caml-list - the Caml user's mailing list
 help / color / Atom feed
* [Caml-list] https and Ocamlnet
@ 2019-09-25 13:49 Alan Schmitt
  2019-09-25 14:52 ` Christophe TROESTLER
                   ` (2 more replies)
  0 siblings, 3 replies; 12+ messages in thread
From: Alan Schmitt @ 2019-09-25 13:49 UTC (permalink / raw)
  To: OCaml Mailing List

[-- Attachment #1: Type: text/plain, Size: 1030 bytes --]

Hello,

I have a small utility that downloads and parses the RSS feed from
ocaml.org to include in the OCaml Weekly News, but a recent change 
to
ocaml.org broke it: it seems to only be served through https. I 
tried to
add a TLS provider, but it's still failing with a cryptic error 
message.

Here is an extract of the code showing the problem:

#+begin_src ocaml
let () = Nettls_gnutls.init()

let site = "https://ocaml.org"
let feed_name = "/feed.xml"

let planet = Nethttp_fs.http_fs site
let feedic = planet # read [] feed_name
let feed_string = Netchannels.string_of_in_obj_channel feedic
let () = feedic # close_in()
#+end_src

I can compile it with

ocamlfind ocamlc -o test -linkpkg -package netclient,nettls-gnutls 
test.ml

but when I run it, I get this error

Fatal error: exception 
Nettls_gnutls.TLS.Error(GNUTLS_E_PUSH_ERROR)

I know nothing of TLS and searching for the error did not point me
toward any solution.

I'm using gnutls 3.6.9 and ocamlnet 4.1.6.

How can I access the site using https?

Thanks,

Alan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Caml-list] https and Ocamlnet
  2019-09-25 13:49 [Caml-list] https and Ocamlnet Alan Schmitt
@ 2019-09-25 14:52 ` Christophe TROESTLER
  2019-09-25 15:47 ` Gerd Stolpmann
  2019-09-25 17:38 ` Oliver Bandel
  2 siblings, 0 replies; 12+ messages in thread
From: Christophe TROESTLER @ 2019-09-25 14:52 UTC (permalink / raw)
  To: Alan Schmitt; +Cc: OCaml Mailing List

[-- Attachment #1: Type: text/plain, Size: 1237 bytes --]

Hi Alan,

Did you install conf-gnutls ?

Cheers,
C.


On 25 September 2019 at 15:49 CEST, Alan Schmitt <alan.schmitt@polytechnique.org> wrote:
>
> Hello,
>
> I have a small utility that downloads and parses the RSS feed from
> ocaml.org to include in the OCaml Weekly News, but a recent change to
> ocaml.org broke it: it seems to only be served through https. I tried to
> add a TLS provider, but it's still failing with a cryptic error message.
>
> Here is an extract of the code showing the problem:
>
> #+begin_src ocaml
> let () = Nettls_gnutls.init()
>
> let site = "https://ocaml.org"
> let feed_name = "/feed.xml"
>
> let planet = Nethttp_fs.http_fs site
> let feedic = planet # read [] feed_name
> let feed_string = Netchannels.string_of_in_obj_channel feedic
> let () = feedic # close_in()
> #+end_src
>
> I can compile it with
>
> ocamlfind ocamlc -o test -linkpkg -package netclient,nettls-gnutls
> test.ml
>
> but when I run it, I get this error
>
> Fatal error: exception Nettls_gnutls.TLS.Error(GNUTLS_E_PUSH_ERROR)
>
> I know nothing of TLS and searching for the error did not point me
> toward any solution.
>
> I'm using gnutls 3.6.9 and ocamlnet 4.1.6.
>
> How can I access the site using https?
>
> Thanks,
>
> Alan


[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 3293 bytes --]

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Caml-list] https and Ocamlnet
  2019-09-25 13:49 [Caml-list] https and Ocamlnet Alan Schmitt
  2019-09-25 14:52 ` Christophe TROESTLER
@ 2019-09-25 15:47 ` Gerd Stolpmann
  2019-09-26  6:20   ` Alan Schmitt
  2019-09-25 17:38 ` Oliver Bandel
  2 siblings, 1 reply; 12+ messages in thread
From: Gerd Stolpmann @ 2019-09-25 15:47 UTC (permalink / raw)
  To: Alan Schmitt, OCaml Mailing List

Hi Alan,

looks like that there is some incompatibility with one of the newer TLS
protocol features (like zero roundtrip), so that the TLS negotiation
fails. I don't have time to look into this right now, and cryptic errors
are also cryptic for the developer, but I'm definitely interested in
fixing this. Will just take a bit of time.

