Re: :nowait t misbehaves when falling back from IPv6 to IPv4

[Robert Pluim <rpluim@gmail.com>]

Robert Pluim <rpluim@gmail.com> writes:

> Robert Pluim <rpluim@gmail.com> writes:
>
>> I unfortunately donʼt have time to look into this right now, but
>> perhaps someone familiar with the network code has some ideas.
>
> So this is GnuTLS related: setting package-archives to use http rather
> than https makes everything work.

And after several hours of debugging, the fix turns out to be small,
but one that I definitely want others to look at.

Hereʼs what happens:

1. update-package-archives requests an asynchronous load of an url on
   elpa.gnu.org
2. make-network-process looks up 'elpa.gnu.org', which returns an IPv6
   and an IPv4 address (in that order)
3. it calls 'connect_network_socket', which calls 'connect', starts TLS
   negotiation, and then continues on because this is a non-blocking
   connect
4. some time later, that IPv6 connection has failed, which is noticed
   in 'wait_reading_process_output'. Because we have more addresses to
   try, it calls 'connect_network_socket' again, this time for the
   IPv4 address
5. 'connect_network_socket' again calls 'connect', but doesnʼt start TLS
   negotiation, since the TLS boot parameters were deleted in [3]
6. TCP finishes connecting, we call the user-provided sentinel, which
   ends up sending an HTTP request on what is supposed to be a TLS
   secured channel, and elpa.gnu.org quite rightly sends a '400' error
   and shuts down the connection

The fix below works for both emacs-26 and master. I have not fully
reasoned about its consequences.

This close to a release Iʼm certain it won't go into emacs-26, so
perhaps we should put an entry in PROBLEMS telling people to either
use elpa.gnu.org's IPv4 address in 'package-archives', or to use http
instead of https when they have problems connecting.

Broken IPv6 setups will only make this more likely in the future, so
perhaps we should think about implementing a limited version of 'Happy
Eyeballs 2' <https://tools.ietf.org/html/rfc8305> at some point.

2019-02-20  Robert Pluim  <rpluim@gmail.com>

	* src/process.c (connect_network_socket): Only delete
	gnutls_boot_parameters if TLS negotiation actually succeeded,
	as they may be needed for connection to other addresses for
	the same host.

diff --git a/src/process.c b/src/process.c
index b0a327229c..8784827cd4 100644
--- a/src/process.c
+++ b/src/process.c
@@ -3657,11 +3657,13 @@ connect_network_socket (Lisp_Object proc, Lisp_Object addrinfos,
       Lisp_Object boot, params = p->gnutls_boot_parameters;
 
       boot = Fgnutls_boot (proc, XCAR (params), XCDR (params));
-      p->gnutls_boot_parameters = Qnil;
 
       if (p->gnutls_initstage == GNUTLS_STAGE_READY)
+        {
 	/* Run sentinels, etc. */
+        p->gnutls_boot_parameters = Qnil;
 	finish_after_tls_connection (proc);
+        }
       else if (p->gnutls_initstage != GNUTLS_STAGE_HANDSHAKE_TRIED)
 	{
 	  deactivate_process (proc);