GNU bug report logs - #49035
cURL 7.77.0 uses invalid TLS priority string, prevents access to bitbucket.org

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Date: Tue, 15 Jun 2021 09:18:02 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #10 received at 49035 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 49035 <at> debbugs.gnu.org
Cc: Emmanuel Agullo <emmanuel.agullo <at> inria.fr>
Subject: Re: bug#49035: Git 2.32.0 fails with ‘gnutls_handshake’ error
Date: Tue, 15 Jun 2021 14:38:56 +0200

Ludovic Courtès <ludovic.courtes <at> inria.fr> skribis:

> $ guix environment -CN --ad-hoc git nss-certs -- git clone https://bitbucket.org/oseledets/rectcross /tmp/rectcross
> Cloning into '/tmp/rectcross'...
> fatal: unable to access 'https://bitbucket.org/oseledets/rectcross/': gnutls_handshake() failed: An illegal parameter has been received.
> $ guix describe
> Generacio 185	Jun 07 2021 15:07:46	(nuna)
>   guix e3611cc
>     repository URL: https://git.savannah.gnu.org/git/guix.git
>     branch: master
>     commit: e3611cc412e7b1c750a56d17fb1b7cde684baa3f

Initially I thought this might have to do with the GnuTLS
3.6.15 → 3.6.16 replacement:

--8<---------------cut here---------------start------------->8---
$ guix environment -CN --no-grafts --ad-hoc git nss-certs -- git clone https://bitbucket.org/oseledets/rectcross /tmp/rectcross
Cloning into '/tmp/rectcross'...
Receiving objects: 100% (112/112), 23.43 KiB | 244.00 KiB/s, done.
Resolving deltas: 100% (56/56), done.
$ guix build gnutls
/gnu/store/199npi1hcv7zn0r19vl29np6ccshii4p-gnutls-3.6.16-debug
/gnu/store/8ixa3p7hwb26warjinffcrvzl064wbcg-gnutls-3.6.16-doc
/gnu/store/akc7l65z459pnifrr6bcm97cjvmpvp9k-gnutls-3.6.16
$ guix build gnutls --no-grafts
/gnu/store/vswbfgjcadrjlkmd5d7p38rr0i87wdqy-gnutls-3.6.15-debug
/gnu/store/fzi1qqvcj5h2b6nsajwlqpf0jb66ngnb-gnutls-3.6.15-doc
/gnu/store/5yvzilh78996627i8avq532sl2c03i95-gnutls-3.6.15
--8<---------------cut here---------------end--------------->8---

But Git does not use GnuTLS directly, only via cURL:

--8<---------------cut here---------------start------------->8---
$ guix graph -t references --path git-minimal $(guix build --no-grafts gnutls |grep '[0-9]$')
/gnu/store/skxzvsvnl7yqgx99l0m7mqcpz85l8fml-git-minimal-2.32.0
/gnu/store/k9wmrk5m91599lk8gd4rc7h4df642qw0-curl-7.74.0
/gnu/store/5yvzilh78996627i8avq532sl2c03i95-gnutls-3.6.15
--8<---------------cut here---------------end--------------->8---

And indeed, cURL 7.77 (the replacement) exhibits the bogus behavior:

--8<---------------cut here---------------start------------->8---
$ guix environment -CN --no-grafts --ad-hoc curl <at> 7.77 nss-certs -- curl https://bitbucket.org > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (35) gnutls_handshake() failed: An illegal parameter has been received.
$ guix environment -CN --no-grafts --ad-hoc curl <at> 7.74 nss-certs -- curl https://bitbucket.org > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 75735  100 75735    0     0   134k      0 --:--:-- --:--:-- --:--:--  134k
--8<---------------cut here---------------end--------------->8---

Ludo’.
This bug report was last modified 3 years and 337 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.