Gerd

Am 25.09.19 um 15:49 schrieb Alan Schmitt:
> Hello,
>
> I have a small utility that downloads and parses the RSS feed from
> ocaml.org to include in the OCaml Weekly News, but a recent change to
> ocaml.org broke it: it seems to only be served through https. I tried to
> add a TLS provider, but it's still failing with a cryptic error message.
>
> Here is an extract of the code showing the problem:
>
> #+begin_src ocaml
> let () = Nettls_gnutls.init()
>
> let site = "https://ocaml.org"
> let feed_name = "/feed.xml"
>
> let planet = Nethttp_fs.http_fs site
> let feedic = planet # read [] feed_name
> let feed_string = Netchannels.string_of_in_obj_channel feedic
> let () = feedic # close_in()
> #+end_src
>
> I can compile it with
>
> ocamlfind ocamlc -o test -linkpkg -package netclient,nettls-gnutls
> test.ml
>
> but when I run it, I get this error
>
> Fatal error: exception Nettls_gnutls.TLS.Error(GNUTLS_E_PUSH_ERROR)
>
> I know nothing of TLS and searching for the error did not point me
> toward any solution.
>
> I'm using gnutls 3.6.9 and ocamlnet 4.1.6.
>
> How can I access the site using https?
>
> Thanks,
>
> Alan

-- 
------------------------------------------------------------
Gerd Stolpmann, Darmstadt, Germany    gerd@gerd-stolpmann.de
My OCaml site:          http://www.camlcity.org
Contact details:        http://www.camlcity.org/contact.html
Company homepage:       http://www.gerd-stolpmann.de
------------------------------------------------------------



^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Caml-list] https and Ocamlnet
  2019-09-25 13:49 [Caml-list] https and Ocamlnet Alan Schmitt
  2019-09-25 14:52 ` Christophe TROESTLER
  2019-09-25 15:47 ` Gerd Stolpmann
@ 2019-09-25 17:38 ` Oliver Bandel
  2 siblings, 0 replies; 12+ messages in thread
From: Oliver Bandel @ 2019-09-25 17:38 UTC (permalink / raw)
  To: Alan Schmitt; +Cc: OCaml Mailing List

Quoting  Alan Schmitt <alan.schmitt@polytechnique.org> (snt: 2019-09-25 15:49 +0200 CEST) (rcv: 2019-09-25 15:49 +0200 CEST):
> Hello,
> 
> I have a small utility that downloads and parses the RSS feed from
> ocaml.org to include in the OCaml Weekly News, but a recent change to
> ocaml.org broke it: it seems to only be served through https. I tried to
> add a TLS provider, but it's still failing with a cryptic error message.
> 
> Here is an extract of the code showing the problem:
> 
> #+begin_src ocaml
> let () = Nettls_gnutls.init()
> 
> let site = "https://ocaml.org"
> let feed_name = "/feed.xml"
> 
> let planet = Nethttp_fs.http_fs site
> let feedic = planet # read [] feed_name
> let feed_string = Netchannels.string_of_in_obj_channel feedic
> let () = feedic # close_in()
> #+end_src
> 
> I can compile it with
> 
> ocamlfind ocamlc -o test -linkpkg -package netclient,nettls-gnutls test.ml
> 
> but when I run it, I get this error
> 
> Fatal error: exception Nettls_gnutls.TLS.Error(GNUTLS_E_PUSH_ERROR)
[...]

Your problem looks similar to this here:

  https://sympa.inria.fr/sympa/arc/caml-list/2018-07/msg00001.html

Try
  https://www.presseportal.de/
what do you get there with your code?

