mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-07 15:36:20 -05:00
download: Ask not to use TLS 1.3.
Works around <https://bugs.gnu.org/34102>. Reported by Marius Bakke <mbakke@fastmail.com>. * guix/build/download.scm (tls-wrap): Add "-VERS-TLS1.3" to the priority string when (gnutls-version) is not prefixed by "3.5".
This commit is contained in:
parent
a64676e088
commit
e4ee842026
1 changed files with 14 additions and 2 deletions
|
@ -157,7 +157,8 @@ (define* (ftp-fetch uri file #:key timeout print-build-trace?)
|
||||||
;; XXX: Use this hack instead of #:autoload to avoid compilation errors.
|
;; XXX: Use this hack instead of #:autoload to avoid compilation errors.
|
||||||
;; See <http://bugs.gnu.org/12202>.
|
;; See <http://bugs.gnu.org/12202>.
|
||||||
(module-autoload! (current-module)
|
(module-autoload! (current-module)
|
||||||
'(gnutls) '(make-session connection-end/client))
|
'(gnutls)
|
||||||
|
'(gnutls-version make-session connection-end/client))
|
||||||
|
|
||||||
(define %tls-ports
|
(define %tls-ports
|
||||||
;; Mapping of session record ports to the underlying file port.
|
;; Mapping of session record ports to the underlying file port.
|
||||||
|
@ -268,7 +269,18 @@ (define (log level str)
|
||||||
;; "(gnutls) Priority Strings"); see <http://bugs.gnu.org/23311>.
|
;; "(gnutls) Priority Strings"); see <http://bugs.gnu.org/23311>.
|
||||||
;; Explicitly disable SSLv3, which is insecure:
|
;; Explicitly disable SSLv3, which is insecure:
|
||||||
;; <https://tools.ietf.org/html/rfc7568>.
|
;; <https://tools.ietf.org/html/rfc7568>.
|
||||||
(set-session-priorities! session "NORMAL:%COMPAT:-VERS-SSL3.0")
|
;;
|
||||||
|
;; FIXME: Since we currently fail to handle TLS 1.3 (with GnuTLS 3.6.5),
|
||||||
|
;; remove it; see <https://bugs.gnu.org/34102>.
|
||||||
|
(set-session-priorities! session
|
||||||
|
(string-append
|
||||||
|
"NORMAL:%COMPAT:-VERS-SSL3.0"
|
||||||
|
|
||||||
|
;; The "VERS-TLS1.3" priority string is not
|
||||||
|
;; supported by GnuTLS 3.5.
|
||||||
|
(if (string-prefix? "3.5." (gnutls-version))
|
||||||
|
""
|
||||||
|
":-VERS-TLS1.3")))
|
||||||
|
|
||||||
(set-session-credentials! session
|
(set-session-credentials! session
|
||||||
(if (and verify-certificate? ca-certs)
|
(if (and verify-certificate? ca-certs)
|
||||||
|
|
Loading…
Reference in a new issue