53 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:37341) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHgXF-0000an-QI for ludo@gnu.org; Wed, 13 Aug 2014 17:56:45 -0400 Received: from localhost ([::1]:50463 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHgXF-00026c-My for ludo@gnu.org; Wed, 13 Aug 2014 17:56:45 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37182) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHgX8-00021J-8q for guix-devel@gnu.org; Wed, 13 Aug 2014 17:56:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XHgX3-0000WM-Fi for guix-devel@gnu.org; Wed, 13 Aug 2014 17:56:38 -0400 Received: from hera.aquilenet.fr ([2a01:474::1]:33194) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHgX3-0000WA-0n for guix-devel@gnu.org; Wed, 13 Aug 2014 17:56:33 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 971B33769; Wed, 13 Aug 2014 23:56:31 +0200 (CEST) Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qI8DoEh-KLdC; Wed, 13 Aug 2014 23:56:31 +0200 (CEST) Received: from pluto (reverse-83.fdn.fr [80.67.176.83]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 1898BAA2; Wed, 13 Aug 2014 23:56:30 +0200 (CEST) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Mark H Weaver Subject: Re: Guix unable to download from github due to TLS fatal alert References: <87y4utm4ju.fsf@netris.org> <8738d0tdir.fsf@yeeloong.lan> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 26 Thermidor an 222 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0xEA52ECF4 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 83C4 F8E5 10A3 3B4C 5BEA D15D 77DD 95E2 EA52 ECF4 X-OS: x86_64-unknown-linux-gnu Date: Wed, 13 Aug 2014 23:56:30 +0200 In-Reply-To: <8738d0tdir.fsf@yeeloong.lan> (Mark H. Weaver's message of "Wed, 13 Aug 2014 15:06:52 -0400") Message-ID: <87y4us12b5.fsf@gnu.org> User-Agent: Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). Cc: guix-devel@gnu.org X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+ludo=gnu.org@gnu.org Sender: guix-devel-bounces+ludo=gnu.org@gnu.org X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mark H Weaver skribis: > Here's what happens: > > $ guix download https://github.com/downloads/magit/magit/magit-1.2.0.tar.= gz > starting download of `guix-file.cszPnB' from `https://github.com/download= s/magit/magit/magit-1.2.0.tar.gz'... > following redirection to `https://cloud.github.com/downloads/magit/magit/= magit-1.2.0.tar.gz'... > ERROR: Throw to key `gnutls-error' with args `(# handshake)'. > failed to download "guix-file.cszPnB" from "https://github.com/downloads/= magit/magit/magit-1.2.0.tar.gz" > guix download: error: https://github.com/downloads/magit/magit/magit-1.2.= 0.tar.gz: download failed I see that as well. However, other github.com URLs works: --8<---------------cut here---------------start------------->8--- $ guix download https://github.com/flavio/qjson/archive/0.8.1.tar.gz starting download of `guix-file.tL8gal' from `https://github.com/flavio/qjs= on/archive/0.8.1.tar.gz'... following redirection to `https://codeload.github.com/flavio/qjson/tar.gz/0= .8.1'... https://codeload.github.com/.../0.8.1 100.0% of 71.6 KiB /gnu/store/fqfm3zm9pzwgic9sz2x8hk8ykm9yhkqw-0.8.1.tar.gz 163fspi0xc705irv79qw861fmh68pjyla9vx3kqiq6xrdhb9834j $ guix download https://github.com/maebert/jrnl/archive/1.8.4.tar.gz starting download of `guix-file.oK809e' from `https://github.com/maebert/jr= nl/archive/1.8.4.tar.gz'... following redirection to `https://codeload.github.com/maebert/jrnl/tar.gz/1= .8.4'... https://codeload.github.com/.../1.8.4 100.0% of 162.4 KiB /gnu/store/cb39bf5ljrglj72bxarcsws241qhw5a8-1.8.4.tar.gz 019ky09sj5i7frmca0imv4jm46mn3f4lzah2wmiwxh22cisj7ksn --8<---------------cut here---------------end--------------->8--- With debugging enabled in build/download.scm, the relevant part is: --8<---------------cut here---------------start------------->8--- gnutls: [699|3] HSK[0x104e530]: CLIENT HELLO was queued [249 bytes] gnutls: [699|7] HWRITE: enqueued [CLIENT HELLO] 249. Total 249 bytes. gnutls: [699|7] HWRITE FLUSH: 249 bytes