GNU bug report logs - #49035
cURL 7.77.0 uses invalid TLS priority string, prevents access to bitbucket.org

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Date: Tue, 15 Jun 2021 09:18:02 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludovic.courtes <at> inria.fr>
Subject: bug#49035: closed (Re: bug#49035: Git 2.32.0 fails with
 ‘gnutls_handshake’ error)
Date: Fri, 18 Jun 2021 15:45:01 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#49035: cURL 7.77.0 uses invalid TLS priority string, prevents access to bitbucket.org

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 49035 <at> debbugs.gnu.org.

-- 
49035: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=49035
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: 49035-done <at> debbugs.gnu.org
Cc: Emmanuel Agullo <emmanuel.agullo <at> inria.fr>
Subject: Re: bug#49035: Git 2.32.0 fails with ‘gnutls_handshake’ error
Date: Fri, 18 Jun 2021 17:43:58 +0200

Ludovic Courtès <ludo <at> gnu.org> skribis:

> Ludovic Courtès <ludo <at> gnu.org> skribis:
>
>> So these two cURL versions use different TLS priority strings; here’s
>> the one that cURL 7.77 uses (bad) vs. the one that 7.74 uses (good):
>
> Also reported at <https://github.com/curl/curl/issues/7277>.

The issue turned out to be that cURL’s priority string specifies
protocol versions in the wrong order, favoring old versions over new
ones (see the issue above).

Fixed in caf4a7a2770ef4d05a6e18f40d602e51da749ddc!

Thanks,
Ludo’.


[Message part 3 (message/rfc822, inline)]
From: Ludovic Courtès <ludovic.courtes <at> inria.fr>
To: <bug-guix <at> gnu.org>
Subject: Git 2.32.0 fails with ‘gnutls_handshake’ error
Date: Tue, 15 Jun 2021 11:16:50 +0200

Hello,

We came across this problem with the latest Git upgrade, that wasn’t
present in Git 2.31.1 as available on June 1st:

--8<---------------cut here---------------start------------->8---
$ guix time-machine --commit=0b76b25a0eff7a422f8ebcc8c095d7ede82c8863 --  environment -CN --ad-hoc git nss-certs -- git clone https://bitbucket.org/oseledets/rectcross /tmp/rectcross
Cloning into '/tmp/rectcross'...
Receiving objects: 100% (112/112), 23.43 KiB | 255.00 KiB/s, done.
Resolving deltas: 100% (56/56), done.
$ rm -rf /tmp/rectcross
$ guix time-machine --commit=0b76b25a0eff7a422f8ebcc8c095d7ede82c8863 --  package -A ^git$
git	2.31.1	out,send-email,svn,credential-netrc,credential-libsecret,subtree,gui	gnu/packages/version-control.scm:176:2
$ guix environment -CN --ad-hoc git nss-certs -- git clone https://bitbucket.org/oseledets/rectcross /tmp/rectcross
Cloning into '/tmp/rectcross'...
fatal: unable to access 'https://bitbucket.org/oseledets/rectcross/': gnutls_handshake() failed: An illegal parameter has been received.
$ guix describe
Generacio 185	Jun 07 2021 15:07:46	(nuna)
  guix e3611cc
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: e3611cc412e7b1c750a56d17fb1b7cde684baa3f
$ guix package -A '^git$'
git	2.32.0	out,send-email,svn,credential-netrc,credential-libsecret,subtree,gui	gnu/packages/version-control.scm:176:2
--8<---------------cut here---------------end--------------->8---

Thoughts?

Ludo’.
This bug report was last modified 3 years and 337 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.