From: Robert Pluim <rpluim@gmail.com>
To: emacs-devel@gnu.org
Subject: Re: :nowait t misbehaves when falling back from IPv6 to IPv4
Date: Wed, 20 Feb 2019 19:44:38 +0100 [thread overview]
Message-ID: <m28syati3t.fsf@gmail.com> (raw)
In-Reply-To: m25zteu5ho.fsf@gmail.com
Robert Pluim <rpluim@gmail.com> writes:
> Robert Pluim <rpluim@gmail.com> writes:
>
>> I unfortunately donʼt have time to look into this right now, but
>> perhaps someone familiar with the network code has some ideas.
>
> So this is GnuTLS related: setting package-archives to use http rather
> than https makes everything work.
And after several hours of debugging, the fix turns out to be small,
but one that I definitely want others to look at.
Hereʼs what happens:
1. update-package-archives requests an asynchronous load of an url on
elpa.gnu.org
2. make-network-process looks up 'elpa.gnu.org', which returns an IPv6
and an IPv4 address (in that order)
3. it calls 'connect_network_socket', which calls 'connect', starts TLS
negotiation, and then continues on because this is a non-blocking
connect
4. some time later, that IPv6 connection has failed, which is noticed
in 'wait_reading_process_output'. Because we have more addresses to
try, it calls 'connect_network_socket' again, this time for the
IPv4 address
5. 'connect_network_socket' again calls 'connect', but doesnʼt start TLS
negotiation, since the TLS boot parameters were deleted in [3]
6. TCP finishes connecting, we call the user-provided sentinel, which
ends up sending an HTTP request on what is supposed to be a TLS
secured channel, and elpa.gnu.org quite rightly sends a '400' error
and shuts down the connection
The fix below works for both emacs-26 and master. I have not fully
reasoned about its consequences.
This close to a release Iʼm certain it won't go into emacs-26, so
perhaps we should put an entry in PROBLEMS telling people to either
use elpa.gnu.org's IPv4 address in 'package-archives', or to use http
instead of https when they have problems connecting.
Broken IPv6 setups will only make this more likely in the future, so
perhaps we should think about implementing a limited version of 'Happy
Eyeballs 2' <https://tools.ietf.org/html/rfc8305> at some point.
2019-02-20 Robert Pluim <rpluim@gmail.com>
* src/process.c (connect_network_socket): Only delete
gnutls_boot_parameters if TLS negotiation actually succeeded,
as they may be needed for connection to other addresses for
the same host.
diff --git a/src/process.c b/src/process.c
index b0a327229c..8784827cd4 100644
--- a/src/process.c
+++ b/src/process.c
@@ -3657,11 +3657,13 @@ connect_network_socket (Lisp_Object proc, Lisp_Object addrinfos,
Lisp_Object boot, params = p->gnutls_boot_parameters;
boot = Fgnutls_boot (proc, XCAR (params), XCDR (params));
- p->gnutls_boot_parameters = Qnil;
if (p->gnutls_initstage == GNUTLS_STAGE_READY)
+ {
/* Run sentinels, etc. */
+ p->gnutls_boot_parameters = Qnil;
finish_after_tls_connection (proc);
+ }
else if (p->gnutls_initstage != GNUTLS_STAGE_HANDSHAKE_TRIED)
{
deactivate_process (proc);
next prev parent reply other threads:[~2019-02-20 18:44 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-19 19:29 :nowait t misbehaves when falling back from IPv6 to IPv4 Robert Pluim
2019-02-20 10:19 ` Robert Pluim
2019-02-20 18:44 ` Robert Pluim [this message]
2019-02-20 19:24 ` Eli Zaretskii
2019-02-20 19:29 ` Robert Pluim
2019-02-20 19:44 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m28syati3t.fsf@gmail.com \
--to=rpluim@gmail.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).