me
/
guix
Archived
1
0
Fork 0
Code

download: 'tls-wrap' retries handshake upon non-fatal errors. 

Fixes <https://bugs.gnu.org/49223>.
Reported by Domagoj Stolfa <ds815@gmx.com>.

* guix/build/download.scm (tls-wrap): Retry up to 5 times when
'handshake' throws a non-fatal error.
master
Ludovic Courtès 2021-06-25 16:11:55 +02:00
parent 7fe195f3b7
commit b36267b1d9
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
1 changed files with 21 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
guix/build/download.scm
View File

@ -281,21 +281,27 @@ host name without trailing dot."
;;(set-log-level! 10) ;;(set-log-level! 10)
;;(set-log-procedure! log) ;;(set-log-procedure! log)
(catch 'gnutls-error (let loop ((retries 5))
(lambda () (catch 'gnutls-error
(handshake session)) (lambda ()
(lambda (key err proc . rest) (handshake session))
(cond ((eq? err error/warning-alert-received) (lambda (key err proc . rest)
;; Like Wget, do no stop upon non-fatal alerts such as (cond ((eq? err error/warning-alert-received)
;; 'alert-description/unrecognized-name'. ;; Like Wget, do no stop upon non-fatal alerts such as
(format (current-error-port) ;; 'alert-description/unrecognized-name'.
"warning: TLS warning alert received: ~a~%" (format (current-error-port)
(alert-description->string (alert-get session))) "warning: TLS warning alert received: ~a~%"
(handshake session)) (alert-description->string (alert-get session)))
(else (handshake session))
;; XXX: We'd use 'gnutls_error_is_fatal' but (gnutls) doesn't (else
;; provide a binding for this. (if (or (fatal-error? err) (zero? retries))
(apply throw key err proc rest))))) (apply throw key err proc rest)
(begin
;; We got 'error/again' or similar; try again.
(format (current-error-port)
"warning: TLS non-fatal error: ~a~%"
(error->string err))
(loop (- retries 1)))))))))
;; Verify the server's certificate if needed. ;; Verify the server's certificate if needed.
(when verify-certificate? (when verify-certificate?