Ciao,
  Oliver

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Caml-list] https and Ocamlnet
  2019-09-25 15:47 ` Gerd Stolpmann
@ 2019-09-26  6:20   ` Alan Schmitt
  2019-09-26  6:27     ` Christophe TROESTLER
  0 siblings, 1 reply; 12+ messages in thread
From: Alan Schmitt @ 2019-09-26  6:20 UTC (permalink / raw)
  To: Gerd Stolpmann; +Cc: OCaml Mailing List

[-- Attachment #1: Type: text/plain, Size: 648 bytes --]

Hello Gerd,

On 2019-09-25 17:47, Gerd Stolpmann <info@gerd-stolpmann.de> 
writes:

> looks like that there is some incompatibility with one of the 
> newer TLS
> protocol features (like zero roundtrip), so that the TLS 
> negotiation
> fails. I don't have time to look into this right now, and 
> cryptic errors
> are also cryptic for the developer, but I'm definitely 
> interested in
> fixing this. Will just take a bit of time.

Thank you!

And to answer the other replies:

Christophe, I do have conf-gnutls installed.

Olivier, I get a GNUTLS_E_PREMATURE_TERMINATION error when going 
to that
site, as it seems you were getting.

Best,

Alan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Caml-list] https and Ocamlnet
  2019-09-26  6:20   ` Alan Schmitt
@ 2019-09-26  6:27     ` Christophe TROESTLER
  2019-09-26  6:56       ` Alan Schmitt
  0 siblings, 1 reply; 12+ messages in thread
From: Christophe TROESTLER @ 2019-09-26  6:27 UTC (permalink / raw)
  To: Alan Schmitt; +Cc: Gerd Stolpmann, OCaml Mailing List

Hi Alan,

Have you tried “cohttp” with “tls” to perform the same task?

If it fails, I can remove the HTTPS redirection for ocaml.org while this is being fixed.

Best,
C.


On 26 September 2019 at 08:20 CEST, Alan Schmitt <alan.schmitt@polytechnique.org> wrote:
>
> Hello Gerd,
>
> On 2019-09-25 17:47, Gerd Stolpmann <info@gerd-stolpmann.de> writes:
>
>> looks like that there is some incompatibility with one of the newer
>> TLS
>> protocol features (like zero roundtrip), so that the TLS negotiation
>> fails. I don't have time to look into this right now, and cryptic
>> errors
>> are also cryptic for the developer, but I'm definitely interested in
>> fixing this. Will just take a bit of time.
>
> Thank you!
>
> And to answer the other replies:
>
> Christophe, I do have conf-gnutls installed.
>
> Olivier, I get a GNUTLS_E_PREMATURE_TERMINATION error when going to that
> site, as it seems you were getting.
>
> Best,
>
> Alan


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Caml-list] https and Ocamlnet
  2019-09-26  6:27     ` Christophe TROESTLER
@ 2019-09-26  6:56       ` Alan Schmitt
  2019-09-26 13:41         ` Simon Cruanes
  2019-09-26 14:39         ` Adrien Nader
  0 siblings, 2 replies; 12+ messages in thread
From: Alan Schmitt @ 2019-09-26  6:56 UTC (permalink / raw)
  To: Christophe TROESTLER; +Cc: Gerd Stolpmann, OCaml Mailing List

[-- Attachment #1: Type: text/plain, Size: 484 bytes --]

Hello Christophe,

On 2019-09-26 08:27, Christophe TROESTLER 
<Christophe.TROESTLER@umons.ac.be> writes:

> Have you tried “cohttp” with “tls” to perform the same task?
>
> If it fails, I can remove the HTTPS redirection for ocaml.org 
> while this is being fixed.

I just tried with cohttp. The example to access the reddit page 
works,
but replacing the url with https://ocaml.org/feed.xml fails:

Fatal error: exception Tls_lwt.Tls_alert(6)

Best,

Alan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Caml-list] https and Ocamlnet
  2019-09-26  6:56       ` Alan Schmitt
@ 2019-09-26 13:41         ` Simon Cruanes
  2019-09-26 15:44           ` Gerd Stolpmann
  2019-09-27  6:31           ` Alan Schmitt
  2019-09-26 14:39         ` Adrien Nader
  1 sibling, 2 replies; 12+ messages in thread
From: Simon Cruanes @ 2019-09-26 13:41 UTC (permalink / raw)
  To: Alan Schmitt; +Cc: Christophe TROESTLER, Gerd Stolpmann, OCaml Mailing List

