tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: wip.pkgsrc.org broken TLS? (GnuTLS Fatal error: The TLS connection was non-properly terminated.)

(Any reason my mails here get rather delayed delivery?

Delivered-To: tech-pkg%netbsd.org@localhost
Received: by mail.netbsd.org (Postfix, from userid 1347)
 id E6B8084DBC; Mon, 17 Aug 2020 16:54:07 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by mail.netbsd.org (Postfix) with ESMTP id 0AD2F84DB6;
 Mon, 17 Aug 2020 05:29:53 +0000 (UTC)

Am I in quarantine?)

Am Mon, 17 Aug 2020 18:38:20 +0200
schrieb S.P.Zeidler <spz%NetBSD.org@localhost>:

> Thanks for the debug hint; I moved the SSL_shutdown earlier and now
> gnutls is no longer unhappy with wip.pkgsrc.org.

Great! But wget is still unhappy:

$ wget https://wip.pkgsrc.org/cgi-bin/gitweb.cgi
--2020-08-17 19:09:35--  https://wip.pkgsrc.org/cgi-bin/gitweb.cgi
Resolving wip.pkgsrc.org (wip.pkgsrc.org)... 2a00:19e0:3004:219:2a92:4aff:fe33:3b71, 195.22.142.117
Connecting to wip.pkgsrc.org (wip.pkgsrc.org)|2a00:19e0:3004:219:2a92:4aff:fe33:3b71|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘gitweb.cgi’

gitweb.cgi                              [ <=>                                                              ]   3,03K  --.-KB/s    in 0,02s   

2020-08-17 19:09:36 (193 KB/s) - Read error at byte 3100 (The TLS connection was non-properly terminated.).Retrying.

But indeed, gnutls-cli is happier:

|<10>| RB: Requested 24 bytes
|<5>| REC[0x55a08251a360]: Decrypted Packet[4] Alert(21) with length: 2
|<5>| REC[0x55a08251a360]: Alert[1|0] - Close notify - was received
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1577
- Peer has closed the GnuTLS connection
|<13>| BUF[HSK]: Emptied buffer
|<5>| REC[0x55a08251a360]: Start of epoch cleanup
|<5>| REC[0x55a08251a360]: End of epoch cleanup
|<5>| REC[0x55a08251a360]: Epoch #2 freed


Ah, but gitweb.cgi is not fine.

