Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

std.http.Client: unable to establish tls connection to cloudflare servers #21747

Closed
Techatrix opened this issue Oct 19, 2024 · 2 comments
Closed

std.http.Client: unable to establish tls connection to cloudflare servers #21747

Techatrix opened this issue Oct 19, 2024 · 2 comments
Labels
bug Observed behavior contradicts documented or intended behavior regression It worked in a previous version of Zig, but stopped working. standard library This issue involves writing Zig code for the standard library.
Milestone
0.14.0

Comments

@Techatrix
Copy link
Contributor

Zig Version

0.14.0-dev.1951+857383689

Steps to Reproduce and Observed Behavior

// sample.zig
const std = @import("std");

pub fn main() !void {
    var arena_allocator = std.heap.ArenaAllocator.init(std.heap.page_allocator);
    const arena = arena_allocator.allocator();
    
    // Here are some URLs that are hosted by cloudflare:
    // https://www.doordash.com/
    // https://www.shopify.com/
    // https://www.cloudflare.com/
    // https://zigtools.org/
    const uri = try std.Uri.parse("https://zigtools.org/");

    var client: std.http.Client = .{ .allocator = arena };
    defer client.deinit();
    try client.initDefaultProxies(arena);

    var server_header_buffer: [16 * 1024]u8 = undefined;
    var request = try client.open(.POST, uri, .{
        .server_header_buffer = &server_header_buffer,
    });
    defer request.deinit();
}
$ zig run sample.zig
error: TlsInitializationFailed
/nix/store/hvc05294jhm3rhzn6ic8n3rb6dp7xcbz-zig-0.14.0-dev.1951+857383689/lib/std/crypto/aes_gcm.zig:102:17: 0x125b955 in decrypt (sample)
                return error.AuthenticationFailed;
                ^
/nix/store/hvc05294jhm3rhzn6ic8n3rb6dp7xcbz-zig-0.14.0-dev.1951+857383689/lib/std/crypto/tls/Client.zig:470:29: 0x120715c in init__anon_12766 (sample)
                            return error.TlsBadRecordMac;
                            ^
/nix/store/hvc05294jhm3rhzn6ic8n3rb6dp7xcbz-zig-0.14.0-dev.1951+857383689/lib/std/http/Client.zig:1357:99: 0x1144c8f in connectTcp (sample)
        conn.data.tls_client.* = std.crypto.tls.Client.init(stream, client.ca_bundle, host) catch return error.TlsInitializationFailed;
                                                                                                  ^
/nix/store/hvc05294jhm3rhzn6ic8n3rb6dp7xcbz-zig-0.14.0-dev.1951+857383689/lib/std/http/Client.zig:1492:14: 0x1121f60 in connect (sample)
    } orelse return client.connectTcp(host, port, protocol);
             ^
/nix/store/hvc05294jhm3rhzn6ic8n3rb6dp7xcbz-zig-0.14.0-dev.1951+857383689/lib/std/http/Client.zig:1640:9: 0x1118aae in open (sample)
        try client.connect(valid_uri.host.?.raw, uriPort(valid_uri, protocol), protocol);
        ^
/home/techatrix/repos/zls/sample.zig:19:19: 0x1117ec6 in main (sample)
    var request = try client.open(.POST, uri, .{
                  ^

I do not believe that this issue is specific to my system since it also occurs in GitHub Actions. logs

A bisect of some prebuilt Zig versions revealed the following:

Zig Version
0.13.0 good
0.14.0-dev.1587+feaee2ba1 good
0.14.0-dev.1632+d83a3f174 good
0.14.0-dev.1646+b19d0fb0f good
0.14.0-dev.1655+4d09fb491 bad
0.14.0-dev.1660+444228865 bad
0.14.0-dev.1671+085cc54aa bad
0.14.0-dev.1762+cfd3bcffe bad
0.14.0-dev.1913+7b8fc18c6 bad
0.14.0-dev.1951+857383689 bad

The diff between good and bad: b19d0fb...4d09fb4

I suspect that c062c53 is responsible for the regression.

Expected Behavior

successfully setup a connection
@Techatrix Techatrix added the bug Observed behavior contradicts documented or intended behavior label Oct 19, 2024
@mlugg mlugg added the standard library This issue involves writing Zig code for the standard library. label Oct 19, 2024
@mlugg
Copy link
Member

mlugg commented Oct 19, 2024

cc @jedisct1

@mlugg mlugg added this to the 0.14.0 milestone Oct 19, 2024
@mlugg mlugg added the regression It worked in a previous version of Zig, but stopped working. label Oct 19, 2024
@jedisct1
Copy link
Contributor

Maybe an issue with ML-KEM. I'll look into it.

Techatrix added a commit to zigtools/zls that referenced this issue Oct 22, 2024
@Techatrix
workaround ziglang/zig#21747
ea2c303 
Good thing that I planned ahead and made it a drop-in replacement to curl
zschreur added a commit to zschreur/node-zig that referenced this issue Oct 30, 2024
@zschreur
Use build.zig.zon to install node header dependency
f2bfb6a 
This uses a path because with the current version of zig there is an
issue initiating a tls connection with cloudflare which is where node
stores its releases.

Until that is fixed I am going to use a local path.

See ziglang/zig#21747
Techatrix added a commit to zigtools/zls that referenced this issue Nov 12, 2024
@Techatrix
Revert "workaround ziglang/zig#21747"
768463d 
This reverts commit ea2c303.
zschreur added a commit to zschreur/node-zig that referenced this issue Nov 13, 2024
@zschreur
Use build.zig.zon to install node header dependency
184aad2 
This uses a path because with the current version of zig there is an
issue initiating a tls connection with cloudflare which is where node
stores its releases.

Until that is fixed I am going to use a local path.

See ziglang/zig#21747
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Observed behavior contradicts documented or intended behavior regression It worked in a previous version of Zig, but stopped working. standard library This issue involves writing Zig code for the standard library.
Projects
None yet
Milestone
0.14.0
Development

No branches or pull requests
3 participants
@jedisct1 @mlugg @Techatrix