[-- Attachment #1: Type: text/plain, Size: 1113 bytes --]

I've been working on higher level bindings to cURL (based on ocurl), at
https://github.com/c-cube/ezcurl .

```
$ dune utop src/sync
# Ezcurl.get ~url:"https://ocaml.org/feed.xml" ();;
- : (Ezcurl_core.response, Curl.curlCode * string) result =
Ok
 {Ezcurl_core.code = 200;
  headers =
   [("Content-Type", "application/xml"); ("Accept-Ranges", "bytes");
    ("ETag", "\"1394832364\"");
    ("Last-Modified", "Thu, 26 Sep 2019 13:15:03 GMT");
    ("Content-Length", "402487");
    ("Date", "Thu, 26 Sep 2019 13:49:00 GMT");
    ("Server", "lighttpd/1.4.53")];
  body =
   "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<feed xmlns=\"http://www.w3.org/2005/Atom\"><icon>http://ocaml.org/img/colour-icon-170x148.png</icon><generator uri=\"https://ocaml.org/\" version=\"${version:syndic}\">OCaml Syndic.Atom feed aggregator</generator><id>urn:md5:302d717d0937d8"... (* string length 402487; truncated *);
  info =
   {Ezcurl_core.ri_response_time = 6.346256; ri_redirect_count = 0}}
```

Maybe it's a different version of GNUTLS though (I'm on archlinux, it's 3.6.9-1).


-- 
Simon Cruanes

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Caml-list] https and Ocamlnet
  2019-09-26  6:56       ` Alan Schmitt
  2019-09-26 13:41         ` Simon Cruanes
@ 2019-09-26 14:39         ` Adrien Nader
  1 sibling, 0 replies; 12+ messages in thread
From: Adrien Nader @ 2019-09-26 14:39 UTC (permalink / raw)
  To: Alan Schmitt; +Cc: Christophe TROESTLER, Gerd Stolpmann, OCaml Mailing List

Hello,

On Thu, Sep 26, 2019, Alan Schmitt wrote:
> Hello Christophe,
> 
> On 2019-09-26 08:27, Christophe TROESTLER
> <Christophe.TROESTLER@umons.ac.be> writes:
> 
> >Have you tried “cohttp” with “tls” to perform the same task?
> >
> >If it fails, I can remove the HTTPS redirection for ocaml.org
> >while this is being fixed.
> 
> I just tried with cohttp. The example to access the reddit page
> works,
> but replacing the url with https://ocaml.org/feed.xml fails:
> 
> Fatal error: exception Tls_lwt.Tls_alert(6)

You can test the website and your local libraries with gnutls-cli: just
run 'gnutls-cli ocaml.org' (the binary is sometimes in a dedicated
package).
There's also something available in the openssl binary but the
command-line is not as friendly. Lastly, there are websites to test for
TLS configurations.

-- 
Adrien

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Caml-list] https and Ocamlnet
  2019-09-26 13:41         ` Simon Cruanes
@ 2019-09-26 15:44           ` Gerd Stolpmann
  2019-09-27  6:31           ` Alan Schmitt
  1 sibling, 0 replies; 12+ messages in thread
From: Gerd Stolpmann @ 2019-09-26 15:44 UTC (permalink / raw)
  To: Simon Cruanes, Alan Schmitt
  Cc: Christophe TROESTLER, Gerd Stolpmann, OCaml Mailing List

[-- Attachment #1.1: Type: text/plain, Size: 1868 bytes --]