in buffer. gnutls: [699|4] REC[0x104e530]: Preparing Packet Handshake(22) with length:= 249 and min pad: 0 gnutls: [699|9] ENC[0x104e530]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 gnutls: [699|7] WRITE: enqueued 254 bytes for 0xe. Total 254 bytes. gnutls: [699|4] REC[0x104e530]: Sent Packet[1] Handshake(22) in epoch 0 and= length: 254 gnutls: [699|7] HWRITE: wrote 1 bytes, 0 bytes left. gnutls: [699|7] WRITE FLUSH: 254 bytes in buffer. gnutls: [699|7] WRITE: wrote 254 bytes, 0 bytes left. gnutls: [699|2] ASSERT: gnutls_buffers.c:1075 gnutls: [699|7] READ: Got 5 bytes from 0xe gnutls: [699|7] READ: read 5 bytes from 0xe gnutls: [699|7] RB: Have 0 bytes into buffer. Adding 5 bytes. gnutls: [699|7] RB: Requested 5 bytes gnutls: [699|4] REC[0x104e530]: SSL 3.3 Alert packet received. Epoch 0, len= gth: 2 gnutls: [699|4] REC[0x104e530]: Expected Packet Handshake(22) gnutls: [699|4] REC[0x104e530]: Received Packet Alert(21) with length: 2 gnutls: [699|7] READ: Got 2 bytes from 0xe gnutls: [699|7] READ: read 2 bytes from 0xe gnutls: [699|7] RB: Have 5 bytes into buffer. Adding 2 bytes. gnutls: [699|7] RB: Requested 7 bytes gnutls: [699|4] REC[0x104e530]: Decrypted Packet[0] Alert(21) with length: 2 gnutls: [699|4] REC[0x104e530]: Alert[2|40] - Handshake failed - was receiv= ed --8<---------------cut here---------------end--------------->8--- Wget can be made to fail similarly: --8<---------------cut here---------------start------------->8--- $ wget --secure-protocol=3DSSLv3 -O /dev/null https://github.com/downloads/= magit/magit/magit-1.2.0.tar.gz --2014-08-13 23:48:53-- https://github.com/downloads/magit/magit/magit-1.2= .0.tar.gz Resolving github.com... 192.30.252.128 Connecting to github.com|192.30.252.128|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://cloud.github.com/downloads/magit/magit/magit-1.2.0.tar.gz= [following] --2014-08-13 23:48:54-- https://cloud.github.com/downloads/magit/magit/mag= it-1.2.0.tar.gz Resolving cloud.github.com... 54.230.44.78, 54.230.44.145, 54.230.44.189, .= .. Connecting to cloud.github.com|54.230.44.78|:443... connected. GnuTLS: A TLS fatal alert has been received. GnuTLS: received alert [40]: Handshake failed Unable to establish SSL connection. --8<---------------cut here---------------end--------------->8--- But its default --secure-protocol=3Dauto just works, although its gnutls.c just seems to use the default priorities like we do. Further investigation needed... Ludo=E2=80=99. --=-=-=-- From unknown Fri Aug 15 20:28:01 2025 X-Loop: help-debbugs@gnu.org Subject: bug#18526: Failure to download from github due to TLS fatal alert Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 22 Sep 2014 13:33:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 18526 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 18526@debbugs.gnu.org Received: via spool by 18526-submit@debbugs.gnu.org id=B18526.141139277028973 (code B ref 18526); Mon, 22 Sep 2014 13:33:04 +0000 Received: (at 18526) by debbugs.gnu.org; 22 Sep 2014 13:32:50 +0000 Received: from localhost ([127.0.0.1]:48243 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XW3jV-0007XE-CV for submit@debbugs.gnu.org; Mon, 22 Sep 2014 09:32:49 -0400 Received: from hera.aquilenet.fr ([141.255.128.1]:55695) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XW3jR-0007X4-LC for 18526@debbugs.gnu.org; Mon, 22 Sep 2014 09:32:46 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id A02483A84 for <18526@debbugs.gnu.org>; Mon, 22 Sep 2014 15:32:43 +0200 (CEST) Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGRNc3ql9TTl for <18526@debbugs.gnu.org>; Mon, 22 Sep 2014 15:32:43 +0200 (CEST) Received: from pluto (reverse-83.fdn.fr [80.67.176.83]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 504592F4E for <18526@debbugs.gnu.org>; Mon, 22 Sep 2014 15:32:43 +0200 (CEST) From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <87a95rq1h2.fsf@gnu.org> Date: Mon, 22 Sep 2014 15:32:43 +0200 In-Reply-To: <87a95rq1h2.