download: Continue handshake upon TLS warning alerts.

This allows us to download from site such as
<https://fusionforge.int-evry.fr> where the server does not recognize
the server name passed via the 'server_name' extension.

* guix/build/download.scm (tls-wrap): Catch 'gnutls-error' around
'handshake'.  Upon ERROR/WARNING-ALERT-RECEIVED, print a message and
call 'handshake'.
This commit is contained in:
Ludovic Courtès 2017-05-02 21:43:18 +02:00
parent 756be979cb
commit 7b9ac883ea
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
1 changed files with 15 additions and 1 deletions

View File

@ -396,7 +396,21 @@ host name without trailing dot."
;;(set-log-level! 10)
;;(set-log-procedure! log)
(handshake session)
(catch 'gnutls-error
(lambda ()
(handshake session))
(lambda (key err proc . rest)
(cond ((eq? err error/warning-alert-received)
;; Like Wget, do no stop upon non-fatal alerts such as
;; 'alert-description/unrecognized-name'.
(format (current-error-port)
"warning: TLS warning alert received: ~a~%"
(alert-description->string (alert-get session)))
(handshake session))
(else
;; XXX: We'd use 'gnutls_error_is_fatal' but (gnutls) doesn't
;; provide a binding for this.
(apply throw key err proc rest)))))
;; Verify the server's certificate if needed.
(when verify-certificate?