diff options
author | Julian Andres Klode <julian.klode@canonical.com> | 2021-05-11 16:04:10 +0200 |
---|---|---|
committer | Julian Andres Klode <julian.klode@canonical.com> | 2021-05-12 13:06:11 +0200 |
commit | 2129ffecc084ca772af75418225c5551631e6278 (patch) | |
tree | fd530c8c6845c2e7e15965c8c73b8b2e348a9bdf | |
parent | 6fe716703b2dd5c47cb6684e0b83fd1c52516d41 (diff) |
Turn TLS handshake issues into transient errors
This makes them retriable, and brings them more into line with
TCP, where handshake is also a transient error.
LP: #1928100
-rw-r--r-- | methods/connect.cc | 2 | ||||
-rwxr-xr-x | test/integration/test-apt-https-transient | 43 |
2 files changed, 44 insertions, 1 deletions
diff --git a/methods/connect.cc b/methods/connect.cc index d513a4540..044984403 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -1045,7 +1045,7 @@ ResultState UnwrapTLS(std::string const &Host, std::unique_ptr<MethodFd> &Fd, err = tlsFd->DoTLSHandshake(); if (err < 0) - return ResultState::FATAL_ERROR; + return ResultState::TRANSIENT_ERROR; return ResultState::SUCCESSFUL; } diff --git a/test/integration/test-apt-https-transient b/test/integration/test-apt-https-transient new file mode 100755 index 000000000..f2b7347ba --- /dev/null +++ b/test/integration/test-apt-https-transient @@ -0,0 +1,43 @@ +#!/bin/sh +set -e + +TESTDIR="$(readlink -f "$(dirname "$0")")" +. "$TESTDIR/framework" + +setupenvironment +configarchitecture "i386" + +# Disable sandbox to avoid W: down below +echo 'APT::Sandbox::User "root";' > rootdir/etc/apt/apt.conf.d/no-acquire-sandbox + +echo 'alright' > aptarchive/working +changetohttpswebserver + +msgtest 'download of a file works via' 'http' +testsuccess --nomsg downloadfile "http://localhost:${APTHTTPPORT}/working" httpsfile +testfileequal httpsfile 'alright' +rm -f httpfile httpsfile + +msgtest 'download of a file works via' 'https' +testsuccess --nomsg downloadfile "https://localhost:${APTHTTPSPORT}/working" httpfile +testfileequal httpfile 'alright' +rm -f httpfile httpsfile + +# Speak wrong protocols (https on http port and vice versa). We check that they can be retried. + +msgtest 'protocol negotiation error is transient for' 'https' +testfailureequal "Ign:1 https://localhost:${APTHTTPPORT}/working + Could not wait for server fd - select (11: Resource temporarily unavailable) +Err:1 https://localhost:${APTHTTPPORT}/working + Could not wait for server fd - select (11: Resource temporarily unavailable) +E: Failed to fetch https://localhost:${APTHTTPPORT}/working Could not wait for server fd - select (11: Resource temporarily unavailable) +E: Download Failed" apthelper download-file "https://localhost:${APTHTTPPORT}/working" httpfile -oAcquire::https::Timeout=1 -oAcquire::Retries=1 + +# Speak wrong protocols (https on http port and vice versa) +msgtest 'protocol negotiation error is transient for' 'http' +testfailureequal "Ign:1 http://localhost:${APTHTTPSPORT}/working + Connection failed +Err:1 http://localhost:${APTHTTPSPORT}/working + Connection failed +E: Failed to fetch http://localhost:${APTHTTPSPORT}/working Connection failed +E: Download Failed" apthelper download-file "http://localhost:${APTHTTPSPORT}/working" httpfile -oAcquire::https::Timeout=1 -oAcquire::Retries=1 |