GNU bug report logs -
#25059
gnutls: asynchronous spurious "fatal error"
Previous Next
Reported by: Andy Wingo <wingo <at> igalia.com>
Date: Tue, 29 Nov 2016 10:07:02 UTC
Severity: normal
Tags: fixed
Merged with 25060
Found in version 24.5
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 25059 in the body.
You can then email your comments to 25059 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25059; Package
emacs.
(Tue, 29 Nov 2016 10:07:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Andy Wingo <wingo <at> igalia.com>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Tue, 29 Nov 2016 10:07:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Using Emacs 25.1.1 and GnuTLS 3.5.4, consider this interaction:
(url-retrieve "https://www.gnu.org/"
#'(lambda (status)
(message "success")))
If I evaluate this a few times in a row directly in my scratch buffer, I
get messages like this:
Contacting host: www.gnu.org:443
#<buffer *http www.gnu.org:443*-960341>
success
Contacting host: www.gnu.org:443
#<buffer *http www.gnu.org:443*-228158>
success
Contacting host: www.gnu.org:443
#<buffer *http www.gnu.org:443*-76553>
success
Contacting host: www.gnu.org:443
#<buffer *http www.gnu.org:443*-944613>
success
Contacting host: www.gnu.org:443
#<buffer *http www.gnu.org:443*-171378>
success
And then, after a couple seconds:
gnutls.c: [0] (Emacs) fatal error: The TLS connection was non-properly terminated.
Indeed if I wait a couple seconds after a single fetch, I always get the
above message after some timeout of inactivity. Here is a log with
gnutls-log-level set to 2:
Contacting host: www.gnu.org:443
gnutls.c: [1] (Emacs) allocating credentials
gnutls.c: [2] (Emacs) allocating x509 credentials
gnutls.c: [2] (Emacs) using default verification flags
gnutls.c: [1] (Emacs) setting the trustfile: /etc/ssl/certs/ca-certificates.crt
gnutls.c: [1] (Emacs) setting the trustfile: /etc/pki/tls/certs/ca-bundle.crt
gnutls.c: [1] (Emacs) gnutls callbacks
gnutls.c: [1] (Emacs) gnutls_init
gnutls.c: [1] (Emacs) got non-default priority string: NORMAL
gnutls.c: [1] (Emacs) setting the priority string
gnutls.c: [audit] Note that the security level of the Diffie-Hellman key exchange has been lowered to 256 bits and this may allow decryption of the session data
gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily unavailable, try again. [3088 times]
gnutls.c: [2] received curve SECP256R1
gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily unavailable, try again. [2816 times]
#<buffer *http www.gnu.org:443*-346477>
gnutls.c: [1] (Emacs) non-fatal error: Resource temporarily unavailable, try again. [5 times]
success
Then after a couple seconds:
gnutls.c: [0] (Emacs) fatal error: The TLS connection was non-properly terminated.
gnutls.c: [2] (Emacs) Deallocating x509 credentials
No idea what that non-fatal error appearing thousands of times is, I
suspect Emacs is polling on a non-blocking file descriptor or
something. Anyway this error appears to not affect anything as it's
asynchronous and it is not handleable by anything, and just makes people
think they have problems :) Can you make it go away?
Regards,
Andy
Merged 25059 25060.
Request was from
Glenn Morris <rgm <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Tue, 29 Nov 2016 16:28:01 GMT)
Full text and
rfc822 format available.
Disconnected #25396 from all other report(s).
Request was from
Glenn Morris <rgm <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Sun, 08 Jan 2017 19:20:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25059; Package
emacs.
(Tue, 24 Jan 2017 23:19:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 25059 <at> debbugs.gnu.org (full text, mbox):
Andy Wingo <wingo <at> igalia.com> writes:
> (url-retrieve "https://www.gnu.org/"
> #'(lambda (status)
> (message "success")))
[...]
> And then, after a couple seconds:
>
> gnutls.c: [0] (Emacs) fatal error: The TLS connection was non-properly terminated.
Yes, it just means that the peer ended the connection. I think gnutls.c
shouldn't say anything in that case -- any sentinels get the proper
callback and stuff, and as information it's pretty worthless for the
user.
I'm installing the following patch, but if there's any disagreement
here, we can discuss further...
diff --git a/src/gnutls.c b/src/gnutls.c
index 735d2e3..6fa0e10 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -582,8 +582,15 @@ emacs_gnutls_handle_error (gnutls_session_t session, int err)
if (gnutls_error_is_fatal (err))
{
+ int level = 1;
+ /* Mostly ignore "The TLS connection was non-properly
+ terminated" message which just means that the peer closed the
+ connection. */
+ if (err == GNUTLS_E_PREMATURE_TERMINATION)
+ level = 3;
+
+ GNUTLS_LOG2 (level, max_log_level, "fatal error:", str);
ret = 0;
- GNUTLS_LOG2 (1, max_log_level, "fatal error:", str);
}
else
{
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Added tag(s) fixed.
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Tue, 24 Jan 2017 23:25:01 GMT)
Full text and
rfc822 format available.
bug closed, send any further explanations to
25059 <at> debbugs.gnu.org and Andy Wingo <wingo <at> igalia.com>
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Tue, 24 Jan 2017 23:25:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#25059; Package
emacs.
(Mon, 30 Jan 2017 20:12:02 GMT)
Full text and
rfc822 format available.
Message #21 received at 25059 <at> debbugs.gnu.org (full text, mbox):
On Wed, 25 Jan 2017 00:17:58 +0100 Lars Ingebrigtsen <larsi <at> gnus.org> wrote:
LI> Yes, it just means that the peer ended the connection. I think gnutls.c
LI> shouldn't say anything in that case -- any sentinels get the proper
LI> callback and stuff, and as information it's pretty worthless for the
LI> user.
LI> I'm installing the following patch, but if there's any disagreement
LI> here, we can discuss further...
LI> diff --git a/src/gnutls.c b/src/gnutls.c
LI> index 735d2e3..6fa0e10 100644
LI> --- a/src/gnutls.c
LI> +++ b/src/gnutls.c
LI> @@ -582,8 +582,15 @@ emacs_gnutls_handle_error (gnutls_session_t session, int err)
LI> if (gnutls_error_is_fatal (err))
LI> {
LI> + int level = 1;
LI> + /* Mostly ignore "The TLS connection was non-properly
LI> + terminated" message which just means that the peer closed the
LI> + connection. */
LI> + if (err == GNUTLS_E_PREMATURE_TERMINATION)
LI> + level = 3;
LI> +
LI> + GNUTLS_LOG2 (level, max_log_level, "fatal error:", str);
LI> ret = 0;
LI> - GNUTLS_LOG2 (1, max_log_level, "fatal error:", str);
LI> }
LI> else
LI> {
IIRC that #define wasn't available until recently so we couldn't use it
until now :) Thanks! It resolves the issue for me. We may want to add a
per-connection counter of these, though, in case code or users want to
examine it.
Ted
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Tue, 28 Feb 2017 12:24:03 GMT)
Full text and
rfc822 format available.
This bug report was last modified 8 years and 169 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.