IRC channel logs
2013-06-08.log
back to list of logs
<mark_weaver>surprisingly, the https URL I used for archive.apache.org doesn't work, because some TLS error happens right at the end of the download. <mark_weaver>I lost the exact output, and am now doing an guix package --upgrade that I'd rather not interrupt. <mark_weaver>wget on Debian wheezy works properly, and is also linked with gnutls (2.12.20) <civodul>because it's built in a derivation, that uses "our" GnuTLS <mark_weaver>maybe wget is ignoring that particular TLS error, dunno. <mark_weaver>For glib-networking update to version 2.29.92, it says "Fixed a problem when linking against GNUTLS 3.0, where connections would sometimes return the error "The TLS connection was non-properly terminated". (bgo#659233)" <mark_weaver>I'm not sure what bug tracking system that bug number is in. <mark_weaver>well, I suppose we could just use plain http for that URL. <mark_weaver>is it a problem on our end, or on the apache archive server? <mark_weaver>given that we will check the SHAsum on the downloaded file, I suppose there's no harm in ignoring that error for downloads, in any case. <civodul>because we pass a TLS port to the download code <mark_weaver>I don't yet understand the issues well enough to know what's the right solution. <civodul>it really seems the server is closing the connection without sending a TLS goodbye packet <mark_weaver>if the server is violating the relevant standard, my instinct would be to remain strict on our end unless the bad server behavior is widespread. <civodul>here's a plan: we ignore it in Guix for now, and i change the GnuTLS session-record port code to ignore it <civodul>because what matters is that the report returns the EOF object <mark_weaver>I'm not sure what code you're talking about. If you mean to ignore the error in the general-purpose guile-gnutls code, that makes me nervous. <mark_weaver>though I confess I don't fully understand the issues. <mark_weaver>if you mean to ignore it only for purpose of downloads, then I guess that's fine, since the SHAsum will be checked anyway. <mark_weaver>I think it's become fairly clear that Postel's idea that one should be permissive in what one accepts has turned out to be a bad idea. It tends to result in widespread violations of the standards, as happened in the world wide web.