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 22 Sep 2014 14:33:13 +0200") Message-ID: <8761gfpypw.fsf@gnu.org> User-Agent: Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable The culprit is that our client would not support the TLS =E2=80=98SERVER NA= ME=E2=80=99 extension, unlike the wget and gnutls-cli (this is enabled simply by calling =E2=80=98gnutls_server_name_set=E2=80=99.) Here=E2=80=99s a proof-= of-concept workaround: --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/guix/build/download.scm b/guix/build/download.scm index d98933a..b44302f 100644 --- a/guix/build/download.scm +++ b/guix/build/download.scm @@ -112,6 +112,24 @@ abbreviation of URI showing the scheme, host, and basename of the file." "Hold a weak reference from FROM to TO." (hashq-set! table from to)))) +(use-modules (system foreign)) + +(define set-server-name! + (let* ((lib (string-append (getenv "HOME") "/.guix-profile/lib/libgnutls")) + (ptr (dynamic-func "gnutls_server_name_set" + (dynamic-link lib))) + (proc (pointer->procedure int ptr + (list '* int '* size_t)))) + (lambda (session type name) + ;; SESSION is a SMOB, and the 'gnutls_session_t' pointer is in its + ;; second cell. + (let* ((cell (make-pointer (+ (sizeof '*) (object-address session)))) + (session (dereference-pointer cell))) + (zero? (proc session type + (string->pointer name) (string-length name))))))) + +(define GNUTLS_NAME_DNS 1) + (define (tls-wrap port) "Return PORT wrapped in a TLS connection." (define (log level str) @@ -119,6 +137,7 @@ abbreviation of URI showing the scheme, host, and basename of the file." "gnutls: [~a|~a] ~a" (getpid) level str)) (let ((session (make-session connection-end/client))) + (set-server-name! session GNUTLS_NAME_DNS "cloud.github.com") (set-session-transport-fd! session (fileno port)) (set-session-default-priority! session) (set-session-credentials! session (make-certificate-credentials)) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I=E2=80=99ll add bindings for =E2=80=98gnutls_server_name_set=E2=80=99 in G= nuTLS proper, and then we can correctly address this bug. Ludo=E2=80=99. --=-=-=-- From unknown Fri Aug 15 20:28:01 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.503 (Entity 5.503) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#18526: closed (Re: bug#18526: Failure to download from github due to TLS fatal alert) Message-ID: References: <87egv3mpid.fsf@gnu.org> <87a95rq1h2.fsf@gnu.org> X-Gnu-PR-Message: they-closed 18526 X-Gnu-PR-Package: guix Reply-To: 18526@debbugs.gnu.org Date: Mon, 22 Sep 2014 19:20:03 +0000 Content-Type: multipart/mixed; boundary="----------=_1411413604-3572-1" This is a multi-part message in MIME format... ------------=_1411413604-3572-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #18526: Failure to download from github due to TLS fatal alert which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 18526@debbugs.gnu.org. --=20 18526: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D18526 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1411413604-3572-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 18526-done) by debbugs.gnu.org; 22 Sep 2014 19:20:00 +0000 Received: from localhost ([127.0.0.1]:49166 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XW99T-0000vH-KD for submit@debbugs.gnu.org; Mon, 22 Sep 2014 15:19:59 -0400 Received: from hera.aquilenet.fr ([141.255.128.1]:55910) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XW99Q-0000v7-F9 for 18526-done@debbugs.gnu.org; Mon, 22 Sep 2014 15:19:57 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id D22513AE8 for <18526-done@debbugs.gnu.org>; Mon, 22 Sep 2014 21:19:54 +0200 (CEST) Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9JqoMp2coJLP for <18526-done@debbugs.gnu.org>; Mon, 22 Sep 2014 21:19:54 +0200 (CEST) Received: from pluto (reverse-83.fdn.fr [80.67.176.83]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 88D7639C4 for <18526-done@debbugs.gnu.org>; Mon, 22 Sep 2014 21:19:54 +0200 (CEST) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: 18526-done@debbugs.gnu.org Subject: Re: bug#18526: Failure to download from github due to TLS fatal alert References: <87a95rq1h2.fsf@gnu.org> <8761gfpypw.fsf@gnu.org> Date: Mon, 22 Sep 2014 21:19:54 +0200 In-Reply-To: <8761gfpypw.