GNU bug report logs - #56867
[PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7.

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Mon, 1 Aug 2022 09:09:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxime Devos <maximedevos <at> telenet.be>
To: Ludovic Courtès <ludo <at> gnu.org>, 56867 <at> debbugs.gnu.org
Cc: guile-devel <at> gnu.org
Subject: [bug#56867] [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7.
Date: Mon, 1 Aug 2022 11:56:00 +0200

[Message part 1 (text/plain, inline)]
Some objections on error handling (I don't know much about the wrapping)

On 01-08-2022 11:07, Ludovic Courtès wrote:
> [...]
> Hello!
>
> I'll land a similar change in Guile's (web client) module afterwards
> if there are no objections.
>
> Ludo'.
>
> diff --git a/guix/build/download.scm b/guix/build/download.scm
> index 41583e8143..de094890b3 100644
> --- a/guix/build/download.scm
> +++ b/guix/build/download.scm
> @@ -245,6 +245,54 @@ (define (print-tls-certificate-error port key args default-printer)
>   (set-exception-printer! 'tls-certificate-error
>                           print-tls-certificate-error)
>   
> +(define (wrap-record-port-for-gnutls<3.7.7 record port)
> +  "Return a port that wraps RECORD to ensure that closing it also closes PORT,
> +the actual socket port, and its file descriptor.  Make sure it does not
> +introduce extra buffering (custom ports are buffered by default as of Guile
> +3.0.5).
> +
> +This wrapper is unnecessary with GnuTLS >= 3.7.7, which can automatically
> +close SESSION's file descriptor when RECORD is closed."
> +  (define (read! bv start count)
> +    (define read
> +      (catch 'gnutls-error
> +        (lambda ()
> +          (get-bytevector-n! record bv start count))
> +        (lambda (key err proc . rest)
> +          ;; When responding to "Connection: close" requests, some servers
> +          ;; close the connection abruptly after sending the response body,
> +          ;; without doing a proper TLS connection termination.  Treat it as
> +          ;; EOF.  This is fixed in GnuTLS 3.7.7.
> +          (if (eq? err error/premature-termination)
> +              the-eof-object
> +              (apply throw key err proc rest)))))

Objection: 'catch' makes the backtrace part happening inside the 
'get-bytevector-n!' disappear, because it is unwinding, as has been 
noted a few times (in different contexts) by Attila Lendvai and me.  
Maybe use 'guard' with an appropriate condition instead?

> +      (if (module-defined? (resolve-interface '(gnutls))
> +                           'set-session-record-port-close!) ;GnuTLS >= 3.7.7

resolve-module (and presumably also sets #:ensure #t by default, which 
sometimes causes 'module not found' messages to be replaced by 'unbound 
variable', which I don't think is useful behaviour, can #:ensure be set 
to #false?

Greetings,
Maxime

[OpenPGP_0x49E3EE22191725EE.asc (application/pgp-keys, attachment)]
[OpenPGP_signature (application/pgp-signature, attachment)]
This bug report was last modified 2 years and 292 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.