[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#56867] [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7.

From: Maxime Devos
Subject: [bug#56867] [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7.
Date: Mon, 1 Aug 2022 11:56:00 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0

Some objections on error handling (I don't know much about the wrapping)

On 01-08-2022 11:07, Ludovic Courtès wrote:

I'll land a similar change in Guile's (web client) module afterwards
if there are no objections.


diff --git a/guix/build/download.scm b/guix/build/download.scm
index 41583e8143..de094890b3 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -245,6 +245,54 @@ (define (print-tls-certificate-error port key args 
  (set-exception-printer! 'tls-certificate-error
+(define (wrap-record-port-for-gnutls<3.7.7 record port)
+  "Return a port that wraps RECORD to ensure that closing it also closes PORT,
+the actual socket port, and its file descriptor.  Make sure it does not
+introduce extra buffering (custom ports are buffered by default as of Guile
+This wrapper is unnecessary with GnuTLS >= 3.7.7, which can automatically
+close SESSION's file descriptor when RECORD is closed."
+  (define (read! bv start count)
+    (define read
+      (catch 'gnutls-error
+        (lambda ()
+          (get-bytevector-n! record bv start count))
+        (lambda (key err proc . rest)
+          ;; When responding to "Connection: close" requests, some servers
+          ;; close the connection abruptly after sending the response body,
+          ;; without doing a proper TLS connection termination.  Treat it as
+          ;; EOF.  This is fixed in GnuTLS 3.7.7.
+          (if (eq? err error/premature-termination)
+              the-eof-object
+              (apply throw key err proc rest)))))

Objection: 'catch' makes the backtrace part happening inside the 'get-bytevector-n!' disappear, because it is unwinding, as has been noted a few times (in different contexts) by Attila Lendvai and me.  Maybe use 'guard' with an appropriate condition instead?

+      (if (module-defined? (resolve-interface '(gnutls))
+                           'set-session-record-port-close!) ;GnuTLS >= 3.7.7

resolve-module (and presumably also sets #:ensure #t by default, which sometimes causes 'module not found' messages to be replaced by 'unbound variable', which I don't think is useful behaviour, can #:ensure be set to #false?


Attachment: OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]