From 29bd4a3af92d8155686909604f6736c8e4af9b1a Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Thu, 6 Jul 2023 17:34:49 +0530 Subject: [PATCH] aria2: build with GNUTLS instead of OpenSSL aria2's OpenSSL integration breaks down when interacting with TLS v1.3 enabled websites which manifests in errors like these: ``` 07/05 12:26:53 [NOTICE] Downloading 1 item(s) 07/05 12:26:54 [ERROR] CUID#7 - Download aborted. URI=https://catbox.moe Exception: [AbstractCommand.cc:351] errorCode=1 URI=https://catbox.moe -> [SocketCore.cc:1018] errorCode=1 SSL/TLS handshake failure: protocol error ``` There are multiple instances[1] of users reporting this to the aria2 issue tracker, and one of those issues[2] documents using GnuTLS in place of OpenSSL as a workaround for the TLS v1.3 woes. I've verified that it indeed fixes the problem, and hence making this change in Nixpkgs. 1: https://github.com/aria2/aria2/issues?q=is%3Aissue+is%3Aopen+sort%3Aupdated-desc+%22protocol+error%22 2: https://github.com/aria2/aria2/issues/1494 --- pkgs/tools/networking/aria2/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/aria2/default.nix b/pkgs/tools/networking/aria2/default.nix index 216d27eb4e1248f..6c972bb2397144b 100644 --- a/pkgs/tools/networking/aria2/default.nix +++ b/pkgs/tools/networking/aria2/default.nix @@ -1,5 +1,5 @@ { lib, stdenv, fetchFromGitHub, pkg-config, autoreconfHook -, openssl, c-ares, libxml2, sqlite, zlib, libssh2 +, gnutls, c-ares, libxml2, sqlite, zlib, libssh2 , cppunit, sphinx , Security }: @@ -18,7 +18,7 @@ stdenv.mkDerivation rec { strictDeps = true; nativeBuildInputs = [ pkg-config autoreconfHook sphinx ]; - buildInputs = [ openssl c-ares libxml2 sqlite zlib libssh2 ] ++ + buildInputs = [ gnutls c-ares libxml2 sqlite zlib libssh2 ] ++ lib.optional stdenv.isDarwin Security; outputs = [ "bin" "dev" "out" "doc" "man" ];