From unknown Tue Aug 19 14:48:12 2025 X-Loop: help-debbugs@gnu.org Subject: bug#34102: [staging] Guix fails to download from TLSv1.3-enabled servers Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 16 Jan 2019 13:34:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 34102 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 34102@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.15476456255190 (code B ref -1); Wed, 16 Jan 2019 13:34:01 +0000 Received: (at submit) by debbugs.gnu.org; 16 Jan 2019 13:33:45 +0000 Received: from localhost ([127.0.0.1]:60961 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gjlKD-0001Ld-4g for submit@debbugs.gnu.org; Wed, 16 Jan 2019 08:33:45 -0500 Received: from eggs.gnu.org ([209.51.188.92]:48594) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gjlKB-0001LQ-Ii for submit@debbugs.gnu.org; Wed, 16 Jan 2019 08:33:44 -0500 Received: from lists.gnu.org ([209.51.188.17]:42440) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gjlK4-0003OY-Cz for submit@debbugs.gnu.org; Wed, 16 Jan 2019 08:33:37 -0500 Received: from eggs.gnu.org ([209.51.188.92]:58755) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gjlK1-00085O-7x for bug-guix@gnu.org; Wed, 16 Jan 2019 08:33:36 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gjlJz-0003CA-71 for bug-guix@gnu.org; Wed, 16 Jan 2019 08:33:33 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:51673) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gjlJt-0002wy-MZ for bug-guix@gnu.org; Wed, 16 Jan 2019 08:33:27 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id D62E7200E3 for ; Wed, 16 Jan 2019 08:33:21 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Wed, 16 Jan 2019 08:33:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:date:message-id:mime-version:content-type; s= fm1; bh=iqlwehj8OjAR9qPT3V0EKvcb4fdsTR/FQ0tEVLEJfaQ=; b=q0nl9K5T o4iRBCpeIHBbhtW7BVcOxwzby2BCzsbJ5O8TXMJHRNka8xABVMwokfUwrV6A6z97 KDcT0+2ytBObrTDeVE9zPjkhrE+J/aHqb4bqfgrdEu4ns971ObHgHy+zPyTDohY+ zNbyJugqMaIqYYwiElLHQGLk6Rq05p2gohYp3AoXCYDTCN7fieD09eHQAu2O45Cl Lc52FIwNAEHiwgrzF0j34oNpiOt+x+x6Gov/W8wySGZzEHvhJP2VfKV6YD7y4ULa 79K+AUNmULgIv87zKazWNoREARA7lJ2X2YHxkgmCcukyVi57ObkacB/089x3SWC9 nANZIoVdq6LWfQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=iqlwehj8OjAR9qPT3V0EKvcb4fdsT R/FQ0tEVLEJfaQ=; b=gg02blwSfUoWMNKKgaqHSvA/3BoytNFbN2JJRvIiHnu19 GBQn6ZlnPaakZfWteHp8iceOnbS8GVhjZ4/tpQo4zhxN4/z5SgotaH2IRiC0iShA zmfmG+RNM7yRw+Rk8RMZIG29CJ7nNEUgpQQAppco+LFUBnr36HX9ssjArOvo92hL yPtAVY8eyEc7Rl0kAj0ImgyC5qqfMWR4QOhsZeIP7yLzM2+qJ9YQs8/lBltcKPPy 5xshEbDpqWUkzRk75Jlwcse9D7wqyNksCsxdpjtTxxN6Dq235oqN279ho2m+yE7n 8uNse/IrEyfnHgcIfi00/U1JbTx+ptMTBFPYC9llg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledrgeehgdehgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthenuceurghilhhouhhtmecufedt tdenucgoufhushhpvggtthffohhmrghinhculdegledmnecujfgurhephffvufgffffkgg gtsehgtderredtredtnecuhfhrohhmpeforghrihhushcuuegrkhhkvgcuoehmsggrkhhk vgesfhgrshhtmhgrihhlrdgtohhmqeenucffohhmrghinhepsghlohhgshhpohhtrdgtoh hmpdhirghnrgdrohhrghenucfkphepiedvrdduiedrvddviedrudegtdenucfrrghrrghm pehmrghilhhfrhhomhepmhgsrghkkhgvsehfrghsthhmrghilhdrtghomhenucevlhhush htvghrufhiiigvpedt X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 411A9E455C for ; Wed, 16 Jan 2019 08:33:21 -0500 (EST) From: Marius Bakke User-Agent: Notmuch/0.28 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Wed, 16 Jan 2019 14:33:15 +0100 Message-ID: <875zuoiv6s.