unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
From: Maxime Devos <maximedevos@telenet.be>
To: "Ludovic Courtès" <ludo@gnu.org>, 56867@debbugs.gnu.org
Cc: guile-devel@gnu.org
Subject: [bug#56867] [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7.
Date: Mon, 1 Aug 2022 11:56:00 +0200	[thread overview]
Message-ID: <da075774-a438-71b9-a4aa-3520a0070621@telenet.be> (raw)
In-Reply-To: <20220801090749.11655-1-ludo@gnu.org>


[-- Attachment #1.1.1: Type: text/plain, Size: 2414 bytes --]

Some objections on error handling (I don't know much about the wrapping)

On 01-08-2022 11:07, Ludovic Courtès wrote:
> [...]
> Hello!
>
> I'll land a similar change in Guile's (web client) module afterwards
> if there are no objections.
>
> Ludo'.
>
> diff --git a/guix/build/download.scm b/guix/build/download.scm
> index 41583e8143..de094890b3 100644
> --- a/guix/build/download.scm
> +++ b/guix/build/download.scm
> @@ -245,6 +245,54 @@ (define (print-tls-certificate-error port key args default-printer)
>   (set-exception-printer! 'tls-certificate-error
>                           print-tls-certificate-error)
>   
> +(define (wrap-record-port-for-gnutls<3.7.7 record port)
> +  "Return a port that wraps RECORD to ensure that closing it also closes PORT,
> +the actual socket port, and its file descriptor.  Make sure it does not
> +introduce extra buffering (custom ports are buffered by default as of Guile
> +3.0.5).
> +
> +This wrapper is unnecessary with GnuTLS >= 3.7.7, which can automatically
> +close SESSION's file descriptor when RECORD is closed."
> +  (define (read! bv start count)
> +    (define read
> +      (catch 'gnutls-error
> +        (lambda ()
> +          (get-bytevector-n! record bv start count))
> +        (lambda (key err proc . rest)
> +          ;; When responding to "Connection: close" requests, some servers
> +          ;; close the connection abruptly after sending the response body,
> +          ;; without doing a proper TLS connection termination.  Treat it as
> +          ;; EOF.  This is fixed in GnuTLS 3.7.7.
> +          (if (eq? err error/premature-termination)
> +              the-eof-object
> +              (apply throw key err proc rest)))))

Objection: 'catch' makes the backtrace part happening inside the 
'get-bytevector-n!' disappear, because it is unwinding, as has been 
noted a few times (in different contexts) by Attila Lendvai and me.  
Maybe use 'guard' with an appropriate condition instead?

> +      (if (module-defined? (resolve-interface '(gnutls))
> +                           'set-session-record-port-close!) ;GnuTLS >= 3.7.7

resolve-module (and presumably also sets #:ensure #t by default, which 
sometimes causes 'module not found' messages to be replaced by 'unbound 
variable', which I don't think is useful behaviour, can #:ensure be set 
to #false?

Greetings,
Maxime

[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 929 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 236 bytes --]

  parent reply	other threads:[~2022-08-01  9:57 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-01  9:07 [bug#56867] [PATCH] download: Do not wrap TLS port on GnuTLS >= 3.7.7 Ludovic Courtès
2022-08-01  9:15 ` Ludovic Courtès
2022-08-01  9:56 ` Maxime Devos [this message]
2022-08-02  7:59   ` Ludovic Courtès
2022-08-04 19:37     ` Maxime Devos
2022-08-05  8:31       ` Ludovic Courtès
2022-08-05 10:17         ` Maxime Devos
2022-08-03 15:57 ` bug#56867: " Ludovic Courtès
2022-08-04 14:20 ` [bug#56867] " Ludovic Courtès
     [not found]   ` <87v8r86p7s.fsf@kolabnow.com>
2022-08-04 16:19     ` Ludovic Courtès

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=da075774-a438-71b9-a4aa-3520a0070621@telenet.be \
    --to=maximedevos@telenet.be \
    --cc=56867@debbugs.gnu.org \
    --cc=guile-devel@gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).