GNU bug report logs - #34102
[staging] Guix fails to download from TLSv1.3-enabled servers

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org, bug-strong-list <at> debbugs.gnu.org
Subject: bug#34102: closed ([staging] Guix fails to download from
 TLSv1.3-enabled servers)
Date: Fri, 27 Mar 2020 08:08:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Fri, 27 Mar 2020 09:07:06 +0100
with message-id <87369u8bmd.fsf <at> gnu.org>
and subject line Re: bug#34102: [staging] Guix fails to download from TLSv1.3-enabled servers
has caused the debbugs.gnu.org bug report #34102,
regarding [staging] Guix fails to download from TLSv1.3-enabled servers
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
34102: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=34102
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Marius Bakke <mbakke <at> fastmail.com>
To: bug-guix <at> gnu.org
Subject: [staging] Guix fails to download from TLSv1.3-enabled servers
Date: Wed, 16 Jan 2019 14:33:15 +0100

[Message part 3 (text/plain, inline)]

Hello!

On the staging branch (with GnuTLS 3.6), `guix download` will negotiate
TLSv1.3 with servers that support it, and fail shortly after the initial
handshake:

$ ./pre-inst-env guix download https://data.iana.org
Starting download of /tmp/guix-file.vJ4v7h
From https://data.iana.org...
Throw to key `gnutls-error' with args `(#<gnutls-error-enum Resource temporarily unavailable, try again.> read_from_session_record_port)'.
failed to download "/tmp/guix-file.vJ4v7h" from "https://data.iana.org"
guix download: error: https://data.iana.org: download failed

The GnuTLS maintainer have written a blog post about TLS 1.3 porting[0],
and I suspect the problem is that Guix (or the GnuTLS Guile bindings)
does not handle the "GNUTLS_E_REAUTH_REQUEST" error code; however my
attempts at catching it (or any error code) has been unfruitful.

This is an obvious merge blocker, help wanted!  Disabling TLS1.3 in the
priority string works as a last-resort workaround.

[0] https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html

[signature.asc (application/pgp-signature, inline)]

[Message part 5 (message/rfc822, inline)]

From: Ludovic Courtès <ludo <at> gnu.org>
To: Marius Bakke <mbakke <at> fastmail.com>
Cc: 34102-done <at> debbugs.gnu.org
Subject: Re: bug#34102: [staging] Guix fails to download from TLSv1.3-enabled
 servers
Date: Fri, 27 Mar 2020 09:07:06 +0100

Ludovic Courtès <ludo <at> gnu.org> skribis:

> I’ve submitted a bunch of changes upstream to better support
> post-handshake re-authentication:
>
>   https://gitlab.com/gnutls/gnutls/merge_requests/1026
>
> In particular, this adds ‘connection-flag/post-handshake-auth’ and
> ‘connection-flag/auto-reauth’, which can be passed to ‘make-session’.
>
> But as it turns out, there’s one patch that, alone, appears to fix the
> issue above:
>
>   https://gitlab.com/civodul/gnutls/commit/7421ca2cfd2d9f4ac89bdec786eb745533430316

This was fixed a while back in Guix proper, with commit
621fb83a1fde948b3b7eea37bdc378cbf1b3d11e.

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.