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 66.111.4.29 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.3 (/) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello! On the staging branch (with GnuTLS 3.6), `guix download` will negotiate TLSv1.3 with servers that support it, and fail shortly after the initial handshake: $ ./pre-inst-env guix download https://data.iana.org Starting download of /tmp/guix-file.vJ4v7h From=20https://data.iana.org... Throw to key `gnutls-error' with args `(# read_from_session_record_port)'. failed to download "/tmp/guix-file.vJ4v7h" from "https://data.iana.org" guix download: error: https://data.iana.org: download failed The GnuTLS maintainer have written a blog post about TLS 1.3 porting[0], and I suspect the problem is that Guix (or the GnuTLS Guile bindings) does not handle the "GNUTLS_E_REAUTH_REQUEST" error code; however my attempts at catching it (or any error code) has been unfruitful. This is an obvious merge blocker, help wanted! Disabling TLS1.3 in the priority string works as a last-resort workaround. [0] https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlw/MpsACgkQoqBt8qM6 VPrmBAf+Np1ZUW6Ig+q1x89okOiySN/6RlYhtDFOcB4VV3rvRa33HCXrsSpvauSw WTloJ3qz7mMow0QeG9bPt+3YsO8HnhNoe/vmJTPtRs7nzPRrvFK9dDEn/sgmIrvg Kxd95V2NLxnrEB3KiFzlf3rsZHMEC1zaBF9BgPEUYARheS2N0yH4N9U9HyieCH5S ckqUHMH+PMuWYsUaqgXkD1XBYD7d7L9Hy/uLI3X47cJpLytBQB0TEmaOr2pqEgrg bT1Gv0godCL1+bmRNv57DmKQXhKFNBgMsx+h12Lu/D/Z1rju+ywRxvJSS8jdLjY8 T6ldlxmOHUSfmYO9I1V+Tfi8bo+acg== =s8VF -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 25 08:32:38 2019 Received: (at control) by debbugs.gnu.org; 25 Jan 2019 13:32:38 +0000 Received: from localhost ([127.0.0.1]:44631 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gn1b3-000827-Oc for submit@debbugs.gnu.org; Fri, 25 Jan 2019 08:32:38 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:36978) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gn1b2-00081w-6v for control@debbugs.gnu.org; Fri, 25 Jan 2019 08:32:36 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 66EAEC39 for ; Fri, 25 Jan 2019 14:32:34 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iKiTnhOCRRQ6 for ; Fri, 25 Jan 2019 14:32:34 +0100 (CET) Received: from ribbon (unknown [IPv6:2001:660:6102:320:e120:2c8f:8909:cdfe]) by hera.aquilenet.fr (Postfix) with ESMTPSA id C987CC17 for ; Fri, 25 Jan 2019 14:32:33 +0100 (CET) Date: Fri, 25 Jan 2019 14:32:33 +0100 Message-Id: <875zucrhfy.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #34102 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) severity 34102 serious From unknown Tue Aug 19 14:48:12 2025 X-Loop: help-debbugs@gnu.org Subject: bug#34102: [staging] Guix fails to download from TLSv1.3-enabled servers Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 25 Jan 2019 13:44:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 34102 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Marius Bakke Cc: 34102@debbugs.gnu.org Received: via spool by 34102-submit@debbugs.gnu.org id=B34102.154842382931891 (code B ref 34102); Fri, 25 Jan 2019 13:44:02 +0000 Received: (at 34102) by debbugs.gnu.org; 25 Jan 2019 13:43:49 +0000 Received: from localhost ([127.0.0.1]:44639 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gn1ls-0008IJ-G7 for submit@debbugs.gnu.org; Fri, 25 Jan 2019 08:43:48 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:37090) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gn1lp-0008I8-Cc for 34102@debbugs.gnu.org; Fri, 25 Jan 2019 08:43:46 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 2461656BB; Fri, 25 Jan 2019 14:43:44 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mOBTZ-b9BvVL; Fri, 25 Jan 2019 14:43:42 +0100 (CET) Received: from ribbon (unknown [IPv6:2001:660:6102:320:e120:2c8f:8909:cdfe]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 3D712361A; Fri, 25 Jan 2019 14:43:42 +0100 (CET) From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <875zuoiv6s.fsf@fastmail.com> Date: Fri, 25 Jan 2019 14:43:41 +0100 In-Reply-To: <875zuoiv6s.fsf@fastmail.com> (Marius Bakke's message of "Wed, 16 Jan 2019 14:33:15 +0100") Message-ID: <87sgxgq2cy.