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 22 Sep 2014 15:32:43 +0200") Message-ID: <87egv3mpid.fsf@gnu.org> User-Agent: Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 18526-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Commit 077bd18 fixes it, using the =E2=80=98set-session-server-name!=E2=80= =99 procedure introduced in GnuTLS commit e9fc746: https://gitorious.org/gnutls/gnutls/commit/e9fc74641dae2747b98bc9f79afc04= 1805819339 It should be in the next GnuTLS release. Ludo=E2=80=99. ------------=_1411413604-3572-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 22 Sep 2014 12:33:43 +0000 Received: from localhost ([127.0.0.1]:48207 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XW2oI-00064W-Dq for submit@debbugs.gnu.org; Mon, 22 Sep 2014 08:33:43 -0400 Received: from eggs.gnu.org ([208.118.235.92]:34800) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XW2oG-00064O-0i for submit@debbugs.gnu.org; Mon, 22 Sep 2014 08:33:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XW2oB-00073R-2Z for submit@debbugs.gnu.org; Mon, 22 Sep 2014 08:33:39 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:57538) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XW2oB-00072D-0F for submit@debbugs.gnu.org; Mon, 22 Sep 2014 08:33:35 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:36405) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XW2o1-0002lb-3f for bug-guix@gnu.org; Mon, 22 Sep 2014 08:33:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XW2nw-0006xl-9S for bug-guix@gnu.org; Mon, 22 Sep 2014 08:33:25 -0400 Received: from hera.aquilenet.fr ([2a01:474::1]:53306) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XW2nv-0006vY-VH for bug-guix@gnu.org; Mon, 22 Sep 2014 08:33:20 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id DB4AC3A84 for ; Mon, 22 Sep 2014 14:33:13 +0200 (CEST) Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xPL-rkBnxBp7 for ; Mon, 22 Sep 2014 14:33:13 +0200 (CEST) Received: from pluto (reverse-83.fdn.fr [80.67.176.83]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 5D2D73A69 for ; Mon, 22 Sep 2014 14:33:13 +0200 (CEST) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: bug-guix@gnu.org Subject: Failure to download from github due to TLS fatal alert X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 1 =?utf-8?Q?Vend=C3=A9miaire?= an 223 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0xEA52ECF4 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 83C4 F8E5 10A3 3B4C 5BEA D15D 77DD 95E2 EA52 ECF4 X-OS: x86_64-unknown-linux-gnu Date: Mon, 22 Sep 2014 14:33:13 +0200 Message-ID: <87a95rq1h2.fsf@gnu.org> User-Agent: Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -6.0 (------) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) --=-=-= Content-Type: text/plain >From guix-devel. --=-=-= Content-Type: message/rfc822 Content-Disposition: inline Return-Path: Received: from solo.fdn.fr ([unix socket]) by solo (Cyrus v2.4.16-Debian-2.4.16-4+deb7u2) with LMTPA; Wed, 13 Aug 2014 23:56:54 +0200 X-Sieve: CMU Sieve 2.4 Received: by solo.fdn.fr (Postfix) id C74CBD07CC; Wed, 13 Aug 2014 23:56:54 +0200 (CEST) Delivered-To: ludovic.courtes@fdn.fr Received: from fencepost.gnu.org (fencepost.gnu.org [IPv6:2001:4830:134:3::e]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by solo.fdn.fr (Postfix) with ESMTPS id 84F7DD07C7 for ; Wed, 13 Aug 2014 23:56:54 +0200 (CEST) Received: from eggs.gnu.org ([2001:4830:134:3::10]:33253) by fencepost.