TLS sockets timing out with G_IO_ERROR_TIMED_OUT a short time into connecting
I've been getting bug reports for Geary since people started using GNOME 3.34 components of timeouts when establishing TLS connections (not StartTLS that I have seen), e.g: geary#560 (closed), geary#570 (closed), geary#576 (closed))
Reports have been for timeouts with services including both large-scale like GMail and smaller services, and have reported t for both IMAP and SMTP. Typically, other non-GLib-based programs can connect fine. geary#576 (closed) suggests it is a problem for both Geary 3.32 and 3.34, although reports for this only started appearing late in the GNOME 3.34 time-frame. Because of all this, I don't think this is a Geary bug. However I can't reproduce it and getting others to downgrade both glib and glib-networking to earlier versions doesn't seem to help in at least one case (geary#576 (closed)).
Despite Geary explicitly calling g_socket_client_set_timeout
with large values (30s for SMTP, ~10m for IMAP),
the logs from geary#560 (closed) indicate that an IMAP connection to GMail timed out after 2m, 12s. The logs from geary#576 (closed) indicate an SMTP connection to a smaller-scale service timed out after 22s.
Perhaps interestingly, in the latter case connecting to the SMTP service using gnutls-cli
times fails after about the same amount of time with a cert issue:
mjog@blanchefort:~$ time gnutls-cli smtp.libreinfra.org:465
Processed 128 CA certificate(s).
Resolving 'smtp.libreinfra.org:465'...
Connecting to '185.145.203.133:465'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `CN=libreinfra.org', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x030036e0361272a5bcc1109d7dbba4c8c35b, RSA key 4096 bits, signed using RSA-SHA256, activated `2019-08-15 00:12:52 UTC', expires `2019-11-13 00:12:52 UTC', pin-sha256="7R2PRvUSZh0oA33J8cmoqVovllDc4kJo47iWxSyG7ro="
Public Key ID:
sha1:bd3fd97b224ed008a8501ba5c3c08e5341580211
sha256:ed1d8f46f512661d28037dc9f1c9a8a95a2f9650dce24268e3b896c52c86eeba
Public Key PIN:
pin-sha256:7R2PRvUSZh0oA33J8cmoqVovllDc4kJo47iWxSyG7ro=
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
real 0m21.417s
user 0m0.037s
sys 0m0.017s
mjog@blanchefort:~$