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Marius, Marius Bakke skribis: > On the staging branch (with GnuTLS 3.6), `guix download` will negotiate > TLSv1.3 with servers that support it, and fail shortly after the initial > handshake: > > $ ./pre-inst-env guix download https://data.iana.org > Starting download of /tmp/guix-file.vJ4v7h > From https://data.iana.org... > Throw to key `gnutls-error' with args `(# read_from_session_record_port)'. > failed to download "/tmp/guix-file.vJ4v7h" from "https://data.iana.org" > guix download: error: https://data.iana.org: download failed Ouch, thanks for the heads-up! > The GnuTLS maintainer have written a blog post about TLS 1.3 porting[0], > and I suspect the problem is that Guix (or the GnuTLS Guile bindings) > does not handle the "GNUTLS_E_REAUTH_REQUEST" error code; however my > attempts at catching it (or any error code) has been unfruitful. I think we need to update the Guile bindings to wrap GNUTLS_E_REAUTH_REQUEST, GNUTLS_POST_HANDSHAKE_AUTH, and =E2=80=98gnutls_reauth=E2=80=99, which are currently missing. Would you li= ke to give it a try? What=E2=80=99s unclear to me from the blog post is exactly when GNUTLS_E_REAUTH_REQUEST is delivered to the application. Is it the next time the application calls some (possibly unrelated) GnuTLS function? > This is an obvious merge blocker, help wanted! Disabling TLS1.3 in the > priority string works as a last-resort workaround. Yes, that=E2=80=99s a stop-gap measure we should probably apply for now: --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/guix/build/download.scm b/guix/build/download.scm index c08221b3b2..23c9a4d466 100644 --- a/guix/build/download.scm +++ b/guix/build/download.scm @@ -268,7 +268,10 @@ host name without trailing dot." ;; "(gnutls) Priority Strings"); see . ;; Explicitly disable SSLv3, which is insecure: ;; . - (set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0") + ;; + ;; FIXME: Since we currently fail to handle TLS 1.3, remove it; see + ;; . + (set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0:-VERS-TLS1.3") (set-session-credentials! session (if (and verify-certificate? ca-certs) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Any objections? Thanks, Ludo=E2=80=99. --=-=-=-- From unknown Tue Aug 19 14:48:12 2025 X-Loop: help-debbugs@gnu.org Subject: bug#34102: [staging] Guix fails to download from TLSv1.3-enabled servers Resent-From: Ricardo Wurmus Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 25 Jan 2019 14:07:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 34102 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: Marius Bakke , 34102@debbugs.gnu.org Received: via spool by 34102-submit@debbugs.gnu.org id=B34102.15484252089286 (code B ref 34102); Fri, 25 Jan 2019 14:07:01 +0000 Received: (at 34102) by debbugs.gnu.org; 25 Jan 2019 14:06:48 +0000 Received: from localhost ([127.0.0.1]:44658 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gn288-0002Ph-Eg for submit@debbugs.gnu.org; Fri, 