GNU bug report logs -
#34102
[staging] Guix fails to download from TLSv1.3-enabled servers
Previous Next
Reported by: Marius Bakke <mbakke <at> fastmail.com>
Date: Wed, 16 Jan 2019 13:34:01 UTC
Severity: serious
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hello!
On the staging branch (with GnuTLS 3.6), `guix download` will negotiate
TLSv1.3 with servers that support it, and fail shortly after the initial
handshake:
$ ./pre-inst-env guix download https://data.iana.org
Starting download of /tmp/guix-file.vJ4v7h
From https://data.iana.org...
Throw to key `gnutls-error' with args `(#<gnutls-error-enum Resource temporarily unavailable, try again.> read_from_session_record_port)'.
failed to download "/tmp/guix-file.vJ4v7h" from "https://data.iana.org"
guix download: error: https://data.iana.org: download failed
The GnuTLS maintainer have written a blog post about TLS 1.3 porting[0],
and I suspect the problem is that Guix (or the GnuTLS Guile bindings)
does not handle the "GNUTLS_E_REAUTH_REQUEST" error code; however my
attempts at catching it (or any error code) has been unfruitful.
This is an obvious merge blocker, help wanted! Disabling TLS1.3 in the
priority string works as a last-resort workaround.
[0] https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 5 years and 118 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.