summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2017-05-02 21:43:18 +0200
committerLudovic Courtès <ludo@gnu.org>2017-05-02 23:41:13 +0200
commit7b9ac883ea62a816afbfa747c1377dc273c15c20 (patch)
tree5be9a92cb8cbede3db0ada6d337161f470e5bfda
parent756be979cb4adef6caf61b2e8eb2391f2b8c6ea7 (diff)
download: Continue handshake upon TLS warning alerts.
This allows us to download from site such as <https://fusionforge.int-evry.fr> where the server does not recognize the server name passed via the 'server_name' extension. * guix/build/download.scm (tls-wrap): Catch 'gnutls-error' around 'handshake'. Upon ERROR/WARNING-ALERT-RECEIVED, print a message and call 'handshake'.
-rw-r--r--guix/build/download.scm16
1 files changed, 15 insertions, 1 deletions
diff --git a/guix/build/download.scm b/guix/build/download.scm
index 67a8952599..ce4708a873 100644
--- a/guix/build/download.scm
+++ b/guix/build/download.scm
@@ -396,7 +396,21 @@ host name without trailing dot."
;;(set-log-level! 10)
;;(set-log-procedure! log)
- (handshake session)
+ (catch 'gnutls-error
+ (lambda ()
+ (handshake session))
+ (lambda (key err proc . rest)
+ (cond ((eq? err error/warning-alert-received)
+ ;; Like Wget, do no stop upon non-fatal alerts such as
+ ;; 'alert-description/unrecognized-name'.
+ (format (current-error-port)
+ "warning: TLS warning alert received: ~a~%"
+ (alert-description->string (alert-get session)))
+ (handshake session))
+ (else
+ ;; XXX: We'd use 'gnutls_error_is_fatal' but (gnutls) doesn't
+ ;; provide a binding for this.
+ (apply throw key err proc rest)))))
;; Verify the server's certificate if needed.
(when verify-certificate?