25 Jan 2019 09:06:48 -0500 Received: from sender-of-o51.zoho.com ([135.84.80.216]:21082) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gn284-0002PY-QK for 34102@debbugs.gnu.org; Fri, 25 Jan 2019 09:06:46 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1548425095; cv=none; d=zoho.com; s=zohoarc; b=MgxT/3zvkT9aKm3wXUt8FXBjE9uJaSyHHLT4WuwghHd5J7w0fEuuiiK+uKVp7kvd5TJxY+gcKqJUo+UPF0CUmxghqQ7C+IdpdsDNtzzR/7pq6PO0gWC0WZrcM+p8N39L65lqCd/cZ/OexsvqxYkZgEv+uKlqa5XisrwIy/Ms8FI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1548425095; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=M7+TyMeL+1i9vtlQl5GJ9sUFyssED+CKJh27JnUsiOA=; b=lvLZusAfOtaWsEs+/oQz6wItwSMvIsY2e22Aw3PFzLaqlg8pepwptQgmDCYmkST29ew7ma+KB+TTXn4ZZDKXsiTBEwW8r4Urs3XkBiizUHaiWzP368gbfBLNFcPhqS0bel3Xgk/qJDHc3F0aTfcm128NHPcw/wfB234cbQR6g9o= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1548425095; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; l=1185; bh=M7+TyMeL+1i9vtlQl5GJ9sUFyssED+CKJh27JnUsiOA=; b=SLl9gtXSDDKCS0mnlKcnnUDwCRVCbq59rPc6mLtaDnB+YGbjUDxRZy741NAMN0jF NaTJGQLkADn2ntregCW27+IK8XCiHLM6cYYHX3Vd+YF42tLit+spbiBQXzrilBB0B0g GZxtl1R65Dhfun+S2JzQmxeB7+4czppudgtts8WE= Received: from localhost (141.80.247.225 [141.80.247.225]) by mx.zohomail.com with SMTPS id 1548425094756541.0922710244927; Fri, 25 Jan 2019 06:04:54 -0800 (PST) References: <875zuoiv6s.fsf@fastmail.com> <87sgxgq2cy.fsf@gnu.org> User-agent: mu4e 1.0; emacs 26.1 From: Ricardo Wurmus In-reply-to: <87sgxgq2cy.fsf@gnu.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Fri, 25 Jan 2019 15:04:51 +0100 Message-ID: <87r2d0vnng.fsf@elephly.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Ludovic Court=C3=A8s writes: >> This is an obvious merge blocker, help wanted! Disabling TLS1.3 in the >> priority string works as a last-resort workaround. > > Yes, that=E2=80=99s a stop-gap measure we should probably apply for now: > > diff --git a/guix/build/download.scm b/guix/build/download.scm > index c08221b3b2..23c9a4d466 100644 > --- a/guix/build/download.scm > +++ b/guix/build/download.scm > @@ -268,7 +268,10 @@ host name without trailing dot." > ;; "(gnutls) Priority Strings"); see . > ;; Explicitly disable SSLv3, which is insecure: > ;; . > - (set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0") > + ;; > + ;; FIXME: Since we currently fail to handle TLS 1.3, remove it; see > + ;; . > + (set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0:-VERS-= TLS1.3") >=20=20 > (set-session-credentials! session > (if (and verify-certificate? ca-certs) > > Any objections? I think it=E2=80=99s fine to do this to allow us to merge the staging branch before fixing the problem in the Guile bindings. --=20 Ricardo From unknown Tue Aug 19 14:48:12 2025 X-Loop: help-debbugs@gnu.org Subject: bug#34102: [staging] Guix fails to download from TLSv1.3-enabled servers Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 27 Jan 2019 15:55:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 34102 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ricardo Wurmus Cc: Marius Bakke , 34102@debbugs.gnu.org Received: via spool by 34102-submit@debbugs.gnu.org id=B34102.154860448431896 (code B ref 34102); Sun, 27 Jan 2019 15:55:03 +0000 Received: (at 34102) by debbugs.gnu.org; 27 Jan 2019 15:54:44 +0000 Received: from localhost ([127.0.0.1]:47745 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gnmlg-0008IO-0K for submit@debbugs.gnu.org; Sun, 27 Jan 2019 10:54:44 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:48910) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gnmle-0008IF-Px