$ gnutls-cli -p 443 -V -d 999 -- wip.pkgsrc.org
[…]
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_int]:1775
get /cgi-bin/gitweb.cgi HTTP/1.1
|<5>| REC[0x55f2081f6360]: Preparing Packet Application Data(23) with length: 33 and min pad: 0
|<9>| ENC[0x55f2081f6360]: cipher: AES-256-GCM, MAC: AEAD, Epoch: 2
|<11>| WRITE: enqueued 55 bytes for 0x7ffcde47a200. Total 55 bytes.
|<11>| WRITE FLUSH: 55 bytes in buffer.
|<11>| WRITE: wrote 55 bytes, 0 bytes left.
|<5>| REC[0x55f2081f6360]: Sent Packet[1] Application Data(23) in epoch 2 and length: 55
- Sent: 33 bytes
|<10>| READ: Got 5 bytes from 0x7ffcde47a200
|<10>| READ: read 5 bytes from 0x7ffcde47a200
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0x55f2081f6360]: SSL 3.3 Application Data packet received. Epoch 2, length: 47
|<5>| REC[0x55f2081f6360]: Expected Packet Application Data(23)
|<5>| REC[0x55f2081f6360]: Received Packet Application Data(23) with length: 47
|<10>| READ: Got 47 bytes from 0x7ffcde47a200
|<10>| READ: read 47 bytes from 0x7ffcde47a200
|<10>| RB: Have 5 bytes into buffer. Adding 47 bytes.
|<10>| RB: Requested 52 bytes
|<5>| REC[0x55f2081f6360]: Decrypted Packet[2] Application Data(23) with length: 30
|<13>| BUF[REC]: Inserted 30 bytes of Data(23)
- Received[30]: HTTP/1.1 408 Request Timeout
|<10>| READ: Got 5 bytes from 0x7ffcde47a200
|<10>| READ: read 5 bytes from 0x7ffcde47a200
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0x55f2081f6360]: SSL 3.3 Application Data packet received. Epoch 2, length: 42
|<5>| REC[0x55f2081f6360]: Expected Packet Application Data(23)
|<5>| REC[0x55f2081f6360]: Received Packet Application Data(23) with length: 42
|<10>| READ: Got 42 bytes from 0x7ffcde47a200
|<10>| READ: read 42 bytes from 0x7ffcde47a200
|<10>| RB: Have 5 bytes into buffer. Adding 42 bytes.
|<10>| RB: Requested 47 bytes
|<5>| REC[0x55f2081f6360]: Decrypted Packet[3] Application Data(23) with length: 25
|<13>| BUF[REC]: Inserted 25 bytes of Data(23)
- Received[25]: Content-Type: text/html
|<10>| READ: Got 5 bytes from 0x7ffcde47a200
|<10>| READ: read 5 bytes from 0x7ffcde47a200
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0x55f2081f6360]: SSL 3.3 Application Data packet received. Epoch 2, length: 36
|<5>| REC[0x55f2081f6360]: Expected Packet Application Data(23)
|<5>| REC[0x55f2081f6360]: Received Packet Application Data(23) with length: 36
|<10>| READ: Got 36 bytes from 0x7ffcde47a200
|<10>| READ: read 36 bytes from 0x7ffcde47a200
|<10>| RB: Have 5 bytes into buffer. Adding 36 bytes.
|<10>| RB: Requested 41 bytes
|<5>| REC[0x55f2081f6360]: Decrypted Packet[4] Application Data(23) with length: 19
|<13>| BUF[REC]: Inserted 19 bytes of Data(23)
- Received[19]: Content-Length: 0
|<10>| READ: Got 5 bytes from 0x7ffcde47a200
|<10>| READ: read 5 bytes from 0x7ffcde47a200
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0x55f2081f6360]: SSL 3.3 Application Data packet received. Epoch 2, length: 45
|<5>| REC[0x55f2081f6360]: Expected Packet Application Data(23)
|<5>| REC[0x55f2081f6360]: Received Packet Application Data(23) with length: 45
|<10>| READ: Got 45 bytes from 0x7ffcde47a200
|<10>| READ: read 45 bytes from 0x7ffcde47a200
|<10>| RB: Have 5 bytes into buffer. Adding 45 bytes.
|<10>| RB: Requested 50 bytes
|<5>| REC[0x55f2081f6360]: Decrypted Packet[5] Application Data(23) with length: 28
|<13>| BUF[REC]: Inserted 28 bytes of Data(23)
- Received[28]: Server: bozohttpd/20190228
|<10>| READ: Got 5 bytes from 0x7ffcde47a200
|<10>| READ: read 5 bytes from 0x7ffcde47a200
|<10>| RB: Have 0 bytes into buffer. Adding 5 bytes.
|<10>| RB: Requested 5 bytes
|<5>| REC[0x55f2081f6360]: SSL 3.3 Application Data packet received. Epoch 2, length: 19
|<5>| REC[0x55f2081f6360]: Expected Packet Application Data(23)
|<5>| REC[0x55f2081f6360]: Received Packet Application Data(23) with length: 19
|<10>| READ: Got 19 bytes from 0x7ffcde47a200
|<10>| READ: read 19 bytes from 0x7ffcde47a200
|<10>| RB: Have 5 bytes into buffer. Adding 19 bytes.
|<10>| RB: Requested 24 bytes
|<5>| REC[0x55f2081f6360]: Decrypted Packet[6] Application Data(23) with length: 2
|<13>| BUF[REC]: Inserted 2 bytes of Data(23)
- Received[2]: 
|<10>| READ: Got 0 bytes from 0x7ffcde47a200
|<10>| READ: read 0 bytes from 0x7ffcde47a200
|<3>| ASSERT: ../../lib/buffers.c[_gnutls_io_read_buffered]:593
|<3>| ASSERT: ../../lib/record.c[recv_headers]:1171
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_in_buffers]:1302
|<3>| ASSERT: ../../lib/record.c[_gnutls_recv_int]:1775
*** Fatal error: The TLS connection was non-properly terminated.
*** Server has terminated the connection abnormally.
|<13>| BUF[HSK]: Emptied buffer
|<5>| REC[0x55f2081f6360]: Start of epoch cleanup
|<5>| REC[0x55f2081f6360]: End of epoch cleanup
|<5>| REC[0x55f2081f6360]: Epoch #2 freed


The CGI TLS behaviour code differnt?


Alrighty then,

Thomas

-- 
Dr. Thomas Orgis
HPC @ Universität Hamburg
Home | Main Index | Thread Index | Old Index