GNU bug report logs - #39800
(web client) gracelessly handles premature TLS connection termination

Previous Next

Package: guile;

Reported by: "franco.rcr <at> gmail.com" <franco.rcr <at> gmail.com>

Date: Wed, 26 Feb 2020 15:22:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 39800 <at> debbugs.gnu.org (full text, mbox):

From: Andy Wingo <wingo <at> igalia.com>
To: "franco.rcr\@gmail.com" <franco.rcr <at> gmail.com>
Cc: ludo <at> gnu.org, 39800 <at> debbugs.gnu.org
Subject: Re: bug#39800: gnutls guile bug receiving https data
Date: Tue, 03 Mar 2020 21:51:47 +0100

Thanks very much for the report!

I think this one may be a good one for Ludovic, if I may be so bold.
Apologies for the top-post but I couldn't clip your excellent report.

Cheers,

Andy

"franco.rcr <at> gmail.com" <franco.rcr <at> gmail.com> writes:

> Hello,
> I installed gnutls for guile and checked the gnutls module with this
> simple code:
>
>
> ;;Guile version 3.0 and gnutls  from git
>
> ,show version
> GNU Guile 3.0.0.15-ff14b7
>
> (gnutls-version)
> $6 = "3.6.12"
>
> ;;Now, submitting this simple https request, you get an exception
> (http-request "https://www.google.com")
> ice-9/boot-9.scm:1669:16: In procedure raise-exception:
> Throw to key `gnutls-error' with args `(#<gnutls-error-enum La
> connessione TLS non è stata terminata in modo corretto.>
> read_from_session_record_port)'.
>
> ;;instead, without https there are no errors
> (http-request "http://www.google.com") ;;works fine.
>
>
> The error happens only on https://www.google.com and does not throw with
> a lot of other https web sites.
> Furthermore the error is not throw if the method is HEAD, so it is
> related to the data part of the https answer.
> I tried to enter in the internal implementation of the http web client
> but after some tests I decided to do some simple tests at application
> level.
> I rewrote the get-bytevector-all, with a loop that reads one byte per
> time and the error was thrown anyway.
> I catched the error and I've got the complete answer from the google web
> server.
>
> In the following there is my applicative solution, where I rewrote the
> get-bytevector-all by adding the error checking and specifiyng to
> http-request that the data has to be returned as a port (#:streaming?
> #t).
>
>
> ;;A macro to catch errors
> (define-syntax my-noerr
>   (syntax-rules ()
>     ((_ __error-return exp ...)
>      (let
>          ((__st #f))
>        (catch #t
>          (lambda() exp ...)
>          (lambda (k . p) __error-return))))))
>
> ;;The rewriting of get-bytevector-all
> (defun get-bytevector-all (port)
>   (u8-list->bytevector (let loop ((port port))
>      (let ((v (my-noerr (eof-object) (get-u8 port))))
>        (if (eof-object? v)
>        #nil
>        (cons v (loop port)))))))
>
> ;;the piece of code that now gives the correct result
>   (let-values (((a b)(http-request "https://www.google.com" #:streaming?
> #t)))
>     (bytevector->string (get-bytevector-all b) "ISO-8859-1"))
>
> As conclusion I can say that web modules read correctly the http answers
> and, with some (one for me, the google web site) https sites there is a
> misinterpretation of EOF in the layer between http and https.
>
> Franco.
This bug report was last modified 5 years and 133 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.