for 34102@debbugs.gnu.org; Sun, 27 Jan 2019 10:54:43 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 2B3CC7E37; Sun, 27 Jan 2019 16:54:42 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f9400vIp5zXQ; Sun, 27 Jan 2019 16:54:40 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 5D9957E30; Sun, 27 Jan 2019 16:54:40 +0100 (CET) From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <875zuoiv6s.fsf@fastmail.com> <87sgxgq2cy.fsf@gnu.org> <87r2d0vnng.fsf@elephly.net> Date: Sun, 27 Jan 2019 16:54:39 +0100 In-Reply-To: <87r2d0vnng.fsf@elephly.net> (Ricardo Wurmus's message of "Fri, 25 Jan 2019 15:04:51 +0100") Message-ID: <877eeqf64g.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Hello, Ricardo Wurmus skribis: > Ludovic Court=C3=A8s writes: > >>> This is an obvious merge blocker, help wanted! Disabling TLS1.3 in the >>> priority string works as a last-resort workaround. [...] > I think it=E2=80=99s fine to do this to allow us to merge the staging bra= nch > before fixing the problem in the Guile bindings. I pushed a variant of this patch as commit e4ee84202633636b4c8cef4a332f0c74912a3b23. Thanks, Ludo=E2=80=99. From unknown Tue Aug 19 14:48:12 2025 X-Loop: help-debbugs@gnu.org Subject: bug#34102: [staging] Guix fails to download from TLSv1.3-enabled servers Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 12 Jun 2019 12:36:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 34102 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Marius Bakke Cc: 34102@debbugs.gnu.org Received: via spool by 34102-submit@debbugs.gnu.org id=B34102.156034290823529 (code B ref 34102); Wed, 12 Jun 2019 12:36:01 +0000 Received: (at 34102) by debbugs.gnu.org; 12 Jun 2019 12:35:08 +0000 Received: from localhost ([127.0.0.1]:60848 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hb2T1-00067I-Ux for submit@debbugs.gnu.org; Wed, 12 Jun 2019 08:35:07 -0400 Received: from eggs.gnu.org ([209.51.188.92]:43543) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hb2Sx-00066i-9S for 34102@debbugs.gnu.org; Wed, 12 Jun 2019 08:35:02 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:37183) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hb2Ss-0003ta-3X; Wed, 12 Jun 2019 08:34:54 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=42800 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hb2Sj-00054r-Ru; Wed, 12 Jun 2019 08:34:47 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <875zuoiv6s.fsf@fastmail.com> Date: Wed, 12 Jun 2019 14:34:44 +0200 In-Reply-To: <875zuoiv6s.fsf@fastmail.com> (Marius Bakke's message of "Wed, 16 Jan 2019 14:33:15 +0100") Message-ID: <87sgsfvv6j.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Marius, Marius Bakke skribis: > $ ./pre-inst-env guix download https://data.iana.org > Starting download of /tmp/guix-file.vJ4v7h > From https://data.iana.org... > Throw to key `gnutls-error' with args `(# read_from_session_record_port)'. > failed to download "/tmp/guix-file.vJ4v7h" from "https://data.iana.org" > guix download: error: https://data.iana.org: download failed > > The GnuTLS maintainer have written a blog post about TLS 1.3 porting[0], > and I suspect the problem is that Guix (or the GnuTLS Guile bindings) > does not handle the "GNUTLS_E_REAUTH_REQUEST" error code; however my > attempts at catching it (or any error code) has been unfruitful. > > This is an obvious merge blocker, help wanted! Disabling TLS1.3 in the > priority string works as a last-resort