Error writing data to TLS socket: The specified session has been invalidated for some reason.

Ken Cunningham ken.cunningham.webuse at gmail.com
Sun Jan 27 03:03:15 UTC 2019


Running the test suite on gnutls on 10.6.8 shows one failure:

FAIL: srp


So indeed it's right where I thought the error was, in that srp authentication module. Maybe that same module is broken on other systems too... to be discovered.

luckily there is a way to disable that module in gnutls, so perhaps that's a way out until this gets sorted:

--disable-srp-authentication

Ken


On 2019-01-18, at 7:33 PM, Ken Cunningham wrote:

> when I downgraded to gnutls 3.5.x (which required rolling back to the last libidn2 due to a minor abi change) surf and epiphany both worked again.
> 
> I’m still puzzled — hard to debug.
> 
> Ken
> 
>> On Jan 18, 2019, at 5:45 PM, Marius Schamschula <lists at schamschula.com> wrote:
>> 
>> Ken,
>> 
>> I just installed for surf and epiphany. I tested with my own websites that are using letsencrypt certificates.
>> 
>> Indeed, both browsers are broken, in the case of epiphany, I couldn’t even download the http version w/o an error, as it still tried pulling an external resource using https.
>> 
>> However, I doubt that the issue is with gnutls: I used both aria2 +gnutls+sqlite3 (my default build) and curl +gnutls to pull down two of my https home pages as well as gitHub.com/macports/ w/o any issues.
>> 
>> The ABI for gnutls 3.6.x is a superset of version 3.5.x, no previous symbols have been removed or modified, only new functionality has been added:
>> 
>> https://lists.gnupg.org/pipermail/gnutls-devel/2017-August/008484.html
>> 
>> Marius
>> --
>> Marius Schamschula
>> 
>> 
>> 
>> 
>>> On Jan 18, 2019, at 6:08 PM, Ken Cunningham <ken.cunningham.webuse at gmail.com> wrote:
>>> 
>>> I’m not sure which port is causing this error I’m seeing since recent updates.
>>> 
>>> To see it, use something like epiphany or surf
>>> 
>>> surf www.github.com
>>> epiphany www.github.com
>>> 
>>> 
>>> I think the error is in gnutls, maybe in libidn2?
>>> 
>>> I’m narrowing it down to perhaps the srp authentication module, but I’m out of my depth to an extent.
>>> 
>>> i’m not sure yet if it’s a MacPorts thing, or some new bug that slipped into gnutls.
>>> 
>>> Anyway, it seems to stop the use of things that use gnutls against some authenticating websites.
>>> 
>>> Ken
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-dev/attachments/20190126/b49eac09/attachment.html>


More information about the macports-dev mailing list