mirror/guile
mirror/guile
1
Fork 0
mirror of https://git.savannah.gnu.org/git/guile.git synced 2025-06-09 13:30:26 +02:00
Code Activity

web: 'tls-wrap' retries handshake upon non-fatal errors.

Browse source 
Fixes <https://bugs.gnu.org/49223>.
Reported by Domagoj Stolfa <ds815@gmx.com>.

Backport of Guix commit b36267b1d96ac344d2b42c9822ce04b4c3117f85.

* guix/build/download.scm (tls-wrap): Retry up to 5 times when
'handshake' throws a non-fatal error.
This commit is contained in:
Ludovic Courtès 2022-08-04 15:22:49 +02:00
parent c01ca10b3f
commit 317b06bf86
1 changed files with 21 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

36
module/web/client.scm
View file

@ -259,21 +259,27 @@ host name without trailing dot."
;;(set-log-level! 10) ;;(set-log-level! 10)
;;(set-log-procedure! log) ;;(set-log-procedure! log)
(catch 'gnutls-error (let loop ((retries 5))
(lambda () (catch 'gnutls-error
(handshake session)) (lambda ()
(lambda (key err proc . rest) (handshake session))
(cond ((eq? err error/warning-alert-received) (lambda (key err proc . rest)
;; Like Wget, do no stop upon non-fatal alerts such as (cond ((eq? err error/warning-alert-received)
;; 'alert-description/unrecognized-name'. ;; Like Wget, do no stop upon non-fatal alerts such as
(format (current-error-port) ;; 'alert-description/unrecognized-name'.
"warning: TLS warning alert received: ~a~%" (format (current-error-port)
(alert-description->string (alert-get session))) "warning: TLS warning alert received: ~a~%"
(handshake session)) (alert-description->string (alert-get session)))
(else (handshake session))
;; XXX: We'd use 'gnutls_error_is_fatal' but (gnutls) doesn't (else
;; provide a binding for this. (if (or (fatal-error? err) (zero? retries))
(apply throw key err proc rest))))) (apply throw key err proc rest)
(begin
;; We got 'error/again' or similar; try again.
(format (current-error-port)
"warning: TLS non-fatal error: ~a~%"
(error->string err))
(loop (- retries 1)))))))))
;; Verify the server's certificate if needed. ;; Verify the server's certificate if needed.
(when verify-certificate? (when verify-certificate?