workaround. > > [0] https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html I=E2=80=99ve submitted a bunch of changes upstream to better support post-handshake re-authentication: https://gitlab.com/gnutls/gnutls/merge_requests/1026 In particular, this adds =E2=80=98connection-flag/post-handshake-auth=E2=80= =99 and =E2=80=98connection-flag/auto-reauth=E2=80=99, which can be passed to =E2= =80=98make-session=E2=80=99. But as it turns out, there=E2=80=99s one patch that, alone, appears to fix = the issue above: https://gitlab.com/civodul/gnutls/commit/7421ca2cfd2d9f4ac89bdec786eb7455= 33430316 Ideally we=E2=80=99d wait for the next GnuTLS release that includes all of = this. However, if that helps, we can apply this patch to the =E2=80=98gnutls=E2= =80=99 package in =E2=80=98core-updates=E2=80=99 in the meantime. WDYT? Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable commit 7421ca2cfd2d9f4ac89bdec786eb745533430316 Author: Ludovic Court=C3=A8s Date: Wed Jun 12 11:32:19 2019 +0200 guile: Loop upon EAGAIN or EINTR. =20=20=20=20 * guile/src/core.c (do_fill_port) [USING_GUILE_BEFORE_2_2]: Loop while 'gnutls_record_recv' returns GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. (read_from_session_record_port) [!USING_GUILE_BEFORE_2_2]: Likewise. =20=20=20=20 Signed-off-by: Ludovic Court=C3=A8s diff --git a/guile/src/core.c b/guile/src/core.c index 546d63a1e3..8b9aa62560 100644 --- a/guile/src/core.c +++ b/guile/src/core.c @@ -1,5 +1,5 @@ /* GnuTLS --- Guile bindings for GnuTLS. - Copyright (C) 2007-2014, 2016 Free Software Foundation, Inc. + Copyright (C) 2007-2014, 2016, 2019 Free Software Foundation, Inc. =20 GnuTLS is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -869,8 +869,12 @@ do_fill_port (void *data) const fill_port_data_t *args =3D (fill_port_data_t *) data; =20 c_port =3D args->c_port; - result =3D gnutls_record_recv (args->c_session, - c_port->read_buf, c_port->read_buf_size); + + do + result =3D gnutls_record_recv (args->c_session, + c_port->read_buf, c_port->read_buf_size); + while (result =3D=3D GNUTLS_E_AGAIN || result =3D=3D GNUTLS_E_INTERRUPTE= D); + if (EXPECT_TRUE (result > 0)) { c_port->read_pos =3D c_port->read_buf; @@ -1002,7 +1006,12 @@ read_from_session_record_port (SCM port, SCM dst, si= ze_t start, size_t count) =20 /* XXX: Leave guile mode when SCM_GNUTLS_SESSION_TRANSPORT_IS_FD is true? */ - result =3D gnutls_record_recv (c_session, read_buf, count); + /* We can get EAGAIN for example if we received a reauth request, even w= hen + GNUTLS_AUTO_REAUTH is set. In that case, loop again. */ + do + result =3D gnutls_record_recv (c_session, read_buf, count); + while (result =3D=3D GNUTLS_E_AGAIN || result =3D=3D GNUTLS_E_INTERRUPTE= D); + if (EXPECT_FALSE (result < 0)) /* FIXME: Silently swallowed! */ scm_gnutls_error (result, FUNC_NAME); --=-=-=-- From unknown Tue Aug 19 14:48:12 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Marius Bakke Subject: bug#34102: closed (Re: bug#34102: [staging] Guix fails to download from TLSv1.3-enabled servers) Message-ID: References: <87369u8bmd.fsf@gnu.org> <875zuoiv6s.fsf@fastmail.com> X-Gnu-PR-Message: they-closed 34102 X-Gnu-PR-Package: guix Reply-To: 34102@debbugs.gnu.org Date: Fri, 27 Mar 2020 08:08:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1585296482-31539-1" This is a multi-part message in MIME format... ------------=_1585296482-31539-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #34102: [staging] Guix fails to download from TLSv1.3-enabled servers which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 