bug#22789: 25.1.50; In last master build https connections stop working

[Alain Schneble]

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Alain Schneble <a.s@realize.ch> writes:
>
>> What I had in mind was to start the GnuTLS handshake (or even
>> gnutls_boot) only after the async socket has properly been connected.  I
>> just consulted the GnuTLS documentation and I understand now that what
>> you write above is indeed a supported GnuTLS scenario.  But I think it
>> is not an optimal one, because the number of TLS handshake retries will
>> then depend on the time it takes to setup the socket connection, IIUC
>> (see process.c: abort if p->gnutls_handshakes_tried >
>> GNUTLS_EMACS_HANDSHAKES_LIMIT).
>
> We could just increase that limit.  It's currently set to 100, which is
> a number that's taken from thin air, I think?  It should probably be a
> time-based handshake limit instead -- try handshaking for, say, ten
> seconds before giving up...

A time-based limit sounds like a good idea to me.  It could even be
combined with a min-number-of-tries approach, like this:

if (TimeElapsed > Timeout && NumberOfTries > MinNumberOfTries) {
   // give up...
}


But the point I tried to address is the following: /When/ shall we start
with the handshake "series" and start counting the number of tries (or
stopwatch)?  Don't you agree that with async sockets, it doesn't make
much sense to start it before the socket is connected?  So we could just
postpone it until then...  Otherwise, the number of handshake tries (or
time elapsed) durnig the "socket not yet connected" are subtracted from
the max number of tries (or timeout) granted.  Which I think is, well,
at least imprecise...