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1XHgXN-0005We-Bq for ludo@gnu.org; Wed, 13 Aug 2014 17:56:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XHgXF-0000as-Sc for ludo@gnu.org; Wed, 13 Aug 2014 17:56:53 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:37341) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHgXF-0000an-QI for ludo@gnu.org; Wed, 13 Aug 2014 17:56:45 -0400 Received: from localhost ([::1]:50463 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHgXF-00026c-My for ludo@gnu.org; Wed, 13 Aug 2014 17:56:45 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37182) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHgX8-00021J-8q for guix-devel@gnu.org; Wed, 13 Aug 2014 17:56:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XHgX3-0000WM-Fi for guix-devel@gnu.org; Wed, 13 Aug 2014 17:56:38 -0400 Received: from hera.aquilenet.fr ([2a01:474::1]:33194) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHgX3-0000WA-0n for guix-devel@gnu.org; Wed, 13 Aug 2014 17:56:33 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 971B33769; Wed, 13 Aug 2014 23:56:31 +0200 (CEST) Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qI8DoEh-KLdC; Wed, 13 Aug 2014 23:56:31 +0200 (CEST) Received: from pluto (reverse-83.fdn.fr [80.67.176.83]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 1898BAA2; Wed, 13 Aug 2014 23:56:30 +0200 (CEST) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Mark H Weaver Subject: Re: Guix unable to download from github due to TLS fatal alert References: <87y4utm4ju.fsf@netris.org> <8738d0tdir.fsf@yeeloong.lan> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 26 Thermidor an 222 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0xEA52ECF4 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 83C4 F8E5 10A3 3B4C 5BEA D15D 77DD 95E2 EA52 ECF4 X-OS: x86_64-unknown-linux-gnu Date: Wed, 13 Aug 2014 23:56:30 +0200 In-Reply-To: <8738d0tdir.fsf@yeeloong.lan> (Mark H. Weaver's message of "Wed, 13 Aug 2014 15:06:52 -0400") Message-ID: <87y4us12b5.fsf@gnu.org> User-Agent: Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). Cc: guix-devel@gnu.org X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+ludo=gnu.org@gnu.org Sender: guix-devel-bounces+ludo=gnu.org@gnu.org X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mark H Weaver skribis: > Here's what happens: > > $ guix download https://github.com/downloads/magit/magit/magit-1.2.0.tar.= gz > starting download of `guix-file.cszPnB' from `https://github.com/download= s/magit/magit/magit-1.2.0.tar.gz'... > following redirection to `https://cloud.github.com/downloads/magit/magit/= magit-1.2.0.tar.gz'... > ERROR: Throw to key `gnutls-error' with args `(# handshake)'. > failed to download "guix-file.cszPnB" from "https://github.com/downloads/= magit/magit/magit-1.2.0.tar.gz" > guix download: error: https://github.com/downloads/magit/magit/magit-1.2.= 0.tar.gz: download failed I see that as well. However, other github.com URLs works: --8<---------------cut here---------------start------------->8--- $ guix download https://github.com/flavio/qjson/archive/0.8.1.tar.gz starting download of `guix-file.tL8gal' from `https://github.com/flavio/qjs= on/archive/0.8.1.tar.gz'... following redirection to `https://codeload.github.com/flavio/qjson/tar.gz/0= .8.1'... https://codeload.github.com/.../0.8.1 100.0% of 71.6 KiB /gnu/store/fqfm3zm9pzwgic9sz2x8hk8ykm9yhkqw-0.8.1.tar.gz 163fspi0xc705irv79qw861fmh68pjyla9vx3kqiq6xrdhb9834j $ guix download https://github.com/maebert/jrnl/archive/1.8.4.tar.gz starting download of `guix-file.oK809e' from `https://github.com/maebert/jr= nl/archive/1.8.4.tar.gz'... following redirection to `https://codeload.github.com/maebert/jrnl/tar.gz/1= .8.4'... https://codeload.github.com/.../1.8.4 100.0% of 162.4 KiB /gnu/store/cb39bf5ljrglj72bxarcsws241qhw5a8-1.8.4.tar.gz 019ky09sj5i7frmca0imv4jm46mn3f4lzah2wmiwxh22cisj7ksn --8<---------------cut here---------------end--------------->8--- With debugging enabled in build/download.scm, the relevant part is: --8<---------------cut here---------------start------------->8--- gnutls: [699|3] HSK[0x104e530]: CLIENT HELLO was queued [249 bytes] gnutls: [699|7] HWRITE: enqueued [CLIENT HELLO] 249. Total 249 bytes. gnutls: [699|7] HWRITE FLUSH: 249 bytes in buffer. gnutls: [699|4] REC[0x104e530]: Preparing Packet Handshake(22) with length:= 249 and min pad: 0 gnutls: [699|9] ENC[0x104e530]: cipher: NULL, MAC: MAC-NULL, Epoch: 0 gnutls: [699|7] WRITE: enqueued 254 bytes for 0xe. Total 254 bytes. gnutls: [699|4] REC[0x104e530]: Sent Packet[1] Handshake(22) in epoch 0 and= length: 254 gnutls: [699|7] HWRITE: wrote 1 bytes, 0 bytes left. gnutls: [699|7] WRITE FLUSH: 254 bytes in buffer. gnutls: [699|7] WRITE: wrote 254 bytes, 0 bytes left. gnutls: [699|2] ASSERT: gnutls_buffers.c:1075 gnutls: [699|7] READ: Got 5 bytes from 0xe gnutls: [699|7] READ: read 5 bytes from 0xe gnutls: [699|7] RB: Have 0 bytes into buffer. Adding 5 bytes. gnutls: [699|7] RB: Requested 5 bytes gnutls: [699|4] REC[0x104e530]: SSL 3.3 Alert packet received. Epoch 0, len= gth: 2 gnutls: [699|4] REC[0x104e530]: Expected Packet Handshake(22) gnutls: [699|4] REC[0x104e530]: Received Packet Alert(21) with length: 2 gnutls: [699|7] READ: Got 2 bytes from 0xe gnutls: [699|7] READ: read 2 bytes from 0xe gnutls: [699|7] RB: Have 5 bytes into buffer. Adding 2 bytes. gnutls: [699|7] RB: Requested 7 bytes gnutls: [699|4] REC[0x104e530]: Decrypted Packet[0] Alert(21) with length: 2 gnutls: [699|4] REC[0x104e530]: Alert[2|40] - Handshake failed - was receiv= ed --8<---------------cut here---------------end--------------->8--- Wget can be made to fail similarly: --8<---------------cut here---------------start------------->8--- $ wget --secure-protocol=3DSSLv3 -O /dev/null https://github.com/downloads/= magit/magit/magit-1.2.0.tar.gz --2014-08-13 23:48:53-- https://github.com/downloads/magit/magit/magit-1.2= .0.tar.gz Resolving github.com... 192.30.252.128 Connecting to github.com|192.30.252.128|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://cloud.github.com/downloads/magit/magit/magit-1.2.0.tar.gz= [following] --2014-08-13 23:48:54-- https://cloud.github.com/downloads/magit/magit/mag= it-1.2.0.tar.gz Resolving cloud.github.com... 54.230.44.78, 54.230.44.145, 54.230.44.189, .= .. Connecting to cloud.github.com|54.230.44.78|:443... connected. GnuTLS: A TLS fatal alert has been received. GnuTLS: received alert [40]: Handshake failed Unable to establish SSL connection. --8<---------------cut here---------------end--------------->8--- But its default --secure-protocol=3Dauto just works, although its gnutls.c just seems to use the default priorities like we do. Further investigation needed... Ludo=E2=80=99. --=-=-=-- ------------=_1411413604-3572-1-- From unknown Fri Aug 15 20:28:01 2025 X-Loop: help-debbugs@gnu.org Subject: bug#18526: Failure to download from github due to TLS fatal alert Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 13 Oct 2014 21:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 18526 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 18526@debbugs.gnu.org Received: via spool by 18526-submit@debbugs.gnu.org id=B18526.141323613526257 (code B ref 18526); Mon, 13 Oct 2014 21:36:01 +0000 Received: (at 18526) by debbugs.gnu.org; 13 Oct 2014 21:35:35 +0000 Received: from localhost ([127.0.0.1]:42920 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XdnHC-0006pR-6b for submit@debbugs.gnu.org; Mon, 13 Oct 2014 17:35:34 -0400 Received: from hera.aquilenet.fr ([141.255.128.1]:50114) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XdnH7-0006pG-NE for 18526@debbugs.gnu.org; Mon, 13 Oct 2014 17:35:30 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 9E1913DBE for <18526@debbugs.gnu.org>; Mon, 13 Oct 2014 23:35:27 +0200 (CEST) Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ZSa8Cy2m1l3 for <18526@debbugs.gnu.org>; Mon, 13 Oct 2014 23:35:27 +0200 (CEST) Received: from pluto (reverse-83.fdn.fr [80.67.176.83]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 4D93A1676 for <18526@debbugs.gnu.org>; Mon, 13 Oct 2014 23:35:27 +0200 (CEST) From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <87a95rq1h2.fsf@gnu.org> <8761gfpypw.fsf@gnu.org> Date: Mon, 13 Oct 2014 23:35:35 +0200 In-Reply-To: <8761gfpypw.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 22 Sep 2014 15:32:43 +0200") Message-ID: <87h9z7odp4.fsf@gnu.org> User-Agent: Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Commit 3de9a59 pushed an update to GnuTLS 3.2.19, which brings the new =E2=80=98set-server-name!=E2=80=99 procedure. Ludo=E2=80=99.