bug#36810: 26.2; package.el; package-refresh-contents, Bad Request (http over https)

bug#36810: 26.2; package.el; package-refresh-contents, Bad Request (http over https)

[gnu]

Replicate with:
emacs -Q
M-x package-initialize RET
M-x set-variable RET debug-on-error RET t RET
package-refresh-contents
=> Debugger entered--Lisp error: (file-error
"https://elpa.gnu.org/packages/archive-contents" "Bad Request")

In wireshark I observe a TLS1.2 session with elpa.gnu.org, terminated
from localhost, then another connection established to port 443 on
elpa.gun.org but no TLS setup and then a straight HTTP GET request (for
/packages/archive-contents).
Server responds 400 (Bad Request):
"Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port."





In GNU Emacs 26.2 (build 1, x86_64-slackware-linux-gnu, GTK+ Version 3.18.9)
  of 2019-07-17 built on hive64.slackware.lan
Windowing system distributor 'The X.Org Foundation', version 11.0.11803000
Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.
You can run the command 'package-initialize' with M-x p-ini RET
Importing package-keyring.gpg...done
Contacting host: elpa.gnu.org:443
Package refresh done
Entering debugger...

Configured using:
  'configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
  --program-prefix= --program-suffix= --mandir=/usr/man
  --infodir=/usr/info --without-gconf --without-gsettings --with-x
  --with-x-toolkit=gtk3 --build=x86_64-slackware-linux 'CFLAGS=-O2
  -fPIC''

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND GPM DBUS GLIB NOTIFY ACL
GNUTLS LIBXML2 FREETYPE XFT ZLIB TOOLKIT_SCROLL_BARS GTK3 X11 XDBE XIM
THREADS LCMS2

Important settings:
   value of $LC_COLLATE: C
   value of $LC_CTYPE: en_GB
   value of $LC_MESSAGES: en_GB
   value of $LC_MONETARY: en_GB
   value of $LC_NUMERIC: en_GB
   value of $LC_TIME: en_GB
   value of $LANG:
   locale-coding-system: iso-latin-1-unix

Major mode: Debugger

Minor modes in effect:
   tooltip-mode: t
   global-eldoc-mode: t
   electric-indent-mode: t
   mouse-wheel-mode: t
   tool-bar-mode: t
   menu-bar-mode: t
   file-name-shadow-mode: t
   global-font-lock-mode: t
   font-lock-mode: t
   blink-cursor-mode: t
   auto-composition-mode: t
   auto-encryption-mode: t
   auto-compression-mode: t
   buffer-read-only: t
   line-number-mode: t
   transient-mark-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message dired dired-loaddefs format-spec
rfc822 mml mml-sec epa derived gnus-util rmail rmail-loaddefs mm-decode
mm-bodies mm-encode mailabbrev gmm-utils mailheader sendmail cl-print
debug mail-utils network-stream starttls url-http tls gnutls mail-parse
rfc2231 rfc2047 rfc2045 mm-util ietf-drums mail-prsvr url-gw nsm rmc
puny url-cache url-auth url url-proxy url-privacy url-expand url-methods
url-history url-cookie url-domsuf url-util mailcap epg cus-edit wid-edit
cus-start cus-load thingatpt help-fns radix-tree help-mode finder-inf
package easymenu epg-config url-handlers url-parse auth-source cl-seq
eieio eieio-core cl-macs eieio-loaddefs password-cache url-vars seq
byte-opt gv bytecomp byte-compile cconv cl-loaddefs cl-lib elec-pair
time-date mule-util tooltip eldoc electric uniquify ediff-hook vc-hooks
lisp-float-type mwheel term/x-win x-win term/common-win x-dnd tool-bar
dnd fontset image regexp-opt fringe tabulated-list replace newcomment
text-mode elisp-mode lisp-mode prog-mode register page menu-bar
rfn-eshadow isearch timer select scroll-bar mouse jit-lock font-lock
syntax facemenu font-core term/tty-colors frame cl-generic cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese composite charscript charprop
case-table epa-hook jka-cmpr-hook help simple abbrev obarray minibuffer
cl-preloaded nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote threads dbusbind
inotify lcms2 dynamic-setting font-render-setting move-toolbar gtk
x-toolkit x multi-tty make-network-process emacs)

Memory information:
((conses 16 130287 9116)
  (symbols 48 23742 1)
  (miscs 40 54 139)
  (strings 32 38503 1177)
  (string-bytes 1 1018090)
  (vectors 16 18079)
  (vector-slots 8 546762 8140)
  (floats 8 64 53)
  (intervals 56 386 241)
  (buffers 992 13)
  (heap 1024 24811 5005))

bug#36810: 26.2; package.el; package-refresh-contents, Bad Request (http over https)

[Eli Zaretskii]

> From: gnu@crabapple.me.uk
> Date: Thu, 25 Jul 2019 17:42:57 +0100
> 
> Replicate with:
> emacs -Q
> M-x package-initialize RET
> M-x set-variable RET debug-on-error RET t RET
> package-refresh-contents
> => Debugger entered--Lisp error: (file-error
> "https://elpa.gnu.org/packages/archive-contents" "Bad Request")
> 
> In wireshark I observe a TLS1.2 session with elpa.gnu.org, terminated
> from localhost, then another connection established to port 443 on
> elpa.gun.org but no TLS setup and then a straight HTTP GET request (for
> /packages/archive-contents).
> Server responds 400 (Bad Request):
> "Your browser sent a request that this server could not understand.
> Reason: You're speaking plain HTTP to an SSL-enabled server port."

See bug#36749 for a possible solution.

bug#36810: 26.2; package.el; package-refresh-contents, Bad Request (http over https)

[Noam Postavsky]

merge 36810 36725
quit

gnu@crabapple.me.uk writes:

> Replicate with:
> emacs -Q
> M-x package-initialize RET
> M-x set-variable RET debug-on-error RET t RET
> package-refresh-contents
> => Debugger entered--Lisp error: (file-error
> "https://elpa.gnu.org/packages/archive-contents" "Bad Request")
>
> In wireshark I observe a TLS1.2 session with elpa.gnu.org, terminated
> from localhost, then another connection established to port 443 on
> elpa.gun.org but no TLS setup and then a straight HTTP GET request (for
> /packages/archive-contents).
> Server responds 400 (Bad Request):
> "Your browser sent a request that this server could not understand.
> Reason: You're speaking plain HTTP to an SSL-enabled server port."

I believe this is another case of Bug#36725/36749/34341.  It should work
in 26.2.90 pretest.  As a workaround, doing

    (setq gnutls-algorithm-priority "NORMAL:-VERS-TLS1.3")

seems to help (it somehow affects the timing so as to avoid the bug).

bug#36810: 26.2; package.el; package-refresh-contents, Bad Request (http over https)

[gnu]

[-- Attachment #1: Type: text/html, Size: 368 bytes --]