Am 26.09.19 um 15:41 schrieb Simon Cruanes:
> I've been working on higher level bindings to cURL (based on ocurl), at
> https://github.com/c-cube/ezcurl .
>
> ```
> $ dune utop src/sync
> # Ezcurl.get ~url:"https://ocaml.org/feed.xml" ();;
> - : (Ezcurl_core.response, Curl.curlCode * string) result =
> Ok
>  {Ezcurl_core.code = 200;
>   headers =
>    [("Content-Type", "application/xml"); ("Accept-Ranges", "bytes");
>     ("ETag", "\"1394832364\"");
>     ("Last-Modified", "Thu, 26 Sep 2019 13:15:03 GMT");
>     ("Content-Length", "402487");
>     ("Date", "Thu, 26 Sep 2019 13:49:00 GMT");
>     ("Server", "lighttpd/1.4.53")];
>   body =
>    "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<feed xmlns=\"http://www.w3.org/2005/Atom\"><icon>http://ocaml.org/img/colour-icon-170x148.png</icon><generator uri=\"https://ocaml.org/\" version=\"${version:syndic}\">OCaml Syndic.Atom feed aggregator</generator><id>urn:md5:302d717d0937d8"... (* string length 402487; truncated *);
>   info =
>    {Ezcurl_core.ri_response_time = 6.346256; ri_redirect_count = 0}}
> ```
>
> Maybe it's a different version of GNUTLS though (I'm on archlinux, it's 3.6.9-1).

Don't think so, because gnutls-cli can actually connect to ocaml.org. I
rather guess it's a protocol option that's creating the problems, in
particular one that changes the order of reads and writes on the socket
(so it's visible to the wrapping library). BTW, it's not only ocaml.org
but e.g. also google.com.

Gerd

-- 
------------------------------------------------------------
Gerd Stolpmann, Darmstadt, Germany    gerd@gerd-stolpmann.de
My OCaml site:          http://www.camlcity.org
Contact details:        http://www.camlcity.org/contact.html
Company homepage:       http://www.gerd-stolpmann.de
------------------------------------------------------------



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Caml-list] https and Ocamlnet
  2019-09-26 13:41         ` Simon Cruanes
  2019-09-26 15:44           ` Gerd Stolpmann
@ 2019-09-27  6:31           ` Alan Schmitt
  2019-09-27 13:53             ` Simon Cruanes
  1 sibling, 1 reply; 12+ messages in thread
From: Alan Schmitt @ 2019-09-27  6:31 UTC (permalink / raw)
  To: Simon Cruanes; +Cc: Christophe TROESTLER, Gerd Stolpmann, OCaml Mailing List

[-- Attachment #1: Type: text/plain, Size: 382 bytes --]

Hi Simon,

On 2019-09-26 15:41, Simon Cruanes <simon.cruanes.2007@m4x.org> 
writes:

> I've been working on higher level bindings to cURL (based on 
> ocurl), at
> https://github.com/c-cube/ezcurl .

Nice. Do you plan to put it on opam?

> Maybe it's a different version of GNUTLS though (I'm on 
> archlinux, it's 3.6.9-1).

I'm also using this version (on arch too).

Best,

Alan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [Caml-list] https and Ocamlnet
  2019-09-27  6:31           ` Alan Schmitt
@ 2019-09-27 13:53             ` Simon Cruanes
  0 siblings, 0 replies; 12+ messages in thread
From: Simon Cruanes @ 2019-09-27 13:53 UTC (permalink / raw)
  To: Alan Schmitt; +Cc: OCaml Mailing List

[-- Attachment #1: Type: text/plain, Size: 290 bytes --]

Le Fri, 27 Sep 2019, Alan Schmitt wrote:
> Nice. Do you plan to put it on opam?

I do, at some point. It'd be nice to cooperate with other people who use
curl to improve the API first (in particular with Ahrefs as they have
their own overlay on top of ocurl).


-- 
Simon Cruanes

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, back to index

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-25 13:49 [Caml-list] https and Ocamlnet Alan Schmitt
2019-09-25 14:52 ` Christophe TROESTLER
2019-09-25 15:47 ` Gerd Stolpmann
2019-09-26  6:20   ` Alan Schmitt
2019-09-26  6:27     ` Christophe TROESTLER
2019-09-26  6:56       ` Alan Schmitt
2019-09-26 13:41         ` Simon Cruanes
2019-09-26 15:44           ` Gerd Stolpmann
2019-09-27  6:31           ` Alan Schmitt
2019-09-27 13:53             ` Simon Cruanes
2019-09-26 14:39         ` Adrien Nader
2019-09-25 17:38 ` Oliver Bandel

caml-list - the Caml user's mailing list

Archives are clonable:
	git clone --mirror http://inbox.vuxu.org/caml-list
	git clone --mirror https://inbox.ocaml.org/caml-list

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.caml-list


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git