34102@debbugs.gnu.org. --=20 34102: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D34102 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1585296482-31539-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 34102-done) by debbugs.gnu.org; 27 Mar 2020 08:07:20 +0000 Received: from localhost ([127.0.0.1]:60499 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHk1Q-0008Bi-66 for submit@debbugs.gnu.org; Fri, 27 Mar 2020 04:07:20 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41552) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jHk1N-0008BO-Fb for 34102-done@debbugs.gnu.org; Fri, 27 Mar 2020 04:07:18 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:52282) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1jHk1I-0007Rc-Bp; Fri, 27 Mar 2020 04:07:12 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39076 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jHk1F-0002Z3-CH; Fri, 27 Mar 2020 04:07:11 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Marius Bakke Subject: Re: bug#34102: [staging] Guix fails to download from TLSv1.3-enabled servers References: <875zuoiv6s.fsf@fastmail.com> <87sgsfvv6j.fsf@gnu.org> Date: Fri, 27 Mar 2020 09:07:06 +0100 In-Reply-To: <87sgsfvv6j.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Wed, 12 Jun 2019 14:34:44 +0200") Message-ID: <87369u8bmd.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 34102-done Cc: 34102-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Ludovic Court=C3=A8s skribis: > I=E2=80=99ve submitted a bunch of changes upstream to better support > post-handshake re-authentication: > > https://gitlab.com/gnutls/gnutls/merge_requests/1026 > > In particular, this adds =E2=80=98connection-flag/post-handshake-auth=E2= =80=99 and > =E2=80=98connection-flag/auto-reauth=E2=80=99, which can be passed to =E2= =80=98make-session=E2=80=99. > > But as it turns out, there=E2=80=99s one patch that, alone, appears to fi= x the > issue above: > > https://gitlab.com/civodul/gnutls/commit/7421ca2cfd2d9f4ac89bdec786eb74= 5533430316 This was fixed a while back in Guix proper, with commit 621fb83a1fde948b3b7eea37bdc378cbf1b3d11e. Ludo=E2=80=99. ------------=_1585296482-31539-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 16 Jan 2019 13:33:45 +0000 Received: from localhost ([127.0.0.1]:60961 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gjlKD-0001Ld-4g for submit@debbugs.gnu.org; Wed, 16 Jan 2019 08:33:45 -0500 Received: from eggs.gnu.org ([209.51.188.92]:48594) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gjlKB-0001LQ-Ii for submit@debbugs.gnu.org; Wed, 16 Jan 2019 08:33:44 -0500 Received: from lists.gnu.org ([209.51.188.17]:42440) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gjlK4-0003OY-Cz for submit@debbugs.gnu.org; Wed, 16 Jan 2019 08:33:37 -0500 Received: from eggs.gnu.org ([209.51.188.92]:58755) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gjlK1-00085O-7x for bug-guix@gnu.org; Wed, 16 Jan 2019 08:33:36 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_LOW autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gjlJz-0003CA-71 for bug-guix@gnu.org; Wed, 16 Jan 2019 08:33:33 -0500 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:51673) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gjlJt-0002wy-MZ for bug-guix@gnu.org; Wed, 16 Jan 2019 08:33:27 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id D62E7200E3 for ; Wed, 16 Jan 2019 08:33:21 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Wed, 16 Jan 2019 08:33:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= from:to:subject:date:message-id:mime-version:content-type; s= fm1; bh=iqlwehj8OjAR9qPT3V0EKvcb4fdsTR/FQ0tEVLEJfaQ=; b=q0nl9K5T o4iRBCpeIHBbhtW7BVcOxwzby2BCzsbJ5O8TXMJHRNka8xABVMwokfUwrV6A6z97 KDcT0+2ytBObrTDeVE9zPjkhrE+J/aHqb4bqfgrdEu4ns971ObHgHy+zPyTDohY+ zNbyJugqMaIqYYwiElLHQGLk6Rq05p2gohYp3AoXCYDTCN7fieD09eHQAu2O45Cl Lc52FIwNAEHiwgrzF0j34oNpiOt+x+x6Gov/W8wySGZzEHvhJP2VfKV6YD7y4ULa 79K+AUNmULgIv87zKazWNoREARA7lJ2X2YHxkgmCcukyVi57ObkacB/089x3SWC9 nANZIoVdq6LWfQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=iqlwehj8OjAR9qPT3V0EKvcb4fdsT R/FQ0tEVLEJfaQ=; b=gg02blwSfUoWMNKKgaqHSvA/3BoytNFbN2JJRvIiHnu19 GBQn6ZlnPaakZfWteHp8iceOnbS8GVhjZ4/tpQo4zhxN4/z5SgotaH2IRiC0iShA zmfmG+RNM7yRw+Rk8RMZIG29CJ7nNEUgpQQAppco+LFUBnr36HX9ssjArOvo92hL yPtAVY8eyEc7Rl0kAj0ImgyC5qqfMWR4QOhsZeIP7yLzM2+qJ9YQs8/lBltcKPPy 5xshEbDpqWUkzRk75Jlwcse9D7wqyNksCsxdpjtTxxN6Dq235oqN279ho2m+yE7n 8uNse/IrEyfnHgcIfi00/U1JbTx+ptMTBFPYC9llg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledrgeehgdehgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthenuceurghilhhouhhtmecufedt tdenucgoufhushhpvggtthffohhmrghinhculdegledmnecujfgurhephffvufgffffkgg gtsehgtderredtredtnecuhfhrohhmpeforghrihhushcuuegrkhhkvgcuoehmsggrkhhk vgesfhgrshhtmhgrihhlrdgtohhmqeenucffohhmrghinhepsghlohhgshhpohhtrdgtoh hmpdhirghnrgdrohhrghenucfkphepiedvrdduiedrvddviedrudegtdenucfrrghrrghm pehmrghilhhfrhhomhepmhgsrghkkhgvsehfrghsthhmrghilhdrtghomhenucevlhhush htvghrufhiiigvpedt X-ME-Proxy: Received: from localhost (140.226.16.62.customer.cdi.no [62.16.226.140]) by mail.messagingengine.com (Postfix) with ESMTPA id 411A9E455C for ; Wed, 16 Jan 2019 08:33:21 -0500 (EST) From: Marius Bakke To: bug-guix@gnu.org Subject: [staging] Guix fails to download from TLSv1.3-enabled servers User-Agent: Notmuch/0.28 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) Date: Wed, 16 Jan 2019 14:33:15 +0100 Message-ID: <875zuoiv6s.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 66.111.4.29 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.3 (/) --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello! On the staging branch (with GnuTLS 3.6), `guix download` will negotiate TLSv1.3 with servers that support it, and fail shortly after the initial handshake: $ ./pre-inst-env guix download https://data.iana.org Starting download of /tmp/guix-file.vJ4v7h From=20https://data.iana.org... Throw to key `gnutls-error' with args `(# read_from_session_record_port)'. failed to download "/tmp/guix-file.vJ4v7h" from "https://data.iana.org" guix download: error: https://data.iana.org: download failed The GnuTLS maintainer have written a blog post about TLS 1.3 porting[0], and I suspect the problem is that Guix (or the GnuTLS Guile bindings) does not handle the "GNUTLS_E_REAUTH_REQUEST" error code; however my attempts at catching it (or any error code) has been unfruitful. This is an obvious merge blocker, help wanted! Disabling TLS1.3 in the priority string works as a last-resort workaround. [0] https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAlw/MpsACgkQoqBt8qM6 VPrmBAf+Np1ZUW6Ig+q1x89okOiySN/6RlYhtDFOcB4VV3rvRa33HCXrsSpvauSw WTloJ3qz7mMow0QeG9bPt+3YsO8HnhNoe/vmJTPtRs7nzPRrvFK9dDEn/sgmIrvg Kxd95V2NLxnrEB3KiFzlf3rsZHMEC1zaBF9BgPEUYARheS2N0yH4N9U9HyieCH5S ckqUHMH+PMuWYsUaqgXkD1XBYD7d7L9Hy/uLI3X47cJpLytBQB0TEmaOr2pqEgrg bT1Gv0godCL1+bmRNv57DmKQXhKFNBgMsx+h12Lu/D/Z1rju+ywRxvJSS8jdLjY8 T6ldlxmOHUSfmYO9I1V+Tfi8bo+acg== =s8VF -----END PGP SIGNATURE----- --=-=-=-- ------------=_1585296482-31539-1--