search

ziglang / zig

General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
https://ziglang.org
MIT License
34.79k stars 2.54k forks source link

std.http.Client: unable to establish tls connection to cloudflare servers #21747

Open Techatrix opened 2 weeks ago

Techatrix commented 2 weeks ago

Zig Version

0.14.0-dev.1951+857383689

Steps to Reproduce and Observed Behavior

// sample.zig
const std = @import("std");

pub fn main() !void {
    var arena_allocator = std.heap.ArenaAllocator.init(std.heap.page_allocator);
    const arena = arena_allocator.allocator();

    // Here are some URLs that are hosted by cloudflare:
    // https://www.doordash.com/
    // https://www.shopify.com/
    // https://www.cloudflare.com/
    // https://zigtools.org/
    const uri = try std.Uri.parse("https://zigtools.org/");

    var client: std.http.Client = .{ .allocator = arena };
    defer client.deinit();
    try client.initDefaultProxies(arena);

    var server_header_buffer: [16 * 1024]u8 = undefined;
    var request = try client.open(.POST, uri, .{
        .server_header_buffer = &server_header_buffer,
    });
    defer request.deinit();
}
$ zig run sample.zig
error: TlsInitializationFailed
/nix/store/hvc05294jhm3rhzn6ic8n3rb6dp7xcbz-zig-0.14.0-dev.1951+857383689/lib/std/crypto/aes_gcm.zig:102:17: 0x125b955 in decrypt (sample)
                return error.AuthenticationFailed;
                ^
/nix/store/hvc05294jhm3rhzn6ic8n3rb6dp7xcbz-zig-0.14.0-dev.1951+857383689/lib/std/crypto/tls/Client.zig:470:29: 0x120715c in init__anon_12766 (sample)
                            return error.TlsBadRecordMac;
                            ^
/nix/store/hvc05294jhm3rhzn6ic8n3rb6dp7xcbz-zig-0.14.0-dev.1951+857383689/lib/std/http/Client.zig:1357:99: 0x1144c8f in connectTcp (sample)
        conn.data.tls_client.* = std.crypto.tls.Client.init(stream, client.ca_bundle, host) catch return error.TlsInitializationFailed;
                                                                                                  ^
/nix/store/hvc05294jhm3rhzn6ic8n3rb6dp7xcbz-zig-0.14.0-dev.1951+857383689/lib/std/http/Client.zig:1492:14: 0x1121f60 in connect (sample)
    } orelse return client.connectTcp(host, port, protocol);
             ^
/nix/store/hvc05294jhm3rhzn6ic8n3rb6dp7xcbz-zig-0.14.0-dev.1951+857383689/lib/std/http/Client.zig:1640:9: 0x1118aae in open (sample)
        try client.connect(valid_uri.host.?.raw, uriPort(valid_uri, protocol), protocol);
        ^
/home/techatrix/repos/zls/sample.zig:19:19: 0x1117ec6 in main (sample)
    var request = try client.open(.POST, uri, .{
                  ^

I do not believe that this issue is specific to my system since it also occurs in GitHub Actions. logs

A bisect of some prebuilt Zig versions revealed the following: Zig Version
0.13.0 good
0.14.0-dev.1587+feaee2ba1 good
0.14.0-dev.1632+d83a3f174 good
0.14.0-dev.1646+b19d0fb0f good
0.14.0-dev.1655+4d09fb491 bad
0.14.0-dev.1660+444228865 bad
0.14.0-dev.1671+085cc54aa bad
0.14.0-dev.1762+cfd3bcffe bad
0.14.0-dev.1913+7b8fc18c6 bad
0.14.0-dev.1951+857383689 bad

The diff between good and bad: b19d0fb0fd3e4ff023968e77f01848ffb9dce360...4d09fb491f1a2e3c4404807c5f4b2c2e114f911b

I suspect that c062c532d7b09b4a593328c486f7fcad70886062 is responsible for the regression.

Expected Behavior

successfully setup a connection

mlugg commented 2 weeks ago

cc @jedisct1

jedisct1 commented 2 weeks ago

Maybe an issue with